At Elevate, we are committed to protecting and respecting your privacy. This Privacy Notice explains when and why we collect personal information about people who visit our Website or who use our Platform, what we collect, how we use it, the conditions under which we may disclose it to others and how we keep it secure. We may change this Privacy Notice from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our Website www.elevatedirect.com and/or our Platform or any of our mobile or desktop app offerings, you are agreeing to this Privacy Notice. Any questions regarding this Privacy Notice and our privacy practices should be sent by email to firstname.lastname@example.org or in writing to our Data Protection Compliance Office at 63/66 Hatton Garden | Fifth Floor Suite 23 | London | EC1N 8LE
In this Privacy Notice, Data Protection Legislation means all applicable law relating to the processing of personal data including the Data Protection Act 2018 (“DPA”), the General Data Protection Regulation 2016/679 (“GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) and any statutory instrument, order rule or regulation made, as amended, extended, re-enacted or consolidated from time to time and any successor legislation to the GDPR, PECR and DPA. The terms “Personal Data”, “Sensitive Personal Data”, “Data Controller”, “Data Processor”, Data Subject and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the applicable Data Protection Legislation.
Who are we?
Elevate Platform Ltd is a company registered in England and Wales under company number 7252700 with principal office address at. 63/66 Hatton Garden | Fifth Floor Suite 23 | London | EC1N 8LE. Our business is to facilitate the connection of job seekers (candidates) with potential employers (“Resource Seekers”) via an online platform (“Platform”).
How do we collect information from you?
You can visit our Website without telling us who you are or giving us any personally identifiable information. We do not capture and store any Personal Data, except where You voluntarily choose to give Us Your personal details via email, by using an electronic form, or by registering with and using our Platform. We may collect Personal Data if you complete a survey that we have sent to you for research purposes – you are not obliged to complete such surveys. Any Personal Data that you provide to us will be used for providing you with the information or services you have requested from us.
What type of information is collected from you?
The Personal Data we collect might include your name, address, email address, your curriculum vitae, your profile information, IP address, and information regarding what pages are accessed and when. This includes information provided at the time of registering to use our Platform, subscribing to our Services, posting material or requesting further services from us. We may also ask you for information when you report a problem with our Website and/or our Platform. From time to time you may be asked for further information from a Resource Seeker in order to validate your identity and right to work in the United Kingdom (“Identity Documentation”) and you may, if you are willing to do so, upload your Identity Documentation to the Platform. In such event, the Resource Seeker is acting as Data Controller and We are the Data Processor. We may also collect details of transactions you carry out through our Platform (to include but not limited to the time sheet function). Unless you have agreed to provide Identity Documentation as referred to above, We do not collect or store any Sensitive Personal Data about ethnicity, political opinion, religious or other beliefs, trade union membership, health, sexuality, criminal proceedings/convictions. It is important that the Personal Data that we store is relevant and up-to-date. To maintain it, we ask that you notify us of any changes to data that you have provided us with in the past, or if you become aware of anything inaccurate.
Information that we may collect from other sources
We may gather information about You from publicly available sources such as job boards and networking platforms that You have registered with (“Third Party Source”). All data sourced in this manner will be minimised and only processed to the extent that You consented to (when You initially registered with the Third Party Source) and/or where we have a legitimate interest. We shall, at all times, comply with the terms and conditions of the applicable Third Party Source.
Our lawful basis of processing – legitimate interests
We may process Personal Data for a Legitimate Interest in order to provide you with the business service and products that you receive from us or with your express Consent (both as defined in applicable Data Protection Legislation). Our Legitimate Interests for the processing and retention of Personal Data includes:
- Connecting potential candidates for Resource Seeker employment opportunities
- The delivery of services to you, including your use of our Platform
- Exercising and enforcing our rights after the conclusion of any contract we have had with you
- Circumstances where it is appropriate as part of our business relationship (for example, keeping client contact details in order to file work produced for potential future reference)
- Recording your request not to receive direct marketing
- Connecting potential candidates for Resource Seeker employment opportunities;
Our primary interest in processing Personal Data is for the performance and administration of the services you ask us to provide for you, the proper tracking of requests made by you, the services we complete for you, prompt communication between us and the provision of support.
Our lawful basis of processing – consent
We will only request your explicit consent when we have deemed that it is the most appropriate lawful basis for processing your data. Where we do make requests for your consent, we will do so in such a way as to make the request prominent and kept separate from our terms and conditions. Once you have given consent, we will keep a record of when and how you gave consent, including exactly what you were told at the time. We regularly review consent to check that our relationship, the way we use your data and the reasons for using it have not changed. If there has been a change to any of these factors, we will contact you to inform you of any changes and request your consent. We may contact you to request renewal of your consent from time to time, if we feel this is appropriate. You can withdraw your consent at any time by contacting us at email@example.com. We will always act upon requests to withdraw consent as soon as possible within our business hours.
How is your information used?
We use information held about you in the following ways:
- To provide any information held by us to prospective Resource Seekers to enable them to process your interest in prospective employment vacancies. Such Resource Seekers shall have access to any Personal Data that you add to the Platform and any updating process to enable them to take such decisions as to suitability and any resultant employment contract as may be necessary.
- To match you with appropriate employment vacancies based on the skills and experiences you have provided to us.
- To provide you with information or services that you request from us, or which we feel may interest you.
- To carry out our obligations arising from any arrangement entered into between you and a Resource Seeker including, if applicable, processing your Personal Data for payroll purposes.
