Limelight
Menu
close
01423 206909
Menu
close

Privacy Notice.

Updated: August 2021

Thank you for visiting our web site.

This privacy notice covers our website, limelighthr.co.uk. We describe here the data we collect from you when you use our sites, together with the personal data we process when you contact us with a general enquiry or when we are working with you as a client.

These are our reasons for collecting it, what we do with it and what your rights are.

Who are we?

I am Sally Bendtson, an HR consultant providing consultancy services to UK businesses and trading as Limelight HR Ltd.

You can contact me on 01423 206 909, or email me at [email protected].

We are the data controller for this processing and are registered with the Information Commissioner’s Office (ICO). Our registration number is ZB286592.

Where we are providing our services to your organisation we will be acting as a Data Processor when processing HR related personal data on your organisation’s behalf. Any questions you have regarding the processing of those data should be directed to your organisation who will be the Data Controller in that instance.

Purpose of processing

We process your personal data:

  • to respond to your enquiry,
  • to market our services to your organisation,
  • to manage our relationship with your organisation once you become a client
  • to provide a recruitment service to our clients

Lawful Basis of processing

We must tell you what our lawful basis is for processing your personal data under UK data protection legislation. These are our lawful bases for the purposes described above.

PurposeLawful basis
Responding to your enquiryOur legitimate interest in responding to your enquiry
Marketing our services to your organisationOur legitimate interest in direct marketing to your organisation, or your consent when you sign up to our mailing list
Managing our relationship with your organisationOur legitimate interest in managing our contract with your organisation
Engaging with you on social mediaOur legitimate interest in managing our engagement and responding to enquiries on social media
Recruitment on behalf of our clientsYour consent when you are a candidate, and our legitimate interests in managing client contracts if you are successfully placed in employment

Where we are relying on your consent for marketing activity you are free to withdraw that consent at any time, and where we are relying on our legitimate interests you are free to object to that at any time. In either case we will ensure that we cease to market our services to you should you withdraw your consent or object to our legitimate interests for marketing.

Where we are relying on your consent for our recruitment activity you are free to withdraw that consent at any time and we will, if you wish, then delete the data we have collected from you.

What personal data do we collect?

We aim to collect the minimum amount of personal data necessary to fulfil the purposes detailed above.

When you send us an enquiry, or we are marketing to your organisation or when you sign up for our mailing list we will collect:

  • Your name
  • Your email address
  • Your telephone number
  • Your organisation name
  • Your job title

When we are managing our relationship with your organisation as a client of ours we will also collect and process:

  • Contact history with you
  • Documents relating to our service provision
  • Finance details (invoices, payments etc.)

When we are engaging with you no social media we will be collecting and processing:

  • Your social media profile details

When we are recruiting on behalf of a client

  • Your basic contact details
  • Your date of birth
  • Sex
  • Your medical or health information including whether or not you have a disability to ensure that your potential employer is aware of any required reasonable adjustments
  • Your education and employment history
  • Your membership of professional bodies
  • Documentation relating to your right to work in the UK
  • Any requirements you have in relation to a potential employer, including desired salary

Special category data

There are additional rules we must follow if we collect certain types of more sensitive data, known as Special Category Data. These include details of your ethnicity, beliefs, health and sexuality. We do not collect any special category data about you as a Data Controller unless we are recruiting on behalf of a client, we may be instructed to do so as a Data Processor on behalf of your organisation.

Where we are recruiting on behalf of a client and we are processing special category data (for instance health data to advise of reasonable adjustments) then we will process those data with your explicit consent.

Do we ever share personal data?

We will share your data if required to do so by a legitimate law enforcement agency.

When you submit your personal data online your data is held by our partner who hosts our website.

If you consent to the use of analytics and tracking cookies from our website we will share data with those cookie providers (see below).

If we are communicating with you via email or social media channels we will be sharing your personal data with those email and social media providers.

We also utilise external suppliers to provide business support services. We always ensure that we have appropriate contracts in place to protect your rights when personal data are processed on our behalf by these third parties. Please see the “Where Do We Process Data” section for more information.

When recruiting on behalf of a client we will share your data with them once we have your consent to do so.

How do we keep your data secure?

We take sensible steps to keep your data secure:

  • We use password protection systems,
  • We use up to date, secure software,
  • We use multi factor authentication where available,
  • All data sent between your browser and our website is encrypted in transit,
  • We maintain appropriate records of processing activities which record any data processors we use and we ensure that appropriate contracts are in place to protect your rights, that the processors take appropriate security measures to safeguard your data, and that any international transfers are done correctly under UK data protection laws,
  • Our employees are all subject to an obligation of confidentiality, and receive training on data protection matters.

Your Rights

You have a number of rights relating to the processing of your data, if you would like to use them or have any questions then please contact us.

