1. About us
At Pastel Solutions Ltd (Pastel) we believe in a people first approach to delivering business solutions. To help us achieve this, we need to process varying amounts of personal data on our employees, contractors, business partners, suppliers, website visitors and members of the public.
Pastel is committed to protecting your privacy and complying with the UK Data Protection Act 2018, UK and the General Data Protection Regulation (collectively referred to as the UK GDPR). We will monitor and update this policy to reflect changes in these and all other relevant current and future data protection legislation.
Ensuring transparency of all and any data collection is important to us at Pastel. We will be open about what information we are collecting. Security at Pastel is paramount, and we believe in protecting the confidentiality and security of information we collect about you; this includes current and prospective clients and members of the public. This Privacy Notice is intended to bring to your attention our practices relating to the collection, processing and disclosure of personal information.
This notice is intended to inform those visitors, not directly employed by Pastel how we use their data, how we use personal data of employees is detailed within our internal Employee Privacy Notice.
For the purposes of this Privacy Notice, the term “personal information” refers to personal information relating directly or indirectly to an identifiable person.
Our website is owned and operated by Pastel Solutions Ltd; registered in England under company registration number 08697159. We are registered with the UK Information Commissioner's Office under registration number ZA149127.
2. Personal data we collect
To facilitate the interactions between us and your interest in Pastel, we may collect and process the following data about you:
- Personal data when you actively enquire about our services;
- Name, place of work, position, employer and qualifications;
- Contact information including telephone numbers, email address, social media account names;
- Postal address;
- Your interests and motives regarding our services, including customer enquiries and complaints;
- Relevant information in your day-to-day dealings with us;
- Electronic signatures when digitally signing documents;
- Your image on CCTV if you visit any of our offices or sites;
- Your device IP or MAC address, system/software name, location, date and time of interaction;
- The pages which you visit on our website and the method in which you found our website;
- Various information stored in third party cookies.
- Details of any consents you give such as with newsletter signups.
- The information that is processed about you is dependent on the purpose and channel of your enquiry. This includes:
- Enquiries for more information about Pastel;
- A complaint; and,
- Job applications (see below).
Some of the information we collect about you may include your sensitive personal data as defined in the GDPR (please see section 4 below for more details).
3. How we collect your personal data
In the main we will collect your personal data directly from yourself, however, your information may be received from third parties such as your employer, a personal representative or recruitment company. We may collect your personal data when you contact us through our website, by telephone, post, email or through any other means. Your image may be captured if you visit any of our sites or offices and if it is necessary to issue you with a temporary pass card.
We may use publicly accessible information to verify information we are provided with and to manage and expand our business.
4. Sensitive personal data
The GDPR provides a definition for special category data, more commonly referred to as “sensitive personal data”. This relates to information concerning an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences.
In recruitment some sensitive data may be requested on a purely voluntary and anonymous basis for equality monitoring purposes.
5. How we use personal data for our lawful basis
We will use the information held about you for the purposes for which it was provided to us as stated at the point of collection (or as may be obvious in the context of collection). Your personal data will be used by us in the following ways:
- To respond to your enquiries;
- To send you information you have requested;
- To facilitate the business relationship which we have;
- To enter into contractual obligations;
- To improve our business and the service we provide;
- To facilitate any interest in a career at Pastel and;
- For market research purposes;
- To deal with any lawful enquiries from an official statutory body.
We do not collect or compile personal data for release or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.
In order to process your personal data, we must have a lawful reason, the main lawful reasons Pastel utilise to process your personal information are: -
- Your implied, or explicit consent which you may withdraw at any time;
- The performance of a contract with you for the provision of our services or to take preliminary steps at your request to enter into one;
- For us to fulfil our legal or regulatory obligations;
- For reasons of substantial public interest; or,
- The purposes of the legitimate interests pursued by us or by a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on.
NB. You can object to processing on any of these bases at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims – see “Your rights” below.
If you apply to work with us, we will use the information you supply to process your application and to monitor recruitment statistics. We will remind you of these privacy terms if you apply for a job with us. For some positions we may ask some pre-qualification questions, such as do you have a driving licence, however no automated decision making takes place during the recruitment process. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give more details about how we hold employee data and we will expect the employee to sign up to additional privacy terms as part of their employment, employment is subject to satisfactory references.
During the recruitment process you will be invited to provide special category information about yourself including details of your religion, sexuality and ethnic origin. This is wholly voluntary and will purely be used for statistical purposes to assist with our equal opportunities ambition. For some positions you may be invited to take a psychometric test to assist us with our decision making, this is not mandatory and will be performed with your explicit consent.
We may retain details of candidates who may be of interest to us, either now or in the future, usually for a period of 12 months; on the anniversary of your application, you will be invited to extend the retention period further. We are happy to delete your information sooner, just contact us using the contact details below or email firstname.lastname@example.org
We may use third parties to consider potential hires. We may also verify details in your application and make what we consider to be reasonable and necessary background checks about you. These background checks may require a 3rd party to contact you and obtain information.
7. Your rights
You have the following rights under the General Data Protection Regulation (GDPR): Right to be informed
- You have the right to be informed about the collection and use of your personal data. There are a few circumstances when Pastel do not need to provide you with privacy information, such as if you have already given us information or if it would involve a disproportionate effort for us to provide it to you.
- Any information we will provide will be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.
Right to access your personal data
- You have the right to make a data subject access request (DSAR). Requests should be made to the Data Protection Officer. Contact details can be found in section 12.
