Version 1.4 – 12 May 2023
Overview
Summary
Pathlight Associates Limited (“Pathlight”, “we”, “us”) is committed to protecting and respecting your privacy and complying with the principles of the UK and the EU General Data Protection Regulation (GDPR). This policy sets out the basis on which any personal data we collect from you, or that you provide to us through your use of our website, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The data controller is Pathlight Associates Limited, Landmark, 15 Alfred Place, London WC1E 7EB, United Kingdom. This means that Pathlight Associates Limited alone determines how your personal data will be used in relation to services we provide to you. Pathlight Associates Limited is registered as a data controller with the Information Commissioner’s Office, registration number ZA237092.
We have appointed a Data Protection Officer (DPO), who can be contacted by email at dataprotection@pathlight.associates.
We are committed to processing information about you fairly and in a transparent manner and the aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information please let us know.
This policy only applies to our website and internal systems. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access their site.
Use Of This Policy
This Privacy Policy describes how Pathlight Associates Limited collects, uses and discloses information, and what choices you have with respect to the information.
Updates in this version of the Privacy Policy reflect changes in data protection law. In addition, we have worked to make our Privacy Policy clearer and more understandable by:
- Arranging into sections
- Providing clear examples to show how the policies may be implemented by Pathlight Associates Limited
- Outlining what your rights are around these policies
Changes To This Policy
We may change this privacy policy from time to time but if we change it in a way which significantly alters the terms upon which you have agreed to use our website and other online services, we will post notice of the change on our website and you will be deemed to have accepted such changes. This privacy notice was last reviewed and republished in May 2023 and has been updated following the end of the transition period following the UK’s exit from the EU.
Your Data
What Personal Data We Hold On You
Depending on the Pathlight Associates Limited services you interact with, we may hold the following personal data on you:
- Names
- Addresses (current and past)
- E-mail addresses
- Telephone numbers
- Correspondence between us if you contact us
- Emergency contact name, address, email address, and telephone number(s)
- Identity verification information submitted by you (such as passport, driving licence, bank statements, utility bills)
- HMRC (and/or other jurisdiction) tax identification numbers and related tax status submitted by you
- Bank account information (used to make payments to you)
- Disclosure and Barring Service (DBS) basic or standard check applications and results where you have made such applications in relation to working with Pathlight Associates Limited
- Details of any limited company or other legal person you use as a contracting vehicle, including details of other directors and PSCs available through Companies House or supplied by you including third party consents for information not publicly available
- Details of your past employments including references from past employers
- Details of your educational and professional qualifications
- Details of your professional skills, competencies and experience
- Details of your visits to the Pathlight Associates Limited website and other online resources (such as web forms) that you access using cookies. See 5.1 for further information about our use of cookies.
- General communication we may have with you
- Marketing Preferences you have for our services
- Relationships, including organisations and affiliations
- Information on your social media profiles where you follow us
- Data acquired by third parties that we share data with
The Purpose For Having It And Our Legal Reason For Doing So
We will use all the information provided to build a profile of you to be used in delivering our services to you, and to our clients.
| What we use your information for | Our reason for having your personal data | Our legitimate interest |
|---|---|---|
| Marketing our services | Updating you on employment or contracting opportunities with Pathlight Associates Limited and/or the capabilities of Pathlight Associates Limited Your consent to ongoing contact and marketing Your consent to cookies | Keeping our records up to date, working out which of our services may interest you and telling you about them Developing new services and ideas Defining types of affiliates and potential clients for appropriate communications Seeking your consent when we need it to contact you Being efficient about how we fulfil our legal duties Sending paper based communications Building up a profile regarding you Having appropriate security and safeguards |
| Processing your application to become an employee or affiliated contractor | Understanding your capabilities and availability for client work Understanding your suitability (e.g. meeting professional qualification requirements) and right to work Meeting our legal obligations in relation to employment and contracting | Keeping our records up to date, working out which of our services may interest you and telling you about them Developing new services and ideas Defining types of affiliates for appropriate communications Being efficient about how we fulfil our legal duties Building up a profile regarding you Having appropriate security and safeguards |
| Responding to queries | To provide the best possible affiliate and client service and answer your queries quickly | Keeping our records up to date, working out which of our services may interest you and telling you about them Developing new services and ideas Defining types of clients for appropriate campaigns Our need to respond to concerns |
How Long We Keep It For
We will hold information about you in our database for no more than is necessary. This means if you have actively submitted a client work enquiry (and have not notified us that you wish your status as a potential client to be revoked), we will hold your data for a period of up to six years.
Submitting a new enquiry will refresh this time period.
The same applies for any information and consent you give during contractor or employee onboarding or new client due diligence. We keep such information and consent for six years since it is given.
If you have provided HMRC or other tax-related information, we will keep your information for seven years to comply with HMRC rules.
We may also need to keep your records for longer to comply with any other legal obligation.
Once your records exceed the necessary time we will either anonymise them through pseudonymisation or delete them securely. Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field. This means all your personal data is deleted and we keep only your transaction information for compliance and record keeping.
We may also contact you where we have consent or legitimate interest before we anonymise your record to see if you would still like to be kept informed about Pathlight Associates Limited services.
Pathlight Associates Limited will hold the data on the above schedule unless:
- You ask us to remove it
- We believe that you are no longer interested in our business
- We no longer need it for the purposes it was collected
We always think about your best interests when we apply retention rules to our systems and are always happy to remove you at your request.
If you have any questions on how long we keep your data please contact our DPO.
How We Secure And Maintain It
We will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and use and in accordance with this privacy policy.
Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data transmitted to us via the internet we cannot guarantee the security of your data transmitted to the Pathlight Associates Limited website from your device: any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Pathlight Associates Limited website or other online services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Necessary Processors
Pathlight maintains a small core operations team. In order to achieve operational efficiency and resilience, we work with some of the best third parties to provide excellent client and affiliate online services as effectively as possible.
This means the information we receive from you may pass through third party infrastructure to get to us and may ultimately be stored on third party infrastructure.
Each of our infrastructure partners is carefully reviewed and maintains the same security and standards towards data privacy as we do.
These are outlined below.
| Name of Organisation | Purpose |
|---|---|
| Google (Google Workspace, Google Cloud Platform) | G Workspace and GCP applications including email and web forms, cloud-based data storage, external website |
| Microsoft (Microsoft Office 365) | Microsoft Office applications, cloud-based data storage |
| Apple (Apple Business Manager), Jamf (Connect, Pro) | Mobile Device Management |
| Essensys, Invoco, O2 | Networking and telephony services |
| Mayflower Disclosure Services Limited | Processing of basic and standard disclosure checks to the Disclosure and Barring Service |
| The Payroll Site | Payroll processing |
| Standard Life | Pensions |
| Vitality | Life and medical insurance |
| Quickbooks Online | Accounting |
| Insightly | CRM |
| WordPress | Website management, usage and uptime statistics |
Who We Share It With And How
We may disclose your personal information to third parties:
- If we are under a duty to disclose or share your personal data to comply with any legal obligation;
- To fulfil any service that you request from us (e.g. enquiry via our website etc.);
- To enforce or apply our terms of use and other agreements;
- To protect the rights, property, or safety of Pathlight, our clients, affiliates, or others including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will share information about you with government agencies and some of our suppliers who process data on our behalf to help us to provide services to you. The purposes of sharing your information with these government agencies and suppliers is to notify you of our services and work opportunities, to provide you with information that you have requested from us, for administration purposes and to comply with the law.
| Names / Categories of Organisation | Purpose |
|---|---|
| Google (Google Workspace / GCP), WordPress | Processing of email and web forms, website access (intranet and external) |
| Google, Microsoft, Apple, Jamf | Email, general data storage, MDM |
| Essensys, Invoco, O2 | Networking and telephony services |
| Mayflower Disclosure Services Limited | Processing of basic and standard disclosure checks to the Disclosure and Barring Service |
| Disclosure and Barring Service, Disclosure Scotland | Processing of basic and standard disclosure checks |
| The Payroll Site | Payroll processing |
| HMRC | Processing of PAYE, NIC, VAT and other tax requirements |
| Standard Life | Processing of pension scheme membership and pension contributions |
| Vitality | Life and medical insurance |
| Quickbooks Online | Accounting |
| Insightly | CRM |
| Pathlight Associates Limited clients and potential clients | Tendering for assignments |
| Pathlight Associates Limited banking services providers | Making payments to you |
International Transfer Of Personal Data
If Pathlight transfers data outside of the UK and European Economic Area, we will take measures to ensure all adequate safeguards are in place that matches the UK and EU Data Protection standards, in accordance with legal requirements. Where recipients are located in countries which do not provide an adequate level of protection from a UK or European data protection law perspective, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You may request a copy of such appropriate safeguards by contacting us as set out in Section 6 of this Privacy Policy.
Your Rights and Accessing Your Data
| Your Rights | Details |
|---|---|
| Right of access | You have the right of access to information we hold about or concerning you. If you would like to exercise this right you should email our DPO. For example: we could provide a copy of all your information in a CSV or PDF file. |
| Right of rectification or erasure | If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will shall take all reasonable steps to inform those with whom we have shared your data about your request for erasure. |
| Right to restriction of processing | You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data. |
| Right to portability | You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request. |
| Right to object | You have a right to object to our processing of your personal data. This includes the right to object to any direct marketing we may undertake and to any automated decisions based on profiling which we may carry out. This also includes the right to object to any processing based on legitimate interests, such as disclosure checking. |
| Right to withdraw consent | You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent. You can do so by contacting our data privacy team and they will immediately mark our records accordingly, this will then take effect as soon as possible. Please be aware that some activities may already have left our system at time of consent withdrawal. |
| Right of complaint | You also have a right to lodge a complaint about any aspect of how we are handling your data with the UK’s Information Commissioner’s Office who can be contacted at www.ico.org.uk. If you would like to find out more about your rights please email our DPO. |
Provision of Third Party Data
You are responsible for informing and obtaining the consent of any third parties whose data you enter in to our website.
If we would like to process your personal data for any other purpose incompatible with the purposes listed above, we will provide you with appropriate additional privacy information at the point where you come across those additional purposes. Our commitment to you is that we will not process your data for any purpose other than those listed, or similar to those listed in this privacy policy. If you interact with another part of the Pathlight Associates Limited Group, we will provide you with additional privacy information relating to those other uses.
Technical
Cookies
Our website uses cookies to improve and enable the functionality it provides to you. You may refuse to accept cookies by activating the setting on your browser that allows you to refuse cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you use our site and third party features of our site.
Details of the cookies used by our site and third party cookies associated with functions of our site are available in the cookie consent dialogues, which allow you to choose what cookies to allow.
IP Address
We may collect information about your computer, including where available your IP address, geographic location (if you allow when prompted by your browser), operating system and browser type, for system administration when you access our website. We use this information for statistical data about our users’ browsing actions and patterns when they access our website.
Contacting Pathlight
If you would like more information about this policy, want to ask us any questions, want to withdraw consent or exercise your rights as a data subject, please contact our DPO.