We won’t charge you for doing any of the following, however we may make a charge in the case of frequent repeat or unfounded requests:

  • Awareness: You have the right to be fully informed about why and how we process your information. This privacy notice is intended to meet that requirement, but please do contact us if you have any questions,
  • Access: You have the right to a copy of the data we hold about you
  • Rectification: If you think some of the data we hold is wrong then you have the right to ask us to correct it,
  • Erasure: You have the right to ask us to delete the data we hold about you. Where we are holding the data to fulfil a contract with you then we will need to retain the data in accordance with the data retention requirements shown below,
  • Restriction: You have the right to ask us to restrict the processing of personal data whilst we check its accuracy, if you think the processing is unlawful, if you believe we no longer need to process the data but you need us to store it due to pending legal claims, or when you object to our processing based upon our legitimate interests and we are assessing the validity of that,
  • Object: Where we are processing your personal data based upon our legitimate interests you have the right to object to that. If your objection is valid (for instance in the case of any direct marketing activity) then we will stop processing your personal data for that purpose,
  • Data portability: You can request a copy of your data in a digital format which you can then supply to another provider when we ae processing your personal data under the lawful basis of performing a contract with you or because we have your consent,
  • Automated decisions and profiling: You have the right, in certain circumstances, not to be subject to decisions based on automated processing (including profiling) if it has a significant or legal impact on you. This doesn’t apply if the processing is necessary to fulfil a contract with you, or if you have given us your consent to do so. We do not currently use any technology to make automated decisions about you.

How long do we keep your data for?

Where we are relying on your consent or our legitimate interests to process your data then we will keep your personal data until you withdraw your consent for us to use it, or object to our legitimate interests and we uphold your objection.

If we don’t hear from you then we will retain your personal data for a maximum period of 7 years.

If we are processing your personal data whilst recruiting for one of our clients we will retain your personal data for a maximum period of 7 years if you are successful in gaining employment with our client, and for a maximum period of 1 year if you are not. If you are not successfully placed with a client we may contact you to request your consent to retain your data for longer if we believe that we may have future opportunities. You are free to revoke your consent at any time.

Cookies – How do we use cookies on our website

We utilise cookies on our website. Some are required for our site to work, these are known as essential cookies, and we also use others for analytics and marketing purposes.

We will ask for your consent to use any cookies which aren’t essential, and we won’t deploy any non-essential cookies without your consent. You can find out more detailed information in our cookie policy.

These are cookies we use:

Google Analytics, set by Google
Addthis, set by Clearspring for marketing purposes
Squarespace Analytics, set by Squarespace
Squarespace, Visitor data

Analytics

This website collects personal data to power our site analytics, including:

  • Information about your browser, network, and device
  • Web pages you visited prior to coming to this website
  • Your IP address

This information may also include details about your use of this website, including:

  • Clicks
  • Internal links
  • Pages visited
  • Scrolling
  • Searches
  • Timestamps

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

Fonts

This website uses font files from Google Fonts and Adobe Fonts. To properly display this site to you, servers where the font files are stored may receive personal information about you, including:

Information about your browser, network, or device

Your IP address

Visitor data

This website is hosted by Squarespace.

Squarespace collects personal data when you visit this website, including:

  • Information about your browser, network and device
  • Web pages you visited prior to coming to this website
  • Your IP address

Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalized form.

Google Analytics cookies

Google Analytics is a website monitoring tool that allows users to see volumes of website visitors, their source, and to analyse how the content of their website is viewed and navigated. This in turn allows optimisation of the content and pages on our website and the marketing programmes that drive traffic to the website. Google Analytics does not store any personal information about website visitors, but does use persistent cookies to identify repeat visitors.

You may universally opt-out of all Google Analytics tracking used by all websites by visiting the following url – https://tools.google.com/dlpage/gaoptout

What happens when I follow links to other sites?

If you follow a link from our site to another site then you should read the privacy notice on the other site prior to providing your data to them.

Where do we process data?

We primarily process data in the UK.

Our web hosting providers, Squarespace, process data in the USA using Standard Contractual Clauses to ensure that your rights are protected.

We use some other software tools and partners to help us deliver our services, some of these services will mean that your personal data are transferred outside of the UK and EU. We always ensure that appropriate protections are in place to safeguard your rights, as detailed below:

  • Google Docs – hosted in the USA using Standard Contractual Clauses,
  • Microsoft Office 365 – hosted in the USA using Standard Contractual Clauses,
  • Xero – hosted in New Zealand, who are deemed an adequate nation for data protection by the UK regulator,
  • Calendly - hosted in the USA using Standard Contractual Clauses,
  • Dubsado - hosted in the USA using Standard Contractual Clauses,
  • Hireful – hosted in the UK,
  • BreatheHR – hosted in the EEA in nations deemed adequate for data protection by the UK regulator.

Making a complaint

Please contact us at the above address. You can also contact the Information Commissioner’s Office (ICO) on their helpline 0303 123 1113 or online at www.ico.org.uk. If you should contact the ICO they will normally ask you to contact us first.

Changes to this privacy notice

We may occasionally make changes to this privacy notice. Following any changes, the date at the top of this privacy policy will be updated. If any change allows for wider access to data, such changes will only apply to data collected after the date of the updated privacy policy.

Contact information

If you have any questions, concerns, or comments about our Privacy notice, or if you want to know more what information we have collected about you, please email us via our online Contact form.

You can also correct any factual errors in that information or require us to remove your details form any list under our control.

Contact Us