Who are we?
Our website address is: https://thevaluecircle.co.uk
This privacy statement applies to thevaluecircle LLP with registered office address at Peach House West, Nostell Estate, Nostell Wakefield, England WF4 1AB, the entities we own or control (“thevaluecircle”, “we”, “us” or “our”).
Thevaluecircle is committed to handling your information responsibly and safeguarding it using appropriate technical, administrative and physical security measures.
Who does this privacy statement apply to?
This privacy statement explains what information we gather about you, what we use it for and who we share it with. It also sets out your rights and who you can contact for more information or queries.
Please read this statement carefully and should you have any questions contact us using the details outlined in Section 11 – Right to Complain:
If you are an employee or independent contractor of thevaluecircle, please refer to the relevant privacy statement available on the thevaluecircle intranet or handbook for information on why and how your personal information is processed by thevaluecircle.
Personal data that we may collect
We may process information about you that: (i) you provide to us, (ii) that we obtain from third parties or (iii) that is publicly available. This information may include your name, age, gender, date of birth and contact details. It may also include ‘sensitive’ or ‘special categories’ of personal data, such as dietary requirements or mobility information. For a more detailed description of the information about you that we may process – Appendix 2 – Personal Data that we may collect
Why and how we collect personal information
During the course of our normal operations, we may collect and process information about you to enable thevaluecircle to:
- provide our services to you or our clients;
- to enable us to provide you with information that we think may be of interest to you; and
- to meet our legal or regulatory obligations.
For detailed list, on the various methods on how we may collect your data please see Appendix 1 – Data Collection Methods – Appendix 2 – Personal Data that we may collect
Legal grounds we use for processing personal data
We are required by law to set out in this privacy statement the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:
- you have explicitly agreed to us processing your information for a specific reason;
- the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
- the processing is necessary for compliance with a legal obligation we have or providing information to a public body or law enforcement agency; or
- the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be:
(a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed;
(b) to prevent fraud;
(c) to protect our business interests;
(d) to ensure that complaints are investigated;
(e) to evaluate, develop or improve our services or products; or
(f) to keep you or our clients informed about relevant products and services and provide you with information unless you have indicated at any time that you do not wish us to do so.
To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because:
- you have given us your explicit consent to process that data;
- we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us);
- the processing is necessary to carry out our obligations under employment, social security or social protection law;
- the processing is necessary for the establishment, exercise or defence of legal claims; or
- you have made the data manifestly public.
Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases is applicable.
How we use your personal data
We will only use your personal information when the law allows us to do so, i.e., where we have a lawful basis for processing. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we are about to enter or have entered into with you or take any steps you ask us to do, before entering into a contract with you.
- Where it is necessary to do so, to comply with any legal obligations we have, such as under money laundering laws.
- Where the processing is necessary for our legitimate interests in:
- providing advisory and/or consultancy services;
- ensuring regulatory compliance and maintaining accreditations.
- providing our clients with the best service;
- promoting our services;
- receiving feedback; and
- improving our services and identifying ways to grow our business
and/or for the legitimate purposes of our clients and or other third parties in receiving those services. We will only rely on this lawful basis where we consider that your interests and fundamental rights do not override such interests.
- Where we rely on your consent for processing this will be brought to your attention when the information is collected from you.
- You have the right to withdraw consent at any time, see the Your Rights section below for further information about how you may withdraw your consent.
- We do not rely on or require your consent for the majority of our processing.
When processing your personal information, we comply with the provisions of this privacy statement and, in respect of the provision of consultancy services we are also bound by professional obligations of confidentiality. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us via options noted in Section 11 – Right to Complain.
Who might we share your information with?
For the purposes set out in the ‘How we use your personal data’ section above, we may disclose details about you to:
- professional advisors, suppliers and sub-contractors in the course of the provision of thevaluecircle services
- competent authorities (including authorities regulating us and other members of thevaluecircle network, if applicable);
- in exceptional circumstances (e.g personal safety) your employer and/or its advisers, or your advisers;
- any other person or organisation after a restructure, sale or acquisition of any member of thevaluecircle network, as long as they use your information for the same purposes we did;
- third parties who have a right to access information through legal disclosure rules as part of litigation;
- other service providers with whom we share information who are approved by us and subject to contractual obligations designed to ensure that those providers comply with data protection legislation.
Our social media hosts various blogs, forums, and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal data that you contribute to these Social Media Applications can be read, collected and used by other users of the application. We have little or no control over these other users, so any information you contribute to these Social Media Applications might not be handled in line with this privacy statement.
thevaluecircle may share data across its network but does not sell or share user data with third parties. Thevaluecircle does not transfer personal data to any country or organisation outside the UK.
Protecting your personal data
We use a range of measures to ensure we keep your personal data secure, accurate and up to date. These include:
- education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- administrative and technical controls to restrict access to personal data to a ‘need to know’ basis;
- technological security measures, including fire walls, encryption and anti- virus software (accredited in relation to the UK Government’s Cyber Essentials security standards: and
- physical security measures, such as security passes to access our premises.
The transmission of data over the internet (including by email) is never completely secure. So, although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.
How long we keep your personal data for?
We seek to ensure that we only keep your personal data for the longest of:
- the period necessary for the relevant activity or services;
- any retention period that is required by law; or
- the period in which litigation or investigations might arise in respect of the services
If we process your personal data, you have the following rights. You can exercise these rights at any time by emailing us at email@example.com by using contact details given in Section 11 – Right to Complain. You have the right:
- Your right of access – to obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
- Your right to rectification – ask that we update the personal data that we hold about you, or correct such data if you think that it is inaccurate or incomplete;
- Your right to erasure – ask that we delete personal data we hold about you, or restrict the way that we use such personal data; withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
- Your right to restriction of processing – to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
- Your right to object to processing – ask us not to process your personal data in certain circumstances.
- Your right to data portability – ask that we transfer copies of the personal information you gave us to another organisation, or to you, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract).
If you would like to access or see a copy of your personal data, you must ask us in writing. We will endeavour to respond within a reasonable period, and in any event within one month in line with Data Protection Legislation. We will comply with our legal obligations as regards your rights as a data subject.
Right to complain
Should you have any issues, concerns or problems in relation to your data, or you wish to notify us of data which is inaccurate, you can contact us by:
- writing to Data Protection Officer. thevaluecircle Peach House West, Nostell Estate, Nostell Wakefield, England WF4 1AB; or
- sending an email to firstname.lastname@example.org
If we are unable to resolve your concerns, you have the right to complain to the Information Commissioner’s Office (ICO) which regulates and supervises the use of personal data in the UK. The ICO’s contact details are available here: https://ico.org.uk/concerns.
Changes to this Privacy Statement
We may modify or amend this privacy statement from time to time.
When we make changes to this privacy statement, we will amend the revision date at the top of this page. The modified or amended privacy statement will apply from that date. We encourage you to review this statement periodically to remain informed about how we are protecting your information.