Privacy Policy
Your personal data is key to our business so we go beyond to protect it.
Our Pledge
No Surprises
We will tell you clearly how your personal data is used in our business.
Your Partner
Your data is key to our business so we will mind it as if it was our own.
No Spam
We will always aim to send you information that is relevant to you.
The Bare Essentials
We won’t collect information that we don’t need.
When It’s No Longer Needed – It’s Gone
We won’t hold onto information that we don’t need!
Overview
Contact Details
If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us please contact:
Data Protection Officer
Org Group, 6th floor Penrose Dock 2, Alfred Street, Victorian Quarter, Cork T23 YY09
Email: privacy@orggroup.com
Our Data Protection Statement
Org Group is a professional services company which includes three distinct entities – Org, Morgan McKinley and Abtran. This Data Protection Statement describes how the Org Group entities listed below in the About Us section (referred to herein as “we”, “us”, “Our” and “Org”) collect, use, consult or otherwise process Personal Data.
This Data Protection Statement provides detailed information about our processing activities so that you understand everything you need to know about how we will use that Personal Data as part of our services.
Org Group is committed to transparency and fair processing of all Personal Data that you entrust to us. All information regarding the processing of your personal data, including your rights, what Personal Data we collect and who we share it with, is contained in this Data Protection Statement.
We only collect and process your Personal Data in accordance with the General Data Protection Regulation (“GDPR”) and relevant local data protection laws (together the “Data Protection Laws”).
For your convenience we have divided our Data Protection Statement into sections. This general section is applicable to everyone. The other sections set out specific information relating to the categories of Data Subject defined in section 3.
This Data Protection Statement was last updated on 06/10/2023.
About Us
We are a Business Solutions Consultancy. We provide advisory services and project resources to support our Clients who need support with specialised projects through our Associates and network of specialist technology business contacts.
This Data Protection Statement applies to the following Org Group companies:
- Imprint Consulting Limited t/a Org, 15 Fetter Lane, Holborn, London EC4A 1BW, United Kingdom.
- Org Group Advisory and Managed Solutions DAC 6th floor Penrose Dock 2, Alfred Street, Victorian Quarter, Cork T23 YY09.
- Org Group Advisory and Managed Solutions Pty Limited, Level 9, 383 Kent Street, Sydney NSW 2000.
- Org Group Advisory and Managed Solutions Pte Limited, #47-02 One Raffles Place Tower 1, Singapore 048616.
- Org Group Advisory and Managed Services Limited, Suite 3407, Lippo Centre, Tower II, 89 Queensway, Admiralty, Hong Kong.
References to “we”, “us” and “Org” shall apply to the Org Group company that is processing your Personal Data. The Org Group companies may work together on relevant projects as part of the services and your Personal Data will be available to each company.
We are a Business Solutions Consulting business that Advises, Resources and Delivers transformational change for organisations.
This Data Protection Statement describes how we process Personal Data in order to fulfil the objectives specified above. It includes detailed information about the types of Personal Data that we process, and how we use, manage and protect that Personal Data.
Who This Data Protection Statement Applies To
This Data Protection Statement applies to Personal Data we process in relation to:
- Associates & Partners
- Business Contacts including our Clients
- General Contacts
This Data Protection Statement applies to the Personal Data we process about the following Data Subjects:
Associates: includes any person We may identify or who engages with Us with a view to working on assignment or providing services to a Client of Org Group. References to Associates in this Data Protection Statement shall include Partners.
Partners: are a category of Associates who provide supplementary services which may include providing assurance services to Org Group and its Clients; and providing commercial and subject matter expertise with and on behalf of Org Group to secure new business opportunities, brand awareness and Client contacts for Org Group.
Business Contacts: includes clients and potential clients, suppliers, shareholders, trade, professional and membership organisations and other business contacts of Org Group.
General Contacts: includes all other individuals whose Personal Data we process that are not covered in the other sections above including:
- website users
- details of next of kin/emergency contact details
- Partner and Associate Referees
- Shareholders/investors and partners
Lawfulness of processing
This section describes the lawful basis we may use to process Personal Data.
We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing
Personal Data
When Org Group processes Personal Data any one of the following legal grounds will generally apply. Further detail about the lawful basis for our processing activities is included in the relevant sections of this Data Protection Statement.
CONTRACT
We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.
