We Are Dcoded's Privacy Policy

Last Updated: 30 October 2024

Introduction

This Privacy Policy applies to all data collections and other data processing of We Are Dcoded Limited. For the purposes of this Privacy Policy any references to We Are Dcoded (or "us" or "we" or "our") means We Are Dcoded Limited.

At We Are Dcoded we take your privacy seriously, this Privacy Policy explains how we treat your personal data to maintain your privacy. It describes how we collect, use and process your personal data, explaining what we do with it whether we are in the process of helping you find a job, continuing our relationship with you after finding you a role, providing you with a service, receiving a service from you, using your data to ask for your assistance in relation to one of our Candidates or you are a Website Visitor.

This Privacy Policy applies to the personal data of Candidates, Clients, Contractors, Suppliers, Website Visitors and other people whom we may contact in relation to our Candidates or whom they have indicated as an emergency contact. It also applies to the emergency contacts of our Staff.

We Are Dcoded Limited reserves the right to update this Privacy Policy at any time, please review the "Last Updated" details at the top of this page to determine when this Privacy Policy was last updated. Any change to this Privacy Policy will become effective on the "Last Updated" date indicated above. We Are Dcoded Limited will make every effort to communicate any significant changes to you via email and/or by posting a notice on We Are Dcoded's Site. Your continued use of We Are Dcoded Limited's services will be deemed as acceptance of any amended Privacy Policy.

If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights and, where relevant, we have described these as well.

How We Use Your Personal Data

We Are Dcoded Limited collect your personal data in order to facilitate the recruitment process, you are under no obligation to provide your personal data, however, if you do not provide your personal data we may not be able to provide you with certain services. We only ask for details that will genuinely help us to help you, we do not collect more information that we require to fulfil our stated purposes and will not retain it for longer than is necessary.

It is not our policy to seek sensitive personal data unless required for further recruitment purposes, legally required or reasonably necessary for an ongoing relationship with you. Sensitive data includes data concerning race or ethnic origin, physical or mental health, sexual orientation, religious beliefs, political opinion, trade union membership or criminal records and proceedings. We therefore suggest that you do not offer sensitive personal data of this nature unless specifically requested to do so. If you do provide sensitive personal data for any reason, we accept this as your consent to use such data in the ways described in this Privacy Policy.

The personal data we hold is dependent upon your relationship with us, the information below describes the personal data held, how it is collected and used, the systems it is held in, the period we hold it for, who it is shared with and the lawful basis for processing.

The information described below is in addition to any personal data we are required by law to process in any given situation.

Unless otherwise stated We Are Dcoded Limited is the Data Controller for the personal data you provide. If you have any queries about how we handle your personal data, please contact us at gdpr@wearedcoded.com.

Candidates

What Personal Data We Hold

Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to offer you employment opportunities that are tailored to your interests, skill set, experience and expectations.

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collect your personal data in three primary ways:

  1. Personal data provided by you, the Candidate;
  2. Personal data we receive from other sources; and
  3. Personal data we collect automatically.
1. Personal Data Provided by You

We Are Dcoded Limited needs to know certain information about you to be able to provide a tailored service. This personal information enables us to provide you with the best opportunities and to improve your job search experience with us.

There are a number of ways you can share your personal information with us. These include, but are not limited to:

2. Personal Data We Receive from Other Sources

In addition to personal data received directly from you We Are Dcoded Limited also receive personal data about Candidates from other sources. These may include personal data received in, but not limited to, the following situations:

3. Personal Data We Collect Automatically

When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.

More information can be found here.

How We Use Personal Data

We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:

  1. Recruitment activities;
  2. Marketing activities; and
  3. To help us establish, exercise or defend legal claims.
1. Recruitment Activities

Our main area of work is recruitment, and as a Candidate, your personal data is processed for the purposes of providing you with work-finding services. This includes, but is not limited to:

2. Marketing Activities

We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:

We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we'll ask for this via an opt-in.

If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time.

If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.

Our marketing is based on what we think will serve our Candidates best. We may use your data to show you We Are Dcoded Limited adverts and other content on other websites.

3. To Help Us Establish, Exercise or Defend Legal Claims

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of three years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-party company or entity). Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.

