InUni Marketing Ltd ("we", "our", "us") are committed to protecting and respecting your privacy.
This privacy policy sets out the basis on which any personal data we collect from you, or that you or any third parties provide, will be processed by us. We may withdraw or modify this notice at any time, and we may supplement or amend this notice by additional policies and guidelines from time to time. We will notify you if this notice is amended.
What is Personal Data?
'Personal data' means any information which identifies you as an individual. It may include your name, but it may also be other information such as your date of birth, nationality and gender which when combined identify you.
This Statement and InUni Marketing Limited data protection obligations
In accordance with the UK General Data Protection Regulation (the “UK GDPR”) and the Data Protection Act 2018 (the “DPA”), together, the “Data Protection Laws”, we are a Data Controller as we determine the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This means that we are legally responsible for the personal data we collect and hold about you. It also means that we must comply with the data protection principles (see below). One of our responsibilities is to tell you about the different ways in which we use your personal data – what information we collect (and our legal basis for doing so), why we collect it, where we collect it from and whether (and with whom) we will share it. We also need to tell you about your rights in relation to the information. This notice provides further details about all of these issues.
In order to comply with our contractual, statutory, and management obligations and responsibilities, we need to process personal data relating to our employees, including ‘sensitive’ or special categories’ of personal data, as defined in the Data Protection Laws which includes information relating to health, racial or ethnic origin, and criminal convictions.
All personal data will be processed in accordance with the Data Protection Laws and InUni Marketing Limited Privacy Policy.
Using your information in accordance with Data Protection Laws
Data Protection Laws require that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a 'legal basis' for the processing.
The legal bases on which your personal data are collected, the types of personal data, and the purposes for which they are processed is given below.
Application for employment (Subsection)
We need to process your personal data that you supplied to InUni Marketing Limited as part of your application for a position at InUni Marketing Limited. This is to ensure that your application can be considered by the relevant department. In your application we will collect the following information:
Personal data gathered
In your application we will collect the following information
- First Name(s)
- Last Name
- Title
- Other Name(s)
- Preferred Forename
- Your Address
- Postcode
- Telephone (Home)
- Telephone (Work)
- Telephone (Mobile)
- Your personal Email
- Details of your Secondary and/or Tertiary education
- Professional qualifications
- Statement in support of your application
- Details within your submitted Curriculum Vitae (CV)
- Details of your right to work in the UK
- Information about your present and employment history for the previous five (5) years including:
- Name of Employer(s)
- Address Line 1
- Address Line 2
- Town
- County
- Postcode
- Job Title
- Date From
- Date To
- Salary
- Notice Required
In addition, we may contact your referees as provided in your application to confirm the employment information that you provided.
Special categories personal data
As part of the application you will be asked to provide equality and diversity information, this may include data concerning:
- Any disability
- Your ethnicity
- Your sexual orientation
- Your religious beliefs
You have the right to not provide this information, in which case InUni Marketing Limited will note to statutory bodies that you elected not to provide this information
Criminal records information
In some circumstances we may process your information to undertake a Disclosure and Barring Service (DBS) check, as required by law.
During your employment (subsection)
The Data Protection Laws define ‘sensitive personal data’ or 'special categories of personal data' as information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, data concerning sex life or sexual orientation. We will process this data, as well as the data provided in your application in order to perform our obligations arising from your contract of employment with us. The additional personal data we process to meet these responsibilities includes:
Additional data-personal information
The additional personal data (including some special category personal data) we process to meet our responsibilities as an employer includes the following:
Previous sickness information including the reasons for the absence
Bank account details
Passport details
Visa details
Sick pay
Leave entitlement
Parental pay
Pensions data
Remuneration and benefits
Emergency contacts
Trade Union Membership
Statutory responsibilities
We may process your personal data in order to meet responsibilities imposed on us by legislation. The personal data processed to meet statutory responsibilities includes, but is not limited to, data relating to:
- tax;
- national insurance;
- statutory sick pay;
- statutory maternity pay;
- family leave;
- work permits, and
- equal opportunities monitoring.
Our lawful basis for processing
The lawful bases for processing personal data will be:
- Article 6(1) (b) Contract
- Article 6(1) (c) Legal obligation
- Article 6(1) (f) Legitimate interest
Purpose of processing
We will use your personal data in connection with your employment relationship with us, including for the following purposes:
- To facilitate staff training, such as e-learning.
- Managing our accounts and records and providing commercial activities to our clients.
- For the use of CCTV systems to monitor and collect visual images for the purposes of security and the prevention and detection of crime
- To provide you access to relevant systems to undertake your role.
- To fulfil our obligations for the contract of employment.
- Processing recruitment applications.
- Talent, performance and succession planning.
- Paying and reviewing salary and other remuneration and benefits.
- Providing and administering benefits (including pension, voluntary healthcare schemes, salary sacrifice schemes and others).
- Undertaking performance appraisals and reviews.