CONSENT
For certain processing activities we may rely on your consent. For example, certain marketing activity will only be undertaken if we have your consent. For Partners, this may also include featuring your biography, profile, image or relevant case studies in Org Group’s marketing collateral and/ or website for the purposes of showcasing your expertise and experience.
Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.
You can withdraw consent provided by you at any time by contacting us at privacy@orggroup.com
LEGITIMATE INTEREST
At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.?You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at privacy@orggroup.com and We will review our processing activities.
LEGAL OBLIGATION
If we have a legal obligation to process Personal Data we will process Personal Data on this legal ground.
DEFENCE OF LEGAL CLAIMS
In limited circumstances and in accordance with the law we may use Personal Data in the defence of legal claims or enforcing legal rights, such as IP rights.
ASSESSMENT OF WORKING CAPACITY
In certain circumstances, we may be required to assess the working capacity of a Partner or an Associate and we may operate under this legal ground in relation to any tests or assessments undertaken involving the processing of health data or other special category Personal Data of the Partner or Associate.
Security
We monitor for and do everything that we can to protect Personal Data and prevent security breaches.
We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.
We monitor for and do everything we can to prevent security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.
We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.
Transfers Outside The EEA
We may share Personal Data outside the EEA, however we will always ensure that this is done in compliance with the Data Protection Laws.
In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.
If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.
Disclosure of Personal Data
We may need to share your Personal Data in order to deliver Our services. We will always ensure that any transfer of Personal Data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any Personal Data that is transferred.
Personal Data is shared in certain circumstances as follows:
- between the Org Group companies identified in this Data Protection Statement for the purposes of administration, marketing and provision of our services
- to other companies in the group, including Morgan McKinley Group Limited and Premier Recruitment International UC, for the purposes of administration, marketing and provision of our services
- to business partners and sub-contractors for the performance of any contract relating to services provided for the purposes of servicing our Clients, Partners and Associates, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers
- to Clients in the case of Personal Data relating to General Contacts such as referees, next of kin/emergency contacts
- to Partners and Associates for the purposes of contacting Business Contacts
- to Partners for the purposes of assessing suitable Associates to deliver a project for a Client
- if a company in the Group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets
- if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have
- to official authorities to protect our rights, property, or safety, or those of other persons (including you)
- to payment service partners for the processing of payments to and from Org Group,
- to protect our rights, property, or safety, or that of our Clients, Partners, Associates or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection
- to providers of services to Org Group including IT consultants and hosting companies, marketing, legal and finance
- to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
- to Org Group’s insurance brokers and providers where required for administering claims
- to our email distribution partner and service providers in the case of marketing and newsletters.
More specifically, we may share Partner and Associate Personal Data as follows:
- to Clients and potential Clients of our services
- to third party representatives of our Clients
- for the purposes of third party screening and verification, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)
Retention
We will only keep Personal Data for as long as it is needed for the purpose for which it was collected.
We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.
Further information is set out in the relevant sections of this Data Protection Statement.
Your Rights
You have various rights relating to how your Personal Data is used including:
- the right of access;
- the right to rectification;
- the right of erasure;
- the right to restrict processing;
- the right of data portability;
- the right to object;
- the right not to be subject to automated decision making; and
- the right to make a complaint.
You have various rights relating to how your Personal Data is used.
Right of access to the Personal Data we hold on you
You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.
Right of rectification of Personal Data
You should let us know if there is something inaccurate in your Personal Data.
We may not always be able to change or remove that Personal Data, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Right of erasure of Personal Data (right to be forgotten)
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
- your Personal Data is no longer needed for the reason that it was collected in the first place
- you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
- there is no lawful basis for the use of your Personal Data
- deleting the Personal Data is a legal requirement
Please note that we can’t delete your Personal Data where:
- we are required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
- it is necessary for legal claims.
Right to restrict what we use your Personal Data for
You have the right to ask us to restrict what we use your Personal Data for where:
- you have identified inaccurate Personal Data, and have told us of it
- where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether
When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
Right to have your Personal Data moved to another provider (data portability)
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.
Right to object
You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.
Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.
You can make a complaint
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place. Please see “Questions or Complaints” below for further information.
Use of Third Party Websites
It is important to be careful when visiting third party websites and providing Personal Data to third parties. Org has no control over third party websites that you may access.
Websites that you access via a link on the Org Group website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them.