"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services, including, but not limited to, uploading your updated CV to our website. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.

Who We Share Your Personal Data With

Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Lawful Basis for Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that We Are Dcoded Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."

In simpler language this is where We Are Dcoded Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

As a Candidate we believe it is reasonable to expect us to collect and use your personal information to provide recruitment services to you, to share your personal information with prospective employers and compare your skills against our current vacancies where you have either provided us with your information directly, posted your CV information on a job board or on professional networking sites. Once it looks like you may be offered a position with a prospective employer, they may want to check any information you have provided or to confirm your qualifications, experience or references. The providing of this information to prospective employers is required to help you, and other Candidates, get the jobs you deserve and allows us to function as a profit-making recruitment business.

We think it's reasonable to process your personal data to provide a tailored recruitment service, offering you, the Candidate, a more pleasant job search experience and ensuring you receive the most appropriate content for your job search.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Contractors

What Personal Data We Hold

Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to offer you employment opportunities that are tailored to your interests, skill set, experience and expectations.

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collect your personal data in three primary ways:

  1. Personal data provided by you, the Contractor;
  2. Personal data we receive from other sources; and
  3. Personal data we collect automatically.
1. Personal Data Provided by You

We Are Dcoded Limited needs to know certain information about you to be able to provide a tailored service. This personal information enables us to provide you with the best opportunities and to improve your job search experience with us.

There are a number of ways you can share your personal information with us. These include, but are not limited to:

2. Personal Data We Receive from Other Sources

In addition to personal data received directly from you We Are Dcoded Limited also receive personal data about Contractors from other sources. These may include personal data received in, but not limited to, the following situations:

3. Personal Data We Collect Automatically

When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.

More information can be found here.

How We Use Personal Data

We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:

  1. Recruitment activities;
  2. Marketing activities; and
  3. To help us establish, exercise or defend legal claims.
1. Recruitment Activities

Our main area of work is recruitment, and as a Contractor, your personal data is processed for the purposes of providing you with work-finding services. This includes, but is not limited to:

2. Marketing Activities

We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:

We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we'll ask for this via an opt-in.

If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.

Our marketing is based on what we think will serve our Contractors best. We may use your data to show you We Are Dcoded Limited adverts and other content on other websites.

3. To Help Us Establish, Exercise or Defend Legal Claims

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of seven years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-party company or entity). Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of seven years your personal data will be kept for the period required by law.

"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services, including, but not limited to, uploading your updated CV to our website. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.

Who We Share Your Personal Data With

Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Lawful Basis for Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that We Are Dcoded Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."

In simpler language this is where We Are Dcoded Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

Article 6(1) (b) states that We Are Dcoded Limited can process your data where "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract".

In simpler language this is where We Are Dcoded Limited have placed you in a role as a contractor and have a contract in place with you to fulfil that role.

As a Contractor we believe it is reasonable to expect us to collect and use your personal information to provide recruitment services to you, to share your personal information with prospective employers and compare your skills against our current vacancies where you have either provided us with your information directly, posted your CV information on a job board or on professional networking sites. Once it looks like you may be offered a position with a prospective employer, they may want to check any information you have provided or to confirm your qualifications, experience or references. The providing of this information to prospective employers is required to help you, and other Contractors, get the jobs you deserve and allows us to function as a profit-making recruitment business.

We think it's reasonable to process your personal data to provide a tailored recruitment service, offering you, the Contractor, a more pleasant job search experience and ensuring you receive the most appropriate content for your job search.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Clients

What Personal Data We Hold

The data we collect about Clients is actually very limited. Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to fulfil our obligations to you as a client.

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collection your personal data in three primary ways:

  1. Personal data provided by you, the Client;
  2. Personal data we receive from other sources; and
  3. Personal data we collect automatically.
1. Personal Data Provided by You

We Are Dcoded Limited needs to know certain information about you and your business to ensure that you have the best staff for your business.

There are a number of ways you can share your personal information with us. These include, but are not limited to:

2. Personal Data We Receive From Other Sources

In addition to personal data received directly from you We Are Dcoded Limited also receive personal data about Clients from other sources. These may include personal information received in, but not limited to, the following situations:

3. Personal Data We Collect Automatically

When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.

More information can be found here.