- To allow you to participate in interactive features of our service when you choose to do so.
- To notify you about changes to our service.
We may analyse your Personal Data to create a profile of your interests and preferences so that we can contact you with information relevant to your job seeking. To ensure that content from our Website and/or Platform is presented in the most effective manner for you and for your computer.
Non-personal Information Collected Automatically
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our users or Resource Seekers (if applicable). This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
We are committed to ensuring that Your Personal Data is secure and comply fully with all applicable Data Protection Legislation. In order to prevent unauthorised access, use or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Our security technologies and procedures are regularly reviewed to ensure that they are up to date and effective. Security measure shall, amongst other things, include:
- the pseudonymisation and encryption of personal data
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
- the ability to restore the availability and access to personal data in a timely manner in the event of physical or technical incident
- processes for regularly testing, assessing and evaluating the effectiveness of technical and organisations measures to ensure the security of the processing
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Full details of our IT security measures are available upon request.
Who has access to your information?
We do not pass any of your Personal Data to outside organizations and/or individuals, except those that assist us in providing the services to you and then only to the extent necessary. Organisations who may have access to your Personal Data are Resource Seekers, Resource Seeker outsourcing providers and payroll providers and we have in place appropriate contracts with all those with whom we share your Personal Data. Other than as stated above, we will not disclose, sell, distribute or lease your Personal Data to third parties unless we have your permission or are required by law to do so.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Third Party Processing
Where Personal Data is processed by a third party on our behalf, we will have a contract in place to govern that relationship in accordance with Data Protection Legislation. We will remain responsible for the protection and safe processing of your data, even if we use a third party to help us process it. We will only give access to your Personal Data to a third party for them to support us in delivering our services to you (as under our Legitimate Interests, described above), or if we are required to by law. We currently use Amazon Web Services as our hosting provider.
When reading this policy, it might be helpful to understand that your rights arising under Data Protection Legislation include:
- The right to be informed of how your Personal Data is used (in part, through the notices found in this policy)
- The right to access any Personal Data held about you
- The right to rectify any inaccurate or incomplete Personal Data held about you
- The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent
- The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building
- The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted
Our Data Protection Lead is Michael Delaney. All queries, requests to exercise a right, or complaints regarding your Personal Data should be forwarded to them at firstname.lastname@example.org If you believe that Elevate has failed to comply with its duties under Data Protection Legislation you also have the option to lodge a complaint with the Information Commissioner’s Office by visiting https://ico.org.uk/concerns/ or calling 0303 123 1113. You can change your marketing preferences at any time by contacting us by email at email@example.com.
How you can access and update your information
We will keep data long enough as is necessary to fulfil any contract we may have with you, but also to meet our legal obligations. In retaining data we will strike a balance between:
- Retaining data long enough to:
- Undertake any remedial work for you
- Provide any information required by a regulator, HMRC or other law enforcement agency
- Defend any legal action which may be made against us
And not keeping data longer than the applicable Data Protection Legislation allows.
We have in place ongoing systems which destroy or delete data which is no longer required. Where possible we will put in place automatic systems to delete electronic data which is no longer required.
You have the right to request the erasure of your Personal Data where:
- The original purpose for which it was collected has expired
- You have withdrawn consent for its processing
- Your data has been processed unlawfully
- Erasure is required to comply with a legal obligation
Legitimate Interests will only be used as the foundation for our continued processing while the processing of your Personal Data does not pose a greater threat to you than the likely benefit to be gained. In this policy, we refer to the assessment we conduct to determine this as “Balancing”.
Where we are obliged, by law, to retain and/or process your data, we will not carry out a Balancing assessment and instead rely upon Art 6, s1(c) of the GDPR. Where required to retain data for legitimate audit and compliance interests we will anonymise any personal data that we retain. The anonymisation will not provide a route for personal data to be reconstituted. The data will be retained on a log to allow for analysis of services where required. If at a point in the future all data can be deleted it will be.
Links to other websites
Our Website may contain links to other websites run by other organisations. This Privacy Notice applies only to our Website and Platform‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our Website. In addition, if you linked to our Website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the Privacy Notice of that third party site.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with Personal Data.
Transferring your information outside of Europe
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with Personal Data. Transferring your information outside of Europe As part of the services offered to you through our Website and Platform, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Notice. Such steps shall be in accordance with the applicable Data Protection Legislation.
Where transfer does occur outside the EEA we will ensure that:
- There has been a European Community finding of adequacy pursuant to the GDPR in respect of that country or territory
- The transfer is to the United States to an entity that conforms with the US Department of Commerce’s Privacy Shield principles
- We put in place Model Contracts with the third party in accordance with the GDPR
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services. Elevate will always act in accordance with Data Protection Legislation in the event that a Personal Data Breach occurs. If a Personal Data Breach is very small or has very limited effect, we may not notify you. All but the most trivial breaches will be notified to the Information Commissioner’s Office. Every breach will be followed by an investigation recording the details of that breach. These details, including our actions, will be held indefinitely and can be requested by you. If your personal data has been accessed in a Personal Data Breach that we believe represents material risk to you or to someone else, we will contact you without undue delay to provide you with details of the breach, including any specific information you might require in order to mitigate any harm to you. If you would like to find out more about Breach Notifications, please see our Breach Notification Policy, available by request from our Data Protection Compliance Manager at firstname.lastname@example.org
Review of this Privacy Notice
We keep this Privacy Notice under regular review. This Privacy Notice was last updated in March 2020.