Cookies
Please see our Cookie Notice.
Please see Our separate Cookie Notice available at /cookies-policy for further information.
Amendments to This Personal Data Statement
We will update the date on this Data Protection Statement when we make changes to it.
We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
Questions or Complaints
Please contact us if you have any questions or concerns about how your Personal Data is being used by us.
Thank you for reading our Data Protection Statement. Please contact us at privacy@orggroup.com if you have any questions. If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached
The Supervisory Authority in Ireland may be contacted as follows:
Online Form: https://forms.dataprotection.ie/contact
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 578 684 800 or +353 761 104 800
Partners & Associates
Overview
We want to explain clearly how we process Partner and Associate Personal Data in the provision of our services.
In addition to our General – Data Protection Statement this Partner and Associate Data Protection Statement provides further information about the Personal Data we process in relation to Partners and Associates.
Please see the General – Data Protection Statement for information on:
- Contact Details
- Our Data Protection Statement
- About Us
- Who this Data Protection Statement applies to
- Lawfulness of Processing
- Security
- Transfers of Personal Data
- Disclosure of Personal Data
- Retention
- Your Rights
- Use of Third Party Websites
- Cookies
- Amendments to this Data Protection Statement
- Questions or Complaints
For information about Business Contacts click here
For information about General Contacts click here
For the purposes of this Partner and Associate – Data Protection Statement, a Partner or an Associate includes the following:
Associates: includes any person We may identify or who engages with Us with a view to working on assignment or providing services to a Client of Org Group. References to Associates in this Data Protection Statement shall include Partners.
Partners: are a category of Associates who provide supplementary services which may include providing assurance services to Org Group and its Clients; and providing commercial and subject matter expertise with and on behalf of Org Group to secure new business opportunities, brand awareness and Client contacts for Org Group.
Sources of Associate Data
We have a variety of sources of Associate Personal Data. We will only ever source Personal Data that is necessary to provide our services and in a way that would be generally expected.
We receive Personal Data about Associates from a variety of sources. Usually an Associate will register their interest with us or we will approach them through publicly available channels. We may also receive Personal Data about a Partner or an Associate when:
- the Associate applies to a position advertised on a third party jobs website;
- the Associate may be sourced from publicly accessible platforms such as LinkedIn;
- the Associate may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites;
- the Associate may be referred to us from a third party recruitment business which is a supplier to us; or
- the Associate’s nominated referees or other individuals may provide us with Personal Data relating to the Associate.
Categories of Associate Personal Data
This section describes the Personal Data that we collect about Associates. We only collect the Personal Data that we require in order to provide and deliver the services that you expect. We have described here in as much detail as possible the Personal Data that we use in order to provide our services.
The table below sets out the general categories of Personal Data that we may collect in relation to Associates.
Contact Data: may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype)
Identification data: may include a person’s name, date of birth, driver’s licence, national tax identification number and passport information
Professional data: may include profession, company, department, employment history, skills/ experience, membership of professional bodies
Education Data: may include degrees, certificates and diplomas awarded, languages, educational history, qualifications
CV Data: may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies
Financial Data: includes payment and bank details, tax information, professional fee rate expectations, Limited/Umbrella company details
Test Data: includes the Candidate tests answers and results for any application
Health Data: includes health information including information about any disability or illness.
Registration Data: includes Personal Data provided as part of an application for an assignment with Org Group. This may include Contact Data, Identification Data, Professional Data, Legal Data and Education Data. It may also include may include systems assigned identifiers, date record added, Work Finding Services Agreement (in relevant locations), Associate registration form, Associate Terms and Conditions
Application Data: may include Finance Data, Position Data, details of visa or eligibility to work, Media Data, CV Data, Legal Data.
Media Data: includes photographs, video data and recordings from any interview with the Candidate including, Contact Data, Professional Data, Education Data, Health Data, Registration Data and Communications Data.
Legal data: includes criminal record and credit checks undertaken where required as part of the application process.
Position Data: includes information on rate of pay, working hours and job description and performance of the services by the Associate.
Emergency Contact Data: may include the name and contact details provided by an Associate in case of an emergency.
Communications Data: may include Personal Data included in communications with us over email, text, phone or letter.
Marketing Data: may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Special Category Data: this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or Health Data.
Web Data: may include information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
Our Processing Activities
We can only collect your Personal Data if we have a lawful basis for doing so. Please see our General Data Protection Statement
for a description of each lawful basis.