How We Use Personal Data

We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:

  1. Recruitment activities;
  2. Marketing activities; and
  3. To help us establish, exercise or defend legal claims.
1. Recruitment Activities

Our main area of work is recruitment, and as a Client, your personal data is processed for the purposes of providing you with employee-finding services. This includes, but is not limited to:

2. Marketing Activities

We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:

We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we'll ask for this via an opt-in.

If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.

Our marketing is based on what we think will serve our Clients best. We may use your data to show you We Are Dcoded Limited adverts and other content on other websites.

3. To Help Us Establish, Exercise or Defend Legal Claims

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of three years after our last meaningful contact with you. Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.

"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.

Who We Share Your Personal Data With

Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Lawful Basis for Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that We Are Dcoded Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."

In simpler language this is where We Are Dcoded Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

As a Client we believe it is reasonable to expect us to collect and use your personal information to provide the best recruitment services to you.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Supplier

What Personal Data We Hold

We need a small amount of information from our Suppliers to ensure our business relationship runs smoothly. We may collect some or all of the personal data listed below.

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collect personal data when entering into an agreement with you and during the course of our work with you.

How We Use Personal Data

We use the personal data we hold about you in 4 primary ways:

  1. To contact you in relation to our agreements;
  2. To offer services to you or to obtain support and services from you;
  3. To perform certain legal obligations; and
  4. To help us to establish, exercise or defend legal claims.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of three years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-part company or entity). Difference laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.

"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services. We also consider clicking through from, or replying to, any of our marketing emails as meaningful contact.

Who We Share Your Personal Data With

We may share this information with any of our group companies and associated third parties such as our service providers and organisations to whom we provide services.

Lawful Basis For Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that We Are Dcoded Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."

In simpler language this is where We Are Dcoded Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

As a Supplier we believe it is reasonable to expect us to collect and use your personal information for the purposes outlined above.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Website Visitor

What Personal Data We Hold

Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to fulfil our obligations to you as a website visitor.

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collect your personal data when you browse our website. We also collect personal information when you contact us via the website, for example by completing the contact us form.

We collect the data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please click here.

How We Use Personal Data

We use the personal data we hold about you to monitor and improve the website experience for website visitors.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of three years after you visit our website. Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.

Who We Share Your Personal Data With

Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Lawful Basis for Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that We Are Dcoded Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."

In simpler language this is where We Are Dcoded Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

As a Website Visitor we believe it is reasonable to expect us to collect and use your personal information to provide a positive browsing experience.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Your Rights

The General Data Protection Regulation (GDPR) provides the following rights for individuals:

  1. The right to be informed;
  2. The right of access;
  3. The right to rectification;
  4. The right to erasure (to be forgotten);
  5. The right to restrict processing;
  6. The right to data portability;
  7. The right to object;
  8. Rights in relation to automated decision making and profiling; and
  9. The right to withdraw consent.
1. The Right to Be Informed

Individuals have the right to be informed about the collection and use of their personal data in a concise, transparent, intelligible and easily accessible way that uses clear and plain language. This Privacy Policy serves to provide this information.

Where personal data is obtained from third-party sources we will endeavour to inform the individual of this privacy information in a timely manner and no later than one month after receiving the data.

2. The Right of Access

Under the GDPR, individuals have the right to obtain:

This right of access has been provided to allow individuals to access their personal information, so they are aware of and can verify the lawfulness of the processing.

To find out if we hold any of your personal information, and what data we hold, a Subject Access Request (SAR) can be submitted.

If we do hold your personal information we will:

Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

3. The Right to Rectification

Individuals have the right to request that any inaccurate personal data is rectified or completed if it is incomplete. Personal data is considered to be inaccurate if "it is incorrect or misleading as to a matter of fact". This request can be made either verbally or in writing.

When a request for rectification is received we will take reasonable steps to confirm the identity of the individual making the request and to satisfy ourselves that the data provided is accurate and that rectification of the data is required. When considering the accuracy of the data you have the right to restrict the processing of your personal data until its accuracy has been established. Details of this right can be found here.

When we are satisfied of the accuracy of the new data we will update it within our systems. If we have shared the inaccurate personal data with third-parties, we will notify them of the rectification unless this is impossible or involves disproportionate effort.

