We have and will always treat your privacy seriously. We are committed to transparency about how we collect and use data to manage business relationships and provide services. We are committed to meeting our privacy and data protection obligations. Our policy covers what personal data we collect from you and how we use it.
Primed is a trading name of The Outset Group which is a collaborative venture between Outset (UK) Ltd (04607565), its subsidiary companies/affiliated entities, including UK Health, Safety & Environmental Training Ltd (07106035) and Outset Legal LLP (OC353570). In this policy we call them ‘the Group’. You can find out more on the “regulatory and statutory” section on our Outset website.
This policy applies to all Group businesses. Our head office is Vinters Business Park, New Cut Road, Maidstone, Kent ME14 5NZ. Privacy related enquiries should be directed to our Privacy & Data Protection Compliance Officer at email@example.com
When we are providing professional services, including advice, in connection with prospective, actual or former employees or contractors of a business to which we are providing services, we do so in the capacity of data processor on behalf of the employing business. In those circumstances, the employing business remaining the data controller in respect of its own prospective, actual or former employees’ or contractors’ personal data. If you are a prospective, actual or former employee or contractor of one of our clients, you believe that we hold personal data about you, and you wish to exercise your rights as a data subject in respect of that personal data, you should address your request the employing business because it is the data controller in respect of that personal data. We will then cooperate with your prospective, actual or former employer in respect of your request in accordance with our contractual arrangements with that business.
When we are providing services to an individual person or several individual people, and our services relate to their own affairs (as distinct from services which relate to handling the personal data of their prospective, actual or former employees or contractors) we provide our services as data controller.
Personal data refers to information that relates to an identifiable, living individual, including information such as an online identifier, like an IP address. “Personal information” in this policy is any information that can be used to identify you or that we can link to you and which we hold in a system (automated or paper).
Where we control personal data, it will be controlled by one or more of the following:
Outset (UK) Ltd
Outset Legal LLP
UK Health, Safety & Environmental Training Ltd
Other entities in the Group may process data on behalf of one or more of these data controllers.
Click on a section heading below to find out more:
Documents downloaded from this site
We may collect and process the following personal information:
Information you provide to us
We may process personal information you provide to us, including when you email us or contact us through various methods as follows:
Other information we collect about you
Outset Group will also collect information about use of our Group services or when we otherwise interact or correspond with you. Outset Group use various technologies to collect and store information when you communicate with us or visit our websites. We may, for example, collect information about the type of device you use to access the websites, your IP address and your geographic location, the operating system and version, your browser type, the content you view and features you access on our websites, the web pages and the search terms you enter on our websites.
We may also collect passwords for accessing secure areas of any of our websites or password protected platforms or services, your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites(s) including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs).
Information we obtain from other sources
If you apply for a position with us, or in response to a managed recruitment campaign we conduct on behalf of a client, we may collect personal information relating to past employment, qualifications and education, opinions from relevant third parties about you, past employment history and other details about you, which may be provided to us by a third party that provides background screening services on our behalf.
If we collect or receive your personal information in relation to providing any services, we might also receive information from third parties such as your employer, other parties relevant to the services we are providing (e.g. other parties involved in a matter), regulators and other sources such as Companies House. That information could include your name, contact details, employment details and other information relevant to the services that we are providing to our client.
We may use your personal information that we have gathered:
We may also collate, process and share any statistics based on an accumulation of information held by us provided that any individual is not identified from the resulting analysis and the collation, processing and dissemination of such information as is permitted by law.
The primary legal grounds we rely on to process your personal information are:
We share and process data within the Group so as to provide the best possible service to our clients. We may also share your personal information outside of the Group. This may include:
Your personal information may in some circumstances be transferred to locations outside of the EEA. However, we do not transfer any Shared Personal Data outside of the EEA unless:
In addition to the above restrictions on transfer outside the EEA, where we are a data controller, we do not transfer any Shared Personal Data outside of the EEA unless there is also compliance with Article 26 GDPR.
In other circumstances, the law itself may permit us to otherwise transfer your personal information outside the EEA. In all cases, however, any transfer of your personal information will be compliant with the applicable data protection law in place.
We take the security of your data seriously and have internal policies and controls in place to ensure your data is not lost, accidentally destroyed, misused or disclosed, and that it is not accessed except by those authorised to do so in the performance of their duties.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We have also put in place procedures to deal with any suspected personal data breach.
If any of the personal data that you have provided to us changes, for example if you change your email address or contact details, or if you become aware we have any inaccurate personal data about you, please let us know by contacting either the Outset Group colleague with whom you deal or by emailing firstname.lastname@example.org.
We will retain your personal data for as long as necessary to fulfil the purposes that we collected it for and for us to assert or defend against legal claims. How long we keep it will vary, and will depend primarily on:
The appropriate retention period is determined by the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process and whether we can achieve those purposes through other means, together with the applicable legal requirements.
Upon expiry of the applicable retention period we securely destroy your personal data in accordance with applicable laws and regulations. We ensure that the personal information we hold is subject to appropriate security measures.
If you are a prospective, actual or former employee or contractor of one of our clients, you believe that we hold personal data about you, and you wish to exercise your rights as a data subject in respect of that personal data, you should address your request to the employing business. This is because the employing business is the data controller in respect of the personal data that we hold about you, and we process your personal data on their behalf. We will then cooperate with your prospective, actual or former employer in respect of your request in accordance with our contractual arrangements with that business.
You have a number of rights in relation to the personal information that we hold about you and you can exercise your rights by contacting us directly. These rights include:
To contact us about any of these rights/ choices you should contact our Privacy & Data Protection Officer by:
Write: Privacy & Data Protection Officer
Vinters Business Park
New Cut Road
Documents downloaded from this site
The documents provided on this site are for information and guidance only and do not constitute legal advice. If you choose to download and use these documents, by doing so, you accept that The Outset Group does not owe any duty of care to you and each of its companies’ liability is limited to the fullest extent permitted by law. We would always recommend taking advice on your specific circumstances.
Date issued: 27 March 2020