- Policy and Legal Governance requirements and compliance.
- Internal audit and data collection.
- Legal compliance, requirements and obligations.
- Maintaining sickness and other absence records.
- Providing references and information to future employers and, if necessary, governmental bodies.
- Processing information regarding equality of opportunity and treatment of data subjects in line with the monitoring of equal opportunities and access.
- The information we process may be held on InUni Marketing Ltd’s Corporate systems some of which may be owned and operated by third parties. Where we engage with such third parties, we insist upon strict contractual requirements to be adhered to by them to protect the personal data.
Special categories personal data
The Data Protection Laws define ‘sensitive personal data’ or 'special categories of personal data' as information about racial or ethnic origin; political opinions; religious beliefs or other similar beliefs; trade union membership; physical or mental health; sexual life. In certain limited circumstances, the Data Protection Laws permit us to process such data without requiring the explicit consent of the employee.
(a) We will process sensitive personal data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and consent.
(b) Other than in exceptional circumstances, InUni Marketing Limited will process sensitive personal data about an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding InUni Marketing Limited’s equal opportunities policies and related provisions.
(c) Information about an employee’s criminal convictions will be held as necessary and only in accordance with Data Protection Legislation.
The lawful basis for processing this special category personal data will be:
The UK GDPR Article 9(2)(b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.
Sharing personal data
We sometimes need to share the personal information we process with you and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Laws.
We may use third party providers to deliver our services, such as externally hosted software or cloud providers, and those providers may involve transfers of personal data outside of the EU. Whenever we do this, to ensure that your personal data is treated by those third parties securely and in a way that is consistent with UK data protection law, we require such third parties to agree to put in place safeguards, such as the EU model clauses or equivalent measures.
Where necessary or required we will share your information with:
- family, associates and representatives of the person whose personal data we are processing;
- current, past or prospective employers;
- healthcare, social and welfare organisations;
- suppliers and service providers;
- financial organisations;
- auditors;
- police forces, security organisations;
- courts and tribunals;
- prison and probation services;
- legal representatives;
- local and central government;
- consultants and professional advisers;
- trade union and staff associations;
- survey and research organisations, and
- press and the media.
Furthermore, in order to fulfil its statutory responsibilities, InUni Marketing Limited is required to provide some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Automated processing
InUni Marketing Limited does not use automated processing and decision making without manual intervention.
Principles
We will handle your personal data in accordance with the principles set out below:
| Principle |
Personal Data shall be: |
| Lawfulness, fairness and transparency |
be processed lawfully, fairly and in a transparent manner in relation to the data subject. |
| Purpose limitation |
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. |
| Data minimisation |
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. |
| Accuracy |
accurate and, where necessary, kept up to date. |
| Storage limitation |
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. |
| Integrity and confidentiality |
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures |
| Accountability |
be able to demonstrate compliance with the above principles |
Keeping personal data up-to date
The Data Protection Laws require us to take reasonable steps to ensure that any personal data we process is accurate and up-to-date. Employees are responsible for informing us of any changes to the personal data that they have supplied during the course of their employment. You can contact cezannehr@gus.global to update your personal data.
Retention of your data
InUni Marketing Limited retains personal information it collects from you where there is an ongoing business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When there is no ongoing business need to process your personal information, InUni Marketing Limited will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then InUni Marketing Limited will securely store your personal information and isolate it from any further processing until deletion is possible. Personnel files are retained for a period of at least 6 years from the date of termination of employment.
How does InUni Marketing Limited protect data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Your rights
Under certain circumstances, you may have the following rights in relation to your personal data:
- Right 1:
A right to access personal data held by us about you.
- Right 2:
A right to require us to rectify any inaccurate personal data held by us about you.
- Right 3:
A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6 below).
- Right 4:
A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
- Right 5:
A right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organisation.
- Right 6:
A right to object to our processing of personal data held by us about you.
- Right 7:
A right to withdraw your consent, where we are relying on it to use your personal data.
- Right 8:
For more information on your rights, if you wish to exercise any right or for any queries you may have or if you wish to make a compliant, please contact our Data Protection Officer at: DPO@InUniglobal.com
For more information on your rights, if you wish to exercise any right or for any queries you may have or if you wish to make a compliant, please contact our Data Protection Officer at: DPO@InUniglobal.com
Changes to our privacy Policy
Any changes we make to this privacy notice in the future will be [posted on this page] and, where appropriate, notified to you by e-mail.
Who regulates the use of my personal information?
InUni Marketing Limited maintains a data protection registration with the Information Commissioner's Office, the independent authority which oversees compliance with the Data Protection Legislation. InUni Marketing Limited registration number is ZA843307 and sets out, in very general terms, the full range of purposes for which we use, staff and all other personal information. Please visit the Information Commissioners Office website for details.
Who do I contact with questions?