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request for rectification if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

This information will also be provided if we request a "reasonable fee" to comply with the request.

4. The Right to Erasure (To Be Forgotten)

Individuals have the right to request that their personal data is erased from our systems, this right is not absolute and only applies in certain circumstances. Normally, the information must meet one of the following criteria:

The right to erasure does not apply if processing is necessary for one of the following reasons:

When a request for erasure is received we will take reasonable steps to confirm the identity of the individual making the request. Once proof of identity has been obtained we will take all reasonably practicable steps to delete the relevant data and inform other organisations of the erasure if the personal data has been disclosed to others.

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request for erasure if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

This information will also be provided if we request a "reasonable fee" to comply with the request.

5. The Right to Restrict Processing

Individuals have the right to request that we restrict our processing of their personal information, this right is not absolute and only applies in certain circumstances. This means that we can continue to store your personal information but the ways in which we can use your information is limited. This is an alternative to requesting the erasure of your data.

You are entitled to request that we restrict the processing of your personal information where:

If we have shared your personal information with third-parties, we will notify them of the request to restrict processing unless this is "impossible or involves disproportionate effort".

We will notify you before lifting any restriction on processing your personal information.

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request to restrict processing if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

This information will also be provided if we request a "reasonable fee" to comply with the request.

6. The Right to Data Portability

Individuals have the right to obtain and reuse the personal information for their own purposes across different services. In effect, this means you are able to transfer your personal information held by We Are Dcoded Limited between Data Controllers. To enable this transfer, we will provide you with your information in a structured, commonly used and machine readable format that is password-protected so that you can transfer the data to another Data Controller. The personal information provided will be restricted to the personal information you have provided to us.

The right to data portability applies when:

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request to restrict processing if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

This information will also be provided if we request a "reasonable fee" to comply with the request.

7. The Right to Object

Individuals have the right to object to:

To be able to exercise this right you must have "grounds relating to his or her particular situation".

If your objection relates to us processing your personal information because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless:

If your objection relates to direct marketing, we must act on your objection by ceasing this activity.

8. Rights in Relation to Automated Decision Making and Profiling

Individuals have additional rights with the fully automated decision making process, including profiling with legal or similarly significant effects restricted. This restriction only applies to fully automated individual decision making where there is no human involvement.

This restriction is lifted if one of the following three conditions apply:

9. The Right to Withdraw Consent

Individuals have the right to withdraw previously given consent at any time, for example where consent has been given for direct marketing.

When consent is withdrawn we will cease to carry out the activity for which consent has been withdrawn unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. Where we consider this to be the case we will inform you of this condition and the alternative reasons.

Details of how to get in touch about these rights can be found here. We endeavour to deal with any requests without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). We may keep a record of your communications to help us resolve any issues which you raise.

Where our lawful basis for processing your personal data is consent, you have the right to withdraw your consent at any time by contacting us.

If you withdraw consent, where consent is the legal basis for processing, we will cease to process your personal data for the activity which consent has been withdrawn unless we still need to process your data for legal or official reasons. If this is the case, we will inform you and will restrict the data to only what is necessary for the purpose of meeting those specific reasons.

If you believe that any of your data that we process is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.

Subject Access Requests

Individuals can raise a Subject Access Request (SAR) to exercise one or more of their rights, listed in the Your Rights section of this Privacy Policy. As part of any request you will be required to provide proof of your identity before the request is processed. Your request will be processed within one month of receipt of both your request and proof of identity, except in circumstances where requests are complex or numerous.

If a request is considered complex or numerous we may extend the period of compliance by a further two months, notification of this will be provided within one month of receipt of the request along with details of why the extension is necessary.

Subject Access Requests will be processed free of charge except where the request is deemed "manifestly unfounded or excessive". Where this is the case a "reasonable fee" may be charged. A "reasonable fee" may also be charged to comply with requests for additional copies of the same information, this fee will cover the administrative costs involved in providing the information.

Where we consider a request to be "manifestly unfounded or excessive" we may refuse to respond to the request. If we refuse to respond we will provide details of why this decision has been made along with details of your right to complain to the supervisory authority (the ICO) and to a judicial remedy.

To submit a Subject Access Request please contact us, by email, telephone or in writing, using the contact details listed in the How to Contact Us section below.

