Privacy Policy

Your personal data is key to our business so we go beyond to protect it.

Our Pledge

No Surprises

We will tell you clearly how your personal data is used in our business.

Your Partner

Your data is key to our business so we will mind it as if it was our own.

No Spam

We will always aim to send you information that is relevant to you.

The Bare Essentials

We won’t collect information that we don’t need.

When It’s No Longer Needed – It’s Gone

We won’t hold onto information that we don’t need!

Overview

Contact Details

If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us please contact:

Data Protection Officer
Org Group, 6th floor Penrose Dock 2, Alfred Street, Victorian Quarter, Cork T23 YY09

Email: privacy@orggroup.com

Our Data Protection Statement

Org Group is a professional services company which includes three distinct entities – Org, Morgan McKinley and Abtran. This Data Protection Statement describes how the Org Group entities listed below in the About Us section (referred to herein as “we”, “us”, “Our” and “Org”) collect, use, consult or otherwise process Personal Data.

This Data Protection Statement provides detailed information about our processing activities so that you understand everything you need to know about how we will use that Personal Data as part of our services.

Org Group is committed to transparency and fair processing of all Personal Data that you entrust to us. All information regarding the processing of your personal data, including your rights, what Personal Data we collect and who we share it with, is contained in this Data Protection Statement.

We only collect and process your Personal Data in accordance with the General Data Protection Regulation (“GDPR”) and relevant local data protection laws (together the “Data Protection Laws”).
For your convenience we have divided our Data Protection Statement into sections. This general section is applicable to everyone. The other sections set out specific information relating to the categories of Data Subject defined in section 3.

This Data Protection Statement was last updated on 06/10/2023.

About Us

We are a Business Solutions Consultancy. We provide advisory services and project resources to support our Clients who need support with specialised projects through our Associates and network of specialist technology business contacts.

This Data Protection Statement applies to the following Org Group companies:

Imprint Consulting Limited t/a Org, 15 Fetter Lane, Holborn, London EC4A 1BW, United Kingdom.
Org Group Advisory and Managed Solutions DAC 6th floor Penrose Dock 2, Alfred Street, Victorian Quarter, Cork T23 YY09.
Org Group Advisory and Managed Solutions Pty Limited, Level 9, 383 Kent Street, Sydney NSW 2000.
Org Group Advisory and Managed Solutions Pte Limited, #47-02 One Raffles Place Tower 1, Singapore 048616.
Org Group Advisory and Managed Services Limited, Suite 3407, Lippo Centre, Tower II, 89 Queensway, Admiralty, Hong Kong.

References to “we”, “us” and “Org” shall apply to the Org Group company that is processing your Personal Data. The Org Group companies may work together on relevant projects as part of the services and your Personal Data will be available to each company.

We are a Business Solutions Consulting business that Advises, Resources and Delivers transformational change for organisations.

This Data Protection Statement describes how we process Personal Data in order to fulfil the objectives specified above. It includes detailed information about the types of Personal Data that we process, and how we use, manage and protect that Personal Data.

Who This Data Protection Statement Applies To

This Data Protection Statement applies to Personal Data we process in relation to:

Associates & Partners
Business Contacts including our Clients
General Contacts

This Data Protection Statement applies to the Personal Data we process about the following Data Subjects:

Associates: includes any person We may identify or who engages with Us with a view to working on assignment or providing services to a Client of Org Group. References to Associates in this Data Protection Statement shall include Partners.

Partners: are a category of Associates who provide supplementary services which may include providing assurance services to Org Group and its Clients; and providing commercial and subject matter expertise with and on behalf of Org Group to secure new business opportunities, brand awareness and Client contacts for Org Group.

Business Contacts: includes clients and potential clients, suppliers, shareholders, trade, professional and membership organisations and other business contacts of Org Group.

General Contacts: includes all other individuals whose Personal Data we process that are not covered in the other sections above including:

website users
details of next of kin/emergency contact details
Partner and Associate Referees
Shareholders/investors and partners

Lawfulness of processing

This section describes the lawful basis we may use to process Personal Data.

We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing

Personal Data

When Org Group processes Personal Data any one of the following legal grounds will generally apply. Further detail about the lawful basis for our processing activities is included in the relevant sections of this Data Protection Statement.

CONTRACT

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.

CONSENT

For certain processing activities we may rely on your consent. For example, certain marketing activity will only be undertaken if we have your consent. For Partners, this may also include featuring your biography, profile, image or relevant case studies in Org Group’s marketing collateral and/ or website for the purposes of showcasing your expertise and experience.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at privacy@orggroup.com

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.?You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at privacy@orggroup.com and We will review our processing activities.

LEGAL OBLIGATION

If we have a legal obligation to process Personal Data we will process Personal Data on this legal ground.

DEFENCE OF LEGAL CLAIMS

In limited circumstances and in accordance with the law we may use Personal Data in the defence of legal claims or enforcing legal rights, such as IP rights.

ASSESSMENT OF WORKING CAPACITY

In certain circumstances, we may be required to assess the working capacity of a Partner or an Associate and we may operate under this legal ground in relation to any tests or assessments undertaken involving the processing of health data or other special category Personal Data of the Partner or Associate.

Security

We monitor for and do everything that we can to protect Personal Data and prevent security breaches.

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

Transfers Outside The EEA

We may share Personal Data outside the EEA, however we will always ensure that this is done in compliance with the Data Protection Laws.