We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.
Purpose Activity
Associate Sourcing and Relationship Management
- to facilitate engagement through the Org Group website
- to agree any contract between Org Group and the Associate for the provision of professional services to Org Group Business Contacts
- to create a record/file for the Associate on our system and to link all notes and tracking throughout the engagement process including, interview, placement, onboarding and contracting process
- to keep up to date information about Associates in relation to their requirements, in order to assess their suitability for current or future project opportunities, for example based on their previous skills and experience overall, their own statements about career aspirations, professional development, strengths and weaknesses, their level of technical experience, professional qualifications
- to maintain our Associate database
- screening and identification of Associates for assignments
- to communicate with Associates about assignments that might be of interest to them
- to receive and review Associate enquiries
- to understand current and expected day rate requirements, notice periods and availability, current and required locations to enable Associates to participate in our professional development services
- to tailor our products and services to better identify the right Associates for upcoming engagements with Org Group’s Business Contacts
- to undertake profiling for the purposes of semi-automated or manual decision making about Associates
Type of Personal Data
- Contact Data
- Identification Data
- CV/ Profile Data
- Communications Data
- Marketing Data
- Health Data
- Application Data
- Legal Data
Lawful Basis For Processing
- Legitimate interest
- Consent
- Contract
- Assessment of Working Capacity
Purpose Activity
Associate Registration
- responding to Associate queries
- receiving and reviewing Associate applications received from Associates directly
- communications with Associates re application
- setting up meetings with the Associates
- engaging with Clients in relation to the Associates. We are not responsible for the processing activities of Business Contacts once an Associate’s Personal Data has been shared. Please refer to the Privacy Statement of the relevant Business Contact
Type of Personal Data
- Contact Data
- Identification Data
- CV Data
- Communications Data
- Registration Data
Lawful Basis For Processing
- Consent
- Legitimate Interest
- Contract
Purpose Activity
Associate Meetings
- to arrange and undertake Associate meeting
- recording notes of Associate Meeting
- to communicate with the Associate following meeting
Type of Personal Data
- Contact Data
- CV Data
- Communications Data
- Media Data
Lawful Basis For Processing
- Consent
- Legitimate Interest
- Contract
Purpose Activity
Associate Registration
- responding to Associate queries
- receiving and reviewing Associate applications received from Associates directly
- communications with Associates re application
- setting up meetings with the Associates
- engaging with Clients in relation to the Associates. We are not responsible for the processing activities of Business Contacts once an Associate’s Personal Data has been shared. Please refer to the Privacy Statement of the relevant Business Contact
Type of Personal Data
- Contact Data
- Identification Data
- CV Data
- Communications Data
- Registration Data
Lawful Basis For Processing
- Consent
- Legitimate Interest
- Contract
Purpose Activity
Associate Screenings
- to identify if the Associate meets the engagement criteria and eligibility
Type of Personal Data
- Contact Data
- CV Data
- Health Data
- Test Data
- Legal Data
Lawful Basis For Processing
- Consent
- Assessment of Working Capacity
Purpose Activity
Associate Project Management
- to carry out our obligations under Client contracts
- for performance management activities
Type of Personal Data
- Contact Data
- Role Data
- Position Data
- Communications Data
Lawful Basis For Processing
- Contract
Purpose Activity
Associate Finance Activities
- to ensure day rate expectations are met
- to undertake financial audits
- to communicate professional fee arrangements between Client and Associate
- to pay referral fees
- to make an offer of professional fees to an Associate on behalf of a Business Contact in relation to a specific engagement;
- to generate placement activity on our central systems in order to invoice a Client;
- to benchmark day rate expectations for Associates with similar experience or for companies with similar vacancies;
- to undertake financial audits;
- to communicate invoice and other financial information to Associates, any third party intermediaries of Associates and Business Contacts.
Type of Personal Data
- Contact Data
- Identification Data
- Role Data
- Financial Data
Lawful Basis For Processing
- Legitimate Interest
- Contract
Purpose Activity
Associate IT Activities
- to facilitate insights into activities and develop new services
- back-up and storage of Associate data
- to make improvements and develop efficiencies in the services
Type of Personal Data
- Contact Data
- Identification Data
- Professional Data
- Education Data
- Communications Data
- Marketing Data
Lawful Basis For Processing
- Legitimate Interest
- Contract
Purpose Activity
Website Delivery
- to respond to web forms completed by you;
- to promote our products and services;
- to administer the Website;
- for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
- to ensure the safety and security of our website and our services.
