Summary of how we use your data
1. What does this notice cover?
This policy describes how Gaussion Ltd (also referred to as "Gaussion", "we" or "us") will make use of your personal data online and offline, including where you engage with our website or contact us, if you apply for a position of employment with us, if you supply or partner with Gaussion or if you are an employee or contact at a customer or prospect of Gaussion. It also describes your data protection rights, including a right to object to some of the processing which Gaussion carries out. More information about your rights, and how to exercise them, is set out in the “Your choices and rights” section.
The data processing described in this notice may be limited as required by UK law. We also may provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
2. What categories of personal data we collect
We collect and process personal data about you when you interact with us and our websites, and when you apply for a position with us. This includes:
- Personal information your name and contact information,;
- Application-related information: information related to your application for a role with Gaussion, including you curriculum vitae (CV), cover letter, employment history, education history, qualifications and skills, reference contact information, position preferences, willingness to relocate, desired salary, interests and aspirations, background screening information if relevant, immigration status, and information about your entitlement to work; and bank account information if we re-imburse expenses; diversity related data, including ethnicity, religion, social mobility and disability related data;
- Employment and business information: your position and employer, your work contact details and your interaction with us in your role, including information provided in the course of the contractual or client relationship between you or your organisation and Gaussion, or otherwise voluntarily provided by you or your organisation;
- Technical data: including information collected during your visits to our website(s), the Internet Protocol (IP) address, login data, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform.
We collect most of this information from you directly. For example, data is collected through communications you send, or your engagement with Gaussion. We may generate or collect information about you ourselves. In an online context, much of this is set out in our cookies information below. Where you apply for a role, data is collected through application forms and documents you submit to us.
Sometimes, we receive information about you from third parties. For example, if you use a "like" or a "share" button for a feature on our sites or apps, then the third party will share information with us. If you participate in activities on third party sites or apps - such as participating in a Facebook application - you may allow us to have access to personal data held by Facebook, or other site or app owners. Where you are engaged by a Gaussion supplier or customer, we may receive information about you from your employer. We might also supplement information with data from publicly available sources, or from information on third party business sites such as LinkedIn. If you apply for a role with Gaussion, we might receive information from other people (e.g. recruiters, referrals), your referees or third-party job websites (e.g. from LinkedIn if you choose to connect to us with your LinkedIn profile). Where applicable, we also collect data from our third-party background screening provider during the pre-employment screening process, or confirm details directly with educational or organisations where confirming your qualifications.
3. Why we collect, use and store this personal data
We must have a legal basis to process your data. We set each of these legal bases below, explain what they are, and assign a letter to each so that you can understand which legal basis we are relying on to process your data. The section below then explains the purposes for which we process your data, the processing operations that we carry out, and the categories of data that we use in each case.
Contractual performance – we may have obligations depending on whether we enter into a contract with you and the nature of the contract. To fulfil these obligations we have to use your data.
Consent – we ask for your consent to use your data in given situations. Whenever we ask with your consent we will explain the situations where we use your data and for what purposes.
Legitimate interest – there are instances where we have a legitimate interest to use your data. Our legitimate interest will vary depending on what we are using your data for, and we explain below what the interest is and how it relates to the processing operations that we are carrying out. Where we process personal data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the notice.
Legal obligation – as an organisation we have obligations to comply with legal, regulatory and other requirements under UK laws. In certain cases, we will have to use your data to meet these obligations.
We have set out below why we process your data and explain what data we use in each case. We may also provide you with more specific notices for some of the processing described below, and on the rare occasions we need to ask for your consent we will only do this at the time we collect your personal data.
Managing and improving our site, products and services, and other general business operations (legitimate interest)
We have an interest in operating our site and managing our business, and improving our site, products and services. We collect, analyse and use your data to e.g. provide products and services you have requested, and respond to any comments or complaints you may send us. We may also use your information in connection with our relationship with you, or your employer, as part of our general business operations.
To do this we use the information described earlier in this notice.
Keeping in touch (legitimate interests)
We may use your information to keep in touch. Where you are a representative of a business, we may send you direct marketing based on our legitimate interests, unless we are legally required to seek your consent.
We use your personal identification and communication information and application-related information for this. This information will be shared with companies who host our recruitment portal and systems. We may also ask you to participate in market research.
Processing your job application – (legitimate interests)
We collect and use your personal data so we can process your application. We store, and where needed, update, your personal information to make informed decisions on recruitment and assess your suitability for the role, to communicate with you about your application, to respond to your inquiries and schedule interviews, and to reimburse you for any agreed expenses incurred in the application process.