In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

Disclosure of Personal Data

We may need to share your Personal Data in order to deliver Our services. We will always ensure that any transfer of Personal Data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any Personal Data that is transferred.

Personal Data is shared in certain circumstances as follows:

between the Org Group companies identified in this Data Protection Statement for the purposes of administration, marketing and provision of our services
to other companies in the group, including Morgan McKinley Group Limited and Premier Recruitment International UC, for the purposes of administration, marketing and provision of our services
to business partners and sub-contractors for the performance of any contract relating to services provided for the purposes of servicing our Clients, Partners and Associates, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers
to Clients in the case of Personal Data relating to General Contacts such as referees, next of kin/emergency contacts
to Partners and Associates for the purposes of contacting Business Contacts
to Partners for the purposes of assessing suitable Associates to deliver a project for a Client
if a company in the Group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets
if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have
to official authorities to protect our rights, property, or safety, or those of other persons (including you)
to payment service partners for the processing of payments to and from Org Group,
to protect our rights, property, or safety, or that of our Clients, Partners, Associates or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection
to providers of services to Org Group including IT consultants and hosting companies, marketing, legal and finance
to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
to Org Group’s insurance brokers and providers where required for administering claims
to our email distribution partner and service providers in the case of marketing and newsletters.

More specifically, we may share Partner and Associate Personal Data as follows:

to Clients and potential Clients of our services
to third party representatives of our Clients
for the purposes of third party screening and verification, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)

Retention

We will only keep Personal Data for as long as it is needed for the purpose for which it was collected.

We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.

Further information is set out in the relevant sections of this Data Protection Statement.

Your Rights

You have various rights relating to how your Personal Data is used including:

the right of access;
the right to rectification;
the right of erasure;
the right to restrict processing;
the right of data portability;
the right to object;
the right not to be subject to automated decision making; and
the right to make a complaint.

You have various rights relating to how your Personal Data is used.

Right of access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

Right of erasure of Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where:

your Personal Data is no longer needed for the reason that it was collected in the first place
you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
there is no lawful basis for the use of your Personal Data
deleting the Personal Data is a legal requirement

Please note that we can’t delete your Personal Data where:

we are required to have it by law
it is used for freedom of expression
it is used for public health purposes
it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
it is necessary for legal claims.

Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

you have identified inaccurate Personal Data, and have told us of it
where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place. Please see “Questions or Complaints” below for further information.

Use of Third Party Websites

It is important to be careful when visiting third party websites and providing Personal Data to third parties. Org has no control over third party websites that you may access.

Websites that you access via a link on the Org Group website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them.

Cookies

Please see our Cookie Notice.

Please see Our separate Cookie Notice available at /cookies-policy for further information.

Amendments to This Personal Data Statement

We will update the date on this Data Protection Statement when we make changes to it.

We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

Questions or Complaints

Please contact us if you have any questions or concerns about how your Personal Data is being used by us.

Thank you for reading our Data Protection Statement. Please contact us at privacy@orggroup.com if you have any questions. If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached

The Supervisory Authority in Ireland may be contacted as follows:

Online Form: https://forms.dataprotection.ie/contact

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Tel: +353 578 684 800 or +353 761 104 800

Partners & Associates

Overview

We want to explain clearly how we process Partner and Associate Personal Data in the provision of our services.

In addition to our General – Data Protection Statement this Partner and Associate Data Protection Statement provides further information about the Personal Data we process in relation to Partners and Associates.

Please see the General – Data Protection Statement for information on:

For information about Business Contacts click here

For information about General Contacts click here

For the purposes of this Partner and Associate – Data Protection Statement, a Partner or an Associate includes the following:

Sources of Associate Data

We have a variety of sources of Associate Personal Data. We will only ever source Personal Data that is necessary to provide our services and in a way that would be generally expected.

We receive Personal Data about Associates from a variety of sources. Usually an Associate will register their interest with us or we will approach them through publicly available channels. We may also receive Personal Data about a Partner or an Associate when:

the Associate applies to a position advertised on a third party jobs website;
the Associate may be sourced from publicly accessible platforms such as LinkedIn;
the Associate may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites;
the Associate may be referred to us from a third party recruitment business which is a supplier to us; or
the Associate’s nominated referees or other individuals may provide us with Personal Data relating to the Associate.

Categories of Associate Personal Data

This section describes the Personal Data that we collect about Associates. We only collect the Personal Data that we require in order to provide and deliver the services that you expect. We have described here in as much detail as possible the Personal Data that we use in order to provide our services.

The table below sets out the general categories of Personal Data that we may collect in relation to Associates.

Contact Data: may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype)

Identification data: may include a person’s name, date of birth, driver’s licence, national tax identification number and passport information

Professional data: may include profession, company, department, employment history, skills/ experience, membership of professional bodies

Education Data: may include degrees, certificates and diplomas awarded, languages, educational history, qualifications

CV Data: may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies

Financial Data: includes payment and bank details, tax information, professional fee rate expectations, Limited/Umbrella company details

Test Data: includes the Candidate tests answers and results for any application

Health Data: includes health information including information about any disability or illness.

Registration Data: includes Personal Data provided as part of an application for an assignment with Org Group. This may include Contact Data, Identification Data, Professional Data, Legal Data and Education Data. It may also include may include systems assigned identifiers, date record added, Work Finding Services Agreement (in relevant locations), Associate registration form, Associate Terms and Conditions