Type of Personal Data
- Contact Data
- Web Data
Lawful Basis For Processing
- Consent
- Legitimate Interest
Purpose Activity
Marketings Activities
- to respond to any requests from you
- to send newsletters and other information that may be of interest
- to inform you of events or webinars that might be of interest
- to deliver and organise our conferences, seminars, events
- to develop relationships with Associates
- to tailor our products and services to better identify the right Associates and present the right opportunities at the right time and meet the Associate’s needs more effectively
- to personalise and make the marketing information sent as relevant as possible;
- to ask for your help in relation to sharing information about opportunities we may have, with your network;
- to aggregate data used as part of surveys or to produce market insights;
- to segment and distribute targeted marketing;
- to follow up with attendees of our events/webinars or to contact attendees about current or future opportunities;
- to ask for your opinion about our products or services;
- to produce aggregated models to predict trends and produce market insights.
Type of Personal Data
- Marketing Data
- Contact Data
- Web Data
Lawful Basis For Processing
- Consent
- Legitimate Interest
Purpose Activity
Legal Related Processing
- to meet equal opportunity and diversity requirements
- to meet health and safety requirements
- to capture consent/contract acceptance on paper or electronic registration forms, terms & conditions or forms;
- to comply with our legal obligations in respect of: the collection of taxes, levies, contributions; the detection of crime; labour standards; anti-bribery legislation; and industry specific legislation;
- to comply with Client requests relating to their employment practices;
- to comply with the law in certain jurisdictions;
- to fulfil contractual obligations with Clients and vendors, for example, in relation to the enforcement of intellectual property rights.
Type of Personal Data
- Contact Data
- Identification Data
- Legal Data
- Health Data
- Special Category
- Personal Data
Lawful Basis For Processing
- Consent
- Contract
- Assessment of Working Capacity
- Carrying out obligations under employment or social protection law
Retention Associate Data
Our mission is to build lasting relationships with Associates, not just for one assignment but for the purposes of building a partnership over many years.
Our aim is to build lasting relationships with our Associates and thus to contribute to long term career success and development.
So our goal is to continue to engage and interact with Associates even after they have secured a new position – for example to keep them informed of market developments, invite them to topical seminars and networking events, and to be on hand to offer advice about career planning.
We recognise that the level of engagement we have with different Associates may vary and so our retention policy is designed to reflect this.
If you have a contract with us we will generally retain your Personal Data for a period of 7 years from the date when your last deployment under that contract ceased. If we have reliably sourced your Personal Data as described in this Data Protection Statement, and in compliance with Data Protection Laws, and we have meaningful engagement with you we will retain your Personal Data for a period of two (2) years since our last contact unless you request to have your Personal Data deleted. For this purpose “meaningful engagement” shall include:
- the Associate engaging with Org Group to provide Services
- the Associate meeting one of our consultants, to register for new opportunities, or for example to update on their situation and seek professional advice or some other professional input;
- us sending an Associate’s profile (with their approval) to a Client for consideration for an assignment;
- us arranging a business meeting with the Associate or between the Associate and a Client of Org Group;
- us exchanging email correspondence or having telephone conversations with the Associate;
- the Associate interacting with us in other ways for example, clicking to open our market insights, newsletters, surveys etc.
In some circumstances it is not possible for Us to specify in advance the period for which We will retain your Personal Data. In such cases We will determine the appropriate retention period based on balancing your rights against Our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Business Contacts
Overview
We want to explain clearly how we process the Business Contact Personal Data that we hold.
In addition to our General – Data Protection Statement this Data Protection Statement for Business Contacts provides further information about the Personal Data we process in relation to Business Contacts.
Please see the General – Data Protection Statement for information on:
- Contact Details
- Our Data Protection Statement
- About Us
- Who this Data Protection Statement applies to
- Lawfulness of Processing
- Security
- Transfers of Personal Data
- Disclosure of Personal Data
- Retention
- Your Rights
- Use of Third Party Websites
- Cookies
- Amendments to this Data Protection Statement
- Questions or Complaints
For information about Associates click here
For information about General Contacts click here
For the purposes of this Business Contacts – Data Protection Statement, a Business Contact includes suppliers, partners, and other business contacts of Org Group including clients of our resourcing services (“Clients”).
