Wirehouse Employer Services Privacy Notice & Cookie Policy
At Wirehouse Employer Services we are committed to maintaining the trust and confidence of the people we communicate and work with as clients of ours or prospective future clients. In particular, we want you to know that we do not sell, rent or trade email lists with other companies and businesses for marketing purposes. In this Privacy Notice, we’ve provided lots of detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.
Where there is reference to “third party processers” throughout this privacy notice, please see annex 1 at the end of the document which lists all of our third party processers.
How we Process your Personal Data and the Data you Share with us
Mailing Lists for clients
As part of the registration process for our monthly e-newsletter, we collect personal information; specifically your name and email address. We use that information for a couple of reasons: to tell you about things you’ve asked us to tell you about when you subscribed to the newsletters and to contact you if we need to obtain or provide additional information. Current clients may not have subscribed to the newsletter; however, your email is automatically added as we are contractually obliged to keep you up to date with the relevant legislation updates.
We use a third-party provider platform to deliver our newsletters and legislation updates, and we use a third party provider platform to promote our workshop events to you. We gather statistics around email opening using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our electronic communications or by emailing us at gdpradvice@wirehouse-es.com
Mailing lists for non-clients
We may send marketing material via email and / or use your phone number to contact you regarding our services if we believe you could be a prospective client. We will only do so where consent has been sought to process your personal data for this purpose. We comply with any restrictions on processing put in place by any platform we received your personal data from. We use a third party provider CRM based system to store and retain your personal data. Our lawful basis for continuing the processing of your personal data is for our legitimate interests, which mainly centres around business development. You do have various data rights in regards to the continued processing of your data which are detailed further on in this privacy notice.
Use of CRM
Our sales and marketing teams use a CRM system to store emails between themselves and prospects and clients when discussing products and services. The CRM system is owned by a third party and therefore the processing relating to storage of this data is undertaken by them. The purpose of doing so is for our legitimate interests and more efficient working so that emails can be easily accessed. We have put specific restrictions in place in relation to the CRM to comply with our obligation to have organisational and technical measures in place. When producing commercial contracts, we use the information from these emails, stored on the CRM, to create the contract. In order to do so we use a web automation tool to pass the stored information to another third party processer.
E-Learning
If you complete any of our e-learning training modules, the personal data which you have provided in order to do so will be processed by us for the purposes of allowing access to the e-learning modules and sending you related correspondence about the modules (such as log in details and completion confirmations). We use an E-learning platform through a third party processer
Sales & Marketing
We obtain our “leads” (sales opportunities) in a number of ways. If we generate the “lead” internally then we always ensure we are adhering to data protection legislation and rights. A lot of how we interact with prospect data is down to levels of interaction from those prospects. We do engage in outbound “cold calls” to companies, but rely on legitimate interests for doing so and have a legitimate interests assessment internally to ensure our practice is compliant with data protection legislation. We also ensure any requests to cease processing the data are actioned. Another way we may have obtained your details is via a Company called Marketing VF Ltd (Expert Market) and as part of our due diligence we have ensured they collect and share data compliantly. If we have made contact with you and you are concerned as to where we sourced your data, please contact gdpradvice@wirehouse-es.com so that we can check specifically for you.
We use a third party (detailed in Annex 1) to contact leads / prospects on our behalf via Linkedin messages and calls.
Third Parties
Any third parties with whom we share your personal data are regarded as processors and all have committed not to use your personal data for any other purpose than those outlined to you in this privacy notice. We have specific data processing agreements in place with all third parties in order to protect your personal data. We have conducted due diligence and are satisfied that all have appropriate security measures in place to ensure the confidentiality of your personal data. They are unable to share your personal data with any other third parties without our express agreement and as mentioned above, we are committed not to do this without your knowledge. We will not share your personal data with any other third parties than those detailed in this Privacy Notice. If you are a data subject and would specifically like to know which third parties we use, please refer to Annex 1 at the bottom of this document or email us at gdpradvice@wirehouse-es.com for further information.