Right to have your information corrected
- We take all reasonable steps to ensure that the information we have about you is accurate and where necessary kept up-to-date. If you think that the information, we hold is not accurate or up- to-date, please tell us as soon as possible and we will ensure it is corrected. Please let us know if the personal data that we hold about you needs to be updated by contacting us at email@example.com or call us on 03300538898.
Right to erasure
- You have a right to have your personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
Right to restrict processing
- GDPR gives you the right to restrict the processing of your personal data in certain circumstances. This means that you can limit the way that Pastel uses your data. This is an alternative to requesting the erasure of your data. When processing is restricted, Pastel are permitted to store your personal data, but not use it.
Right to data portability
- The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right does not apply to any information held by Pastel.
Right to object - You have the right to object to the following things:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
- Direct marketing
- Processing for purposes of scientific/historical research and statistics.
Rights related to automated decision-making including profiling
- Automated individual decision-making is a decision made by automated means without any human involvement.
- The GDPR restricts Pastel from making solely automated decisions, including those based on profiling, that have a legal or similarly significant effect on individuals.
Please note that these rights may be subject to some conditions and exceptions. To exercise any of these rights and make such a request, please use the contact details provided below.
You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office whose contact details can be found at the bottom of this notice or directly, here: https://ico.org.uk/
Marketing communications and social media
If you have given permission, we may contact you by mail, telephone and email about our products and services and invitations to events which may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by clicking the “Unsubscribe” option in any of the marketing communications we send you or by contacting us by email or telephone.
Pastel has a presence on social media including on Twitter and LinkedIn. You should view their privacy policies to understand how they may process your personal data. Please remember that when you share information publicly on the website, for example a comment on a blog post it may be indexable by search engines, including Google, which may mean that the information is made public.
8. Disclosure of your information
It may be necessary to disclose or share your personal data with either internal and external parties. We will only do this where it is strictly necessary for example in connection with our legitimate business activities, to enforce our policies, comply with our legal obligations or in the interests of security, public interest or law enforcement. For example, we may respond to a request by a law enforcement agency or regulatory or governmental authority. We may also disclose data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests.
We share your information with third parties who help deliver our products and services to you. Examples include hosting our web servers, analysing data, providing marketing and legal assistance, access control services, CCTV monitoring and providing customer service. These companies will have access to your personal information as necessary to perform their functions, but they may not use that data for any other purpose.
We may also share your personal data:
- With our delivery partners, such as contractors in order to fulfil our contractual obligations.
- With Pastel employees and agents to manage our relationship with you;
- With any third party with whom you have asked us to share your personal data. We will perform reasonable due-diligence on those parties to keep any personal information both confidential and secure and request that they use the information solely for the purposes of providing the specified services to us.
Similarly, your personal information may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration.
9. Cookies, other information-gathering technologies and links to other sites
Our website may, from time to time, contain links to other websites, mainly those of our partners and clients, but also those of other third parties. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before either agreeing to their terms or before you submit any personal data to these websites or use them.
We shall ask for your permission before we use any non-essential cookies by way of our cookie banner when you first arrive at the site.
If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure.
Note that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data.
We have put in place security measures that we consider to be reasonable to protect the security of your personal information and keep it confidential and to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. We review these measures regularly to make sure they remain appropriate. While no system is completely secure, we believe the measures implemented by Pastel reduce our vulnerability to security problems to a level appropriate to the type of data involved. We cannot guarantee the security of any third-party application you may use to transmit your data (for example, internet browsers).
11. For how long we will keep your information
We will keep your personal information for at least as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal, regulatory and professional obligations. As a rule of thumb, we will keep your personal information for as long as is necessary, including:
- To respond to any questions, complaints or claims made by you or on your behalf;
- To show that we treated you fairly;
- To keep records required by law.
The data we collect. Reason to keep this data and retention period – how long we will keep it:
- Employee data
- Employee files – for legal purposes 7 years after the employee leaves
- Employee data Pension data and certificates for medical tests, for example, eye or hearing tests for legal purposes indefinitely.
- CVs and applications for unsuccessful candidates will be deleted – legal obligations 6 months after the campaign, unless the candidate has consented to a longer retention period.
- All client information – to prove consents and in case of legal disputes 7 years after the relationship ends or last activity
- We retain for this period as often enquiries can take this period of time to come to fruition. 2 years.
- Tax records, payroll etc – for legal purposes 7 years
- Semi-anonymous analytical data 25 years
- Semi-anonymous analytical data from email interaction 25 years.
12. Where is your information processed?
We endeavour to process your personal data within the UK, or EEA, however, any transfer of your data will be subject to a European Commission approved contract or agreement which will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
13. Contact us
If you have any further questions about the way we manage your data, you wish to activate any of your rights or have a complaint regarding our data protection practices you can contact the Pastel Protection Officer using any of the channels below:
- You can email: firstname.lastname@example.org
- You can ring us: 03300538898
- You can write: Data Protection Officer, Pastel Solutions Ltd Lymedale Business Centre, Hooters Hall Road, Newcastle-under-Lyme ST5 9QF
Pastel Solutions Ltd is a public limited company registered in England under company registration number 08697159. Registered with the UK Information Commissioner's Office under registration number ZA149127. Information Commissioner’s details
Should you remain unsatisfied you can contact the appropriate data protection regulator listed below. UK Information Commissioner: Tel: +44(0)303 123 1113 or visit ICO website - https://ico.org.uk/