Sources of Business Contact Personal Data
We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.
We will only ever source Personal Data relating to Business Contacts in a way that would be generally expected. We receive Personal Data about Business Contacts from a variety of sources, as follows:
- the Personal Data is often provided by the Business Contact or created by Org as part of the relationship;
- the Personal Data may be collected from public sources;
- the Personal Data may be collected indirectly from another person within the company of the Business Contact;
- the Personal Data may be collected through our website;
- the Personal Data may be collected indirectly from a website or from a third party.
Categories of Business Contact Personal Data
Org Group only collects the Personal Data that we require in order to ensure we can have a productive business relationship with Business Contacts.
The table below sets out the general categories of Personal Data that we collect in relation to Business Contacts:
Contact Data: may include a person’s name, email address, phone number, postal address, other communication details, including social media links (e.g. Skype, LinkedIn)
Communications Data: may include Personal Data included in communications with us over email, phone or letter.
Position Data: includes role, job title, reporting line etc
Associate Data: may include opinions or references provided about an Associate of Org Group including Client feedback about the Associate.
Client Data: may include certain Personal Data about the Client received as part of Associate feedback about the Client.
Marketing Data: may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Financial Data:
may include payment details, bank or credit card details
Our Processing Activities – Business Contacts
We want to ensure that the Personal Data is used for the purposes that you would expect.
The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.
In limited circumstances we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose.
Purpose/Activity
Managing Payments and Administration of the Contract
- to process payments to and from our business.
- to negotiate and administer the relationship with the Business Contact
- to fulfil our legal/contractual obligations
- to manage/respond to complaint/issue
- to generate placement activity on our systems for invoicing purposes
- to communicate payroll and other financial information to Clients
Types of Personal data
- Contact Data
- Communications Data
- Financial Data
- Position Data
- Client Data
- Associate Data
Lawful Process
- Contract
- Legitimate interest
- Legal Requirement
Purpose/Activity
Service Delivery Activities
- to keep in contact with the Client to discuss and review their requirements
- to inform update and discuss a Associate that may be of interest to Clients
- to organise and schedule meetings between an Associate and a Client
- to inform the Client about progression of an Associate through the engagement process, to discuss the contracts and on-boarding of an Associate
- to discuss any reference or other pre-screening information provided for an Associate
- to discuss the on-boarding of an Associate
- to consider an Associate for engagement with Org Group and its clients
- to obtain information about the performance of an Associate including the provision of references by the Client
- to understand the type of solutions (including type of Associates) required by the Client, and build up knowledge and understanding of the Client organisation and its structure
- to create a record/file for the Client on our internal systems to associate all notes and tracking throughout the engagement process, meetings held, negotiation, on-boarding and contracting process
- to send Client Contact information to Associates in relation to the interview and on-boarding process;
- to carry out our obligations under our contract with the Client.
- to manage relationship with Client
Types of Personal data
- Contact Data
- Communications Data
- Financial Data
- Associate Data
- Position Data
- Client Data
Lawful Process
- Contract
- Legitimate Interest
Purpose/Activity
Website Delivery
- to respond to web forms completed by you;
- to promote our products and services;
- to administer the Website;
- for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
- to tailor our products and services to better identify the right opportunities at the right time and meet Client needs more effectively
- to produce aggregated models to predict trends and produce market insights
- to undertake modelling to produce lead scores in order to predict which Associates our Clients are most likely to deploy
- to undertake modelling to identify improvements in efficiencies in the engagement process
- to ensure the safety and security of our website and our services.
Types of Personal data
- Contact Data
- Web Data
- Communications Data
Lawful Process
- Consent
- Legitimate Interest
Purpose/Activity
Marketing Deliveries
- to keep in contact with Clients and review requirements for professional services
- to personalise marketing communications
- to respond to any requests from you
- to send newsletters and other information that may be of interest
- to inform you of events or webinars that might be of interest
- to deliver and organise our conferences, seminars, events
- to follow up with attendees of our events/webinars; and
- to ask for opinions about our products or services.
- to aggregate data used as part of surveys or to produce market insights;
- to segment and distribute targeted marketing;
Types of Personal data
- Marketing Data
- Contact Data
- Web Data
Lawful Process
- Consent
- Legitimate Interest
Retention of Business Contact Personal Data
Our mission is to build lasting relationships with our Business Contacts.