Call Recordings
We record all calls made to our offices and to our Consultants and other staff members work mobile phones. This is for the purposes of quality control and referring back to previous advice that may have been given on any advice calls with clients or prospects. If you object to us recording your calls, please see the section “rights” later on in this Privacy Notice. We have strict controls in place internally to ensure only authorised and trained employees of Wirehouse have access to the call recordings and all are stored on a secure server. The only third party we share this data with for the purposes of storage, maintenance and the upgrading of our system is our phone system engineer.
Collection and Storage
We may have collected your personal data directly from you at an event, a sales meeting or other business engagement. At the time, we would have been committed to being transparent about the way in which we intend to use your personal data. We may have also initially received your personal data from a data broker in respect of whom we have undertaken due diligence to ensure the data was collected in compliance with GDPR. Finally, we operate a referral scheme therefore we may have been given your details from a friend, colleague or acquaintance who has informed us that you are interested in our services and that they have obtained necessary consent from you to pass on your details. Once we receive this data from any third party, we will not share this with any other third party organisation that isn’t listed in this Privacy Notice.
We operate with an internal system which records your personal data. We will store on these systems any personal data shared with us regarding our clients’ employees, for the purposes of various legal advice. We allow access to this internal system to IT specialists, if and when required in order to undertake any external testing or support of the system, for the purposes of enhancing our security and ensuring we meet the requirements of “technical measures” being in place for the personal data we hold, as per current data protection legislation obligations. We have an agreement in place with any relevant third parties at the time, not to share any personal data found on the system and not to access it unless absolutely necessary for the purposes of technical assistance.
Security
We take appropriate technical and organisational measures when it comes to the security of your data including internal awareness of GDPR and privacy to any employees with access to or processing your personal data.
Retention
We will retain your personal data until you opt out of receiving marketing or sales communications from us or until a request is made by you and approved by us, for us to cease processing or to dispose of the data held. If you are a client then we will retain the information you share with us regarding your employees and any other relevant data subjects for a period of up to 6 years from the date of any cancellation of services, for the purposes of being able to provide this documentation if required by law, should a claim be made. This includes but is not limited to any information shared for the purposes of seeking employment law / HR or health and safety advice regards your employees. If we have undertaken tribunal proceedings or early conciliation services for you then this data will be securely disposed of after a period of 6 years, regardless of whether you are a current or ex-client. If you are a current client and wish for us to retain the tribunal or early conciliation data for longer, or wish for us to provide copies to you before deletion, please let us know before the 6 year anniversary of the particular data in question.
Purpose
We collect, receive and process your personal data for the purpose of marketing our services to you on a business to business basis. We rely on the lawful grounds of legitimate interests to do so. We have ensured that our processing does not impact on your rights as a data subject under the GDPR. The marketing of our services from business to business has a benefit to our business development and has limited privacy impact on you. We are transparent about the use of your personal data and we feel you are unlikely to strongly object to the processing. However, in the event that you do object, we operate a clear opt out process in all of our communications. For existing clients, we have contractual obligations to provide newsletters and legislation updates, however all existing clients are also free to opt out at any time.
We store and process clients’ personal data and the personal data of those data subjects shared with us by clients for the purposes of being able to provide an efficient, consistent advice service and to offer legally correct advice. We also store advice records containing personal data as part of our contractual obligation with clients so you can look back at previous advice given to you. We also have a legal obligation in some circumstances where a claim has been made or is likely to be made, to store and retain the personal data and share it with official organisations such as the tribunal service or other courts or opposing legal representatives, upon request. Finally, we retain and process personal data in order to assess what advice has been given and whether any legal claim is covered by us.
International Transfers
If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, Wirehouse will ensure that the personal data is adequately protected. To achieve this, we will, unless agreed otherwise, rely on the relevant standard contractual clauses for the transfer of personal data, approved by the EC.
We currently use only one sub processer where we transfer data to the US which is “Zapier”. We have undertaken due diligence and they have certified their compliance with the EU-US Data Privacy Framework (DPF), the UK Extension, and the Swiss-US DPF as set forth by the US Department of Commerce.
You can confirm Zapier’s certification and participation via the participant list page (search for “Zapier”) on the Data Privacy Framework Program website.