Safeguarding Your Data

We are committed to taking all reasonable steps by means of "appropriate technical and organisational measures" to safeguard the personal information we hold from misuse, loss or unauthorised access. These include measures to deal with any suspected data breach.

We secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information is collected on our website and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

If you suspect any misuse, loss or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found here.

ICO Registration

We Are Dcoded Limited is registered with the ICO (Information Commissioner's Office), details of our registration are available at https://ico.org.uk/ESDWebPages/Entry/Z9043389.

Cookies Policy

Cookies are small text files that are placed on your computer, smartphone or tablet by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are used by nearly all websites and do not harm your system.

You can read more about how we use cookies on our Cookies Policy page.

Third-Parties

We Are Dcoded Limited may use third-parties to perform services in connection with our operations, to improve our website and our services, products and features, and to protect our users. These third-parties may include (but are not limited to) service providers and vendors.

Any sharing of personal information with a third-party will be done under contract with the third-party obliged to keep the data secure. The third-party will only use the information to fulfil the service(s) they provide and will delete all personal information when it is no longer needed to fulfil that service.

A list of the third-parties with whom personal data may be shared can be found here.

Links to Other Websites

Our website contains links to other websites. Please be aware that we are not responsible for the privacy practices of those other websites. When you leave our website, we encourage you to read the privacy policies of each and every website.

How to Contact Us

You can contact us by email, telephone or in writing:

Email: gdpr@wearedcoded.com

Telephone: 0161 710 4880

Address:
GDPR Manager
We Are Dcoded Limited
7 Jordan Street
Castlefield
Manchester
Greater Manchester
M15 4PY

Glossary of Terms

Candidate – This category includes applicants for all roles advertised or promoted by We Are Dcoded Limited including permanent, temporary and interim positions with We Are Dcoded Limited's Clients; as well as people who have supplied a speculative CV to We Are Dcoded Limited not in relation to a specific job. Employees of suppliers or other third-parties put forward for roles with We Are Dcoded Limited will be treated as candidates for the purposes of this Privacy Policy.

Client – This category includes our customers, clients and others to whom We Are Dcoded Limited provides services in the course of its business.

Contractor – This category includes Candidates who have been placed into a position by We Are Dcoded Limited.

Data Controller – A data controller determines the purposes and means of processing personal data.

Data Processor – A data processor is responsible for processing personal data on behalf of a controller.

General Data Protection Regulation (GDPR) – A European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.

Managed Service Provider (MSP)Clients' outsourcing of the management of external staff (including freelance workers, independent contractors and temporary employees) to an external recruitment provider.

Other People Whom We Are Dcoded Limited May Contact – This category may include Candidates' and We Are Dcoded Limited's Staff emergency contacts and referees. We will only contact them in appropriate circumstances.

Personal Data/Personal Information – The GDPR applies to 'personal data' meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

Recruitment Process Outsourcing (RPO) Services – Full or partial outsourcing of the recruitment process for permanent employees to a recruitment provider.

Sensitive Personal Data/Sensitive Personal Information – The GDPR refers to sensitive personal data as "special categories of personal data" (see Article 9).

The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing (see Article 10).

Staff – This category includes employees and interns engaged (or who have accepted an offer to be engaged) directly in the business of We Are Dcoded Limited as well as certain other workers engaged in the business of providing services to We Are Dcoded Limited (even though they are not classed as employees). Independent contractors and consultants performing services for We Are Dcoded Limited fall within the definition of a "Supplier" for the purposes of this Privacy Policy.

Supplier – This category refers to partnerships and companies (including sole traders), and atypical workers such as independent contractors and freelance workers, who provide services to We Are Dcoded Limited. In certain circumstances We Are Dcoded Limited will sub-contract the services it provides to Clients to third-party suppliers who perform services on behalf of We Are Dcoded Limited. In this context, suppliers that are individual contractors, freelance workers, or employees of suppliers will be treated as Candidates for data protection purposes.

Please note that in the context, We Are Dcoded Limited require Suppliers to communicate the relevant parts of this Privacy Policy (namely the sections directed to Candidates) to their employees.

Website Visitor – This category includes any individual who accesses any of the We Are Dcoded Limited websites.