If you have a contract with us we will generally retain your Personal Data for a period of 7 years from the date that contract was terminated. If we have reliably sourced your Personal Data as described in this Data Protection Statement, and in compliance with Data Protection Laws, and we have meaningful engagement with you we will retain your Personal Data for a period of five (5) years since our last contact unless you request to have your Personal Data deleted.
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
General Contacts
Overview
We want to explain clearly how we process the Personal Data of General Contacts which includes:
- website users
- details of next of kin/emergency contact details
- Partner and Associate referees
- Shareholders/investors and partners
In addition to our General – Data Protection Statement this Data Protection Statement for General Contacts provides further information about the Personal Data we process in relation to General Contacts.
Please see the General – Data Protection Statement for information on:
- Contact Details
- Our Data Protection Statement
- About Us
- Who this Data Protection Statement applies to
- Lawfulness of Processing
- Security
- Transfers of Personal Data
- Disclosure of Personal Data
- Retention
- Your Rights
- Use of Third Party Websites
- Cookies
- Amendments to this Data Protection Statement
- Questions or Complaints
For information about Partners and Associates click here
For information about Business Contacts click here
For the purposes of this General Contacts – Data Protection Statement, a General Contact includes:
- website users
- details of next of kin/emergency contact details
- Partner and Associate referees
- Shareholders/investors and partners
Sources of General Contact Personal Data
We source General Contact Personal Data in order to provide our services. We will only ever source Personal Data that is necessary and in a way that would be generally expected.
We will only ever source Personal Data relating to General Contacts in a way that would be generally expected. We receive Personal Data about General Contacts from a variety of sources, as follows:
- directly from the General Contact or created by Org Group as part of the relationship
- through access to and use of the Org Group Website
- from Partners and Associates in the case of next of kin/emergency contact details and referees
- from Clients in the case of next of kin/emergency contact details/referees
We only collect the Personal Data that we require in order to deliver and improve the services we provide.
The table below sets out the general categories of Personal Data that we collect in relation to General Contacts:
Contact Data: may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype, LinkedIn)
Identification Data: may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype, LinkedIn)
Communications Data: may include Personal Data included in communications with us over email, phone or letter.
Marketing Data: may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Web Data: may include information provided on any forms on our website and, to the extent that it includes Personal Data, information collected through cookies, pixel tags, and other technologies, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
Our Processing Activities – General Contacts
We want to ensure that the Personal Data is used for the purposes that you would expect
The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.
In limited circumstances we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose before processing the Personal Data.
Purpose/Activity
Use of Next of Kin/Emergency Contacts
- to communicate with the contact in the event of emergency
- to ensure the safety of our Associates
- to communicate with the Client in the event of an emergency
Types of Personal Data
- Contact Data
- Communications Data
Lawful Use
- Legitimate Interest
Purpose/Activity
Use of Referrals
- to assess the suitability of Associates
- to contact the referee
- to discuss Associate with the Business Contact
Types of Personal Data
- Contact Data
- Communications Data
Lawful Use
- Legitimate Interest
Purpose/Activity
Website Delivery
- to respond to web forms completed by you;
- to promote our products and services;
- to administer the Website;
- for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
- to ensure the safety and security of our website and our services.
Types of Personal Data
- Contact Data
- Web Data
- Marketing Data
Lawful Use
- Consent
- Legitimate Interest
Purpose/Activity
Management of Corporate Affairs
- to take minutes at board meetings
- to contact shareholders/investors
- to enter into partnerships and other commercial relations
- to undertake appropriate due diligence
Types of Personal Data
- Identification Data
- Contact Data
- Communications Data
- Financial Data
Lawful Use
- Contract
- Legitimate Interest
- Legal Obligation
Retention of General Contact Personal Data
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Our retention policy for Business Contact Personal Data is as follows:
Use of Next of Kin/Emergency Contacts: For the duration of which the Associate remains active with Org Group or the Associate updates their details (see our retention policy for Associate data for more information)
Use of Referee Contacts: For the duration of which the Associate remains active with Org Group (see our retention policy for Associate data for more information)
Website Delivery: 2 years from the date of last contact. Please see cookie notice for further information
Management of Corporate Affairs: Data is retained in line with our statutory obligations