If you require further information on any of this then please contact our DPO on gdpradvice@wirehouse-es.com
Your Rights as a Data Subject
You have the right to be informed which we hope we have satisfied by publishing this Privacy Notice. However, if you feel there is anything you need to know that you can’t find here, please let us know.
You can make a request to see records we hold on you. If you would like to do this, please notify us that you wish to make a Data Subject Access Request, provide verification of who you are (so that we can tackle any fraudulent request) and state specifically what information you require.
If we hold any inaccurate or out of date information about you, let us put this right. You can ask us to update your personal data at any time and we’ll endeavour to do this as soon as possible.
You also have the right to have your data erased; processing restricted to some activity only, the right to request we transfer your data to another controller and the right to object to us processing your personal data.
For any of the above requests, please email gdpradvice@wirehouse-es.com specifying what it is you’d like us to do (or not do). We will consider your request carefully and get back to you on each occasion.
We don’t use your data as part of any automated decision making or profiling.
Changes to this Privacy Notice
Our Data Protection Officer will review this Privacy Notice in line with the requirements of the GDPR and as routine, annually. The date of the last review of this Privacy Notice was 16th September 2020.
Our Website’s Use of Cookies
Connection to our website does include cookies from third party sources including Google Analytics, Kiss Metrics and WordPress for performance and statistics. These cookies can be blocked or removed by following these procedures;
For Internet explorer you would need to complete the following steps:
- Open Internet Explorer and Select Tools (Cog) in the top right corner of the browser.
- Scroll down and select Internet Options.
- Select the Privacy Tab.
- Under settings there is a slider. Drag the slider to the very top setting which will block all third party cookies and cookies that are already on the computer cannot be read by websites.
For Google Chrome you would need to complete the following steps:
- Open Chrome and select the browser menu in the top right corner of the browser (3 small dots).
- Scroll down to and select Settings.
- Scroll to the bottom of the page and select Advanced.
- Under Privacy and Security scroll down to and select Content Settings….
- Select Cookies and scroll down to Block third-party cookies and click the slider. This will block third party cookies.
To find out more information about cookies and site data follow the first 4 bullet points above and then select ‘see all cookies and site data’. Here you will be given a list of all the cookies and site data from any site you have visited. Scroll down until you find wirehouse-es.com and select this.
A list of locally stored data from the named cookies will be available. Use the drop down arrows under each of the cookies to find more information on the cookie and see the creation date and expiry date of the cookie. Unless deleted or removed, the locally stored data will remain in the browser until the expiry date has passed.
You can remove all from this menu which will remove the stored data for wirehouse-es.com or you can remove all data for all locally stored data on the previous menu by selecting remove all.
Alternatively you can follow the below for a quicker process to deleting all cookies/stored data:
- Open Chrome and select the browser menu in the top right corner of the browser (3 small dots).
- Scroll down to and select History.
- Select History again from the next available menu.
- Select Clear browsing data from the menu on the left hand side of the browser.
- Ensure you select All time from the Time range drop down menu.
- Under the clear browsing data menu use the tick box for Cookies and other site data.
- Select Clear Data.
ANNEX 1
Third party Processers
Company Name | Processing Activity | Further Details |
The Access Group | E-Learning Platform Provider | Their privacy notice can be found HERE |
Zoho | CRM system | Their privacy notice can be found HERE |
Oneflow | System used for creating commercial sales contracts | Their privacy notice can be found HERE |
Zapier | Web automation tool transferring data from one system to another | US based company who have certified their compliance with the EU-US Data Privacy Framework (DPF), the UK Extension, and the Swiss-US DPF as set forth by the US Department of Commerce.
You can confirm Zapier’s certification and participation via the participant list page (search for “Zapier”) on the Data Privacy Framework Program website.
Their privacy notice can be found HERE
|
JS Comms | Call recordings & phone system | Their privacy notice can be found HERE |
Expert Market (Marketing VF Ltd) | Where we receive our Sales & Marketing Data | Their privacy notice can be found HERE |
Chartered Developments | Sales service contacting prospects on our behalf | Their privacy notice can be found HERE |
Privacy notice last updated: 20th June 2024.