We have an interest in carrying out appropriate checks to verify the information provided by candidates. We verify the details you have supplied and, where applicable, conduct pre-employment background checks.
We also have an interest in monitoring the diversity of the applicants to our roles. This involves the processing of special category data you provide. This collection is voluntary and we do not use this data for any purpose except the monitoring of equality and do not use the data for the purposes of taking decisions about you.
To do this we use your personal identification and communication information. If we need to make adjustments for you during the recruitment process, we process special category data for this purpose.
This information will be shared with companies who host our recruitment portal and systems. If we re-imburse expenses, we share information with financial service providers.
Business interests – (legitimate interests)
We have an interest in protecting our business interests and legal rights, including, use in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes and ethics and compliance reporting requirements. We may also use your information where necessary tio protect the security of our premises, assets, systems, and intellectual property and enforce company policies, including protecting ourselves from fraud and verifying the individuals with which we interact as appropriate.
To do this, we store, use and may transmit any of the information identified in this notice.
This information will be shared with companies who host our recruitment portal and systems. Information used for diversity monitoring will be shared with a specialist company that advises us on diversity. We share information with legal and other advisers if there are investigations or potential claims.
Compliance with law
We process data where necessary to comply with laws. Sometimes it is also necessary for us to comply with the orders or instructions of the UK court and tribunals, the UK government and government bodies, regulatory bodies and other legal or regulatory processes or law enforcement bodies.
Where you have given your consent
In circumstances where we seek your consent, such as to place non-essential cookies or to carry out direct marketing where we are required to obtain your consent. We will explain the purpose of our processing in any request for consent. Such processing shall be truly voluntary, and you shall be able to withdraw this consent at any time.
4. Withdrawing consent
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You can withdraw consent by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
When you visit one of our websites, we may also collect, process and use information about you and your use of the website, including any forums you visit and how you arrived at our site. Such information may be collected through "traffic data" and may entail the use of "cookies" or other tracking technologies, IP addresses or other numeric codes used to identify your computer.
6. How we share your personal data
Government or law enforcement bodies
Personal data may be shared with government authorities and/or law enforcement officials as required for the “Business interests” or “Compliance with law” purposes above.
Third party service providers and advisors
Personal data will also be shared with Gaussion’s third party service providers (who will process it on our behalf). These third parties include IT service providers, website hosting providers, marketing suppliers, security services, maintenance, call centre operations and identity checking services. Third parties that process personal data on our behalf are required by contract to implement safeguards that are no less protective than those implemented by us in order to protect any personal data they receive from us. Third party service providers are further prohibited from using the personal data for any purpose other than to perform the services as instructed by Gaussion. Some of our suppliers may be separate data controllers, such as market research organisations, lawyers and accountants. Where appropriate, they may provide you with their own privacy notice.
Sale of our business
In the event that Gaussion’s business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser's adviser and will be passed to the new owners of the business as required for the purposes above.
7. Where we transfer your personal data
We may transfer your data to some third parties which host or access personal data outside of the UK and EEA. In the event such an organisation is in a country which is not subject to an adequacy decision by the UK government or otherwise considered adequate as determined by applicable data protection laws, we take steps to ensure your personal data is adequately protected, including by adopting standard contractual clauses, unless we can rely on a relevant exemption.
A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
8. Your choices and rights
You have the right to ask Gaussion for a copy of your personal data; to correct, delete or restric processing of your personal data; and to obtain the personal data you provide in a structured, machine-readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Gaussion processing your data, this will not affect any processing which has already taken place at that time. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to the Information Commissioner, the UK’s data protection authority.
Where we collect personal data to administer our contract with you or to comply with our legal obligations, this is mandatory, and we will not be able to manage our relationship with you or your employer without this information. In all other cases, provision of the requested personal data is optional, but this may affect your ability to participate in certain programs or systems, where the information is needed for those purposes. For example, you may not be able to participate in certain services or activities if you choose not to provide the relevant information.
9. How long we retain your personal data
Gaussion will retain and process personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Gaussion to assert or defend against legal claims, until the end of the relevant limitation period or until the claims in question have been settled.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
We use the following criteria to determine retention periods:
- how long the data is needed to provide our services and operate our business;
- whether there are contractual or legal obligations that exist that require us to retain the data for period of time;
- whether any law, statute, or regulation allows for a specific retention period;
- whether an individual has agreed to a longer retention period;
- whether the data is considered to be sensitive data, and
- what the expectation for retention was at the time the data was provided to us.
10. Updates to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
11. Contact us
The data controller for your personal data will be Gaussion Ltd
If you have questions about this privacy notice or wish to contact us for any reason in relation to our personal data processing, please contact us by email at email@example.com.