The data controller for the purposes of the General Data Protection Regulation is InUni Marketing Limited. If you have any questions or concerns about how your personal data is used, please consult https://www.inuniglobal.com/privacy-policy.html and if you have a complaint please email InUni Marketing Limited Data Protection Officer at: DPO@InUniglobal.com
If we are unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the UK Information Commissioner’s Office. Full details may be accessed on the complaints section of the ICO’s website
If we are unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the UK Information Commissioner’s Office. Full details may be accessed on the complaints section of the ICO’s website
Suppliers to InUni Marketing Limited
Types of personal information we collect
We collect, use and store different types of personal information about you, which we have grouped together as follows:
| Types of personal information |
Description |
| Identity Data |
Identity Data ID information including your name, marital status, title, date of birth and gender |
| Contact Data |
Your financial position, status and history, including bank details and credit rating |
| Transactional Data |
Details about payments to and from you and other details about services you purchase from us and we purchase from you |
| Communications Data |
What we learn about you from letters, emails and conversations between us |
| Publicly Available Data |
Details about you that are publicly available, such as on Companies House or elsewhere on the internet |
| Consents Data |
Any permissions, consents or preferences that you give us |
How we use your information
The table below outlines how we use your personal information and our reasons. Where these reasons include legitimate interests, we explain what these legitimate interests are.
| What we use your information for |
Our reasons |
Our legitimate interests |
| To receive the products or services you provide to us |
Contractual performance Legal obligation |
For company management To maintain access and control records For incident/breach reporting, management and investigation |
|
Legitimate interests |
|
| To fulfil our contractual obligations |
Contractual performance Legitimate interests |
To comply with our contractual obligations to you and your organisation To properly manage the risks and liabilities associated with the contracts we are party to To comply with laws and regulations that apply to us To protect our reputation |
| To enforce the terms of our contract with you |
Contractual performance Legitimate interests |
To ensure that we benefit from the terms of the contracts we have entered into and properly manage the risks and liabilities associated with them |
| For procurement purposes, including supplier due diligence, background checks and the assessing of tenders To carry out credit checks |
Legitimate interests |
To carry out supplier due diligence To ensure our contracts provide us with best value To assess the financial worthiness and reliability of those with whom we deal |
| For financial administration, including calculating and managing payments, benchmarking, calculating fees and interest and collecting and recovering money that is owed to us |
Contractual performance Legitimate interests Our legal duties |
To meet our contractual obligations to you or your organisation To ensure that we benefit from the terms of the contracts we have entered into and properly manage the risks and liabilities associated with them To comply with laws and regulations that apply to us |
| To establish, enforce and defend legal claims |
Legal claims Legitimate interests |
To comply with laws and regulations that apply to us To respond to questions or complaints To maintain records to evidence matters that may be in dispute |
| To manage our business properly |
Consent Contractual performance |
To manage our business efficiently and properly in accordance with normal business practices, legal requirements |
| For corporate activity, such as a sale, transfer, merger or re-organisation of our business |
Legitimate interests |
To manage our business efficiently and properly in accordance with normal business practices, legal requirements and to optimise its value for shareholders To ensure that we run our business in accordance with good business principles and meet corporate governance, accounting and audit standards |
| For the prevention of crime and public safety, including through the use of CCTV |
Legal obligation Legitimate interests |
To manage the risk of crime and safety for us, our employees and our clients To develop and improve how we deal with crime To report criminality or the suspicion of criminality for the wider benefit of society To be efficient about how we fulfil our responsibilities generally |
Where we collect your personal information from
We may collect personal information about you from the following sources:
- Directly from you or the organisation for whom you work
- Companies or individual that tell you about us
- Publicly available resources, such as Companies House
- The internet and social networking sites such as LinkedIn
- Third parties with whom we deal with during the course of carrying on our business
- Market researchers
- Intermediaries such as other companies who know you
Who we share your information with
We may share your personal information with the following third parties:
- Agents and service providers that we use during the course of providing services,
- Our professional advisors
- Other suppliers to the GUS Group
- The police and other law enforcement agencies
- Relevant regulators, including the Information Commissioner's Office in the event of a personal data breach
- Other companies owned or jointly owned by GUS or our partner institutions
- Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer or restructuring of our business
If you choose not to give your personal information
If you choose not to give us your personal information, it may delay or prevent us from being able to comply with our own legal obligations. It may also result in us being unable to, or refusing to, engage you or your organisations as a supplier.
Automated decisions
We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.
How long we keep your personal information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general terms, we will hold information for so long as you continue to provide us with products and services and for an additional period of 6 years thereafter.
International transfers
As a global company, we hold some personal information concerning our suppliers and their affairs within the United Kingdom. We do work with agents and service providers who may process your personal information on our behalf outside the EEA. If your information is processed outside the EEA, we will ensure that it is protected to the same standards as if it were being processed within the EEA by putting in place a contract with our agents and service providers that provides adequate safeguards.
If you require more information or have any queries, please contact our Data Protection Officer at: DPO@InUniglobal.com
