Numeritas Limited and its subsidiaries and group companies (“We”) are committed to protecting and respecting your privacy.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. Who are we?
Numeritas Limited is the data controller, or in the case of our anti-money laundering checks is a joint data controller with SmartCredit Limited (t/a SmartSearch, Mayfield House, Lower Railway Road, Ilkley, Leeds LS29 8FL). This means we decide how your personal data is processed and for what purposes. Our contact details are: Numeritas Ltd, Central House, 142 Central Street, London EC1V 8AR. For all data matters contact Stephen Aldridge, on ku.oc.satiremun@ofni or 0845 869 4960.
3. The purpose(s) of processing your personal data
We use your personal data for the following purposes:
If you are an employee of a client company or a company involved in any project in which Numeritas is providing services, we will process your data in connection with services we provide to our client. We may also process your data in order to provide marketing material to promote our services and to inform you of news, events or activities.
You may give us information about you by filling in forms on our website numeritas.co.uk, or landing pages (where you are accessing our online resources), or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site or to receive information from us, or if you email us or are copied on emails to us, enter a competition, promotion or survey, register for an event or webinar or participate in discussion groups on our site or on social media.
Our website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. If you fill in any form on our website, the cookies on that machine will be associated with your contact details.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
4. The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
- –Identity data includes contact details (email address, company, role, phone number IP Address, information about the hardware and software used to access our website and any other information you give us or is given to us by a related party). We process information about your device hardware and software used to access our website and microsites. We may also process your photograph, career history and publicly available information about you.
- Communications data includes our communications with you by email, text, social media, telephone and any other means.
- Usage Data includes pages you have visited on our website, resources you have accessed and files you have downloaded, events you have registered for or attended and other use of content we offer. This information will be associated with your IP address and if you submit your contact details in a form will be associated with your email address and other Contact Data.
We have obtained your personal data from you, or from one of our clients, prospective clients or someone related to a project that we are involved in, or an enquiry made to us. We may also process data about you that is publicly available on social media, websites or correspondence we receive.
5. What is our legal basis for processing your personal data?
Personal data (article 6 of GDPR)
Our lawful basis for processing your general personal data depends you your relationship with us. The following lawful basis applies in each situation described below:
Consent of the data subject – If you have told us that the email you use to communicate with us is a personal (non-commercial) email address, we ask for your consent to send marketing information. You have the right to withdraw consent to marketing information at any time using preference links on every marketing email we send. Where you opt out of receiving marketing information, this will not apply to personal data provided as a result of an enquiry or involvement in a client project or other transaction.
Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract – If you are an employee of Numeritas Ltd or a prospective employee of Numeritas Ltd.
Processing necessary for compliance with a legal obligation – If we are required to identify you as part of our anti-money laundering due diligence or other regulatory obligation we are subject to.
Processing necessary to protect the vital interests of a data subject or another person – N/A
Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller – N/A
Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject – If you are an employee or contractor working for a client or are involved on a project that we are working on, have completed forms to download content (including software) from our website or if you have registered for an event (including webinars) organised by Numeritas Ltd, we have a legitimate interest in processing your data in connection with the delivery of our services and for the purpose of business development. If you use your personal email address in relation to a client project, an enquiry or to download content or register for an event as described above, we will treat this as a commercial email address and the legitimate interest purpose will apply.
More information on lawful processing can be found on the ICO Website
6. Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with:
- Our advisors, which include legal, technical, IT, financial, HR and other business advisors.
- Our cloud software providers, for example Hubspot.com
How long do we keep your personal data?
We keep your personal data unless and until you ask us to delete this information and if it is not reasonably required in order to defend any possible future legal claims against us.
7. Providing us with your personal data
Unless you are a signing authority acting on behalf of a client, or an employee or prospective employee of Numeritas Ltd, you are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so will have the following consequences: we may be unable to enter into a contract with the company you represent or to make you an offer of employment.
8. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you
- The right to request that we correct any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary to retain such data
- The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means)
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
9. Transfer of Data Abroad
Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing safeguards, for example ensuring that the processor complies with the EU-US Privacy shield framework.
10. Automated Decision Making
We do not use any form of automated decision making in our business.
11. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
13. How to make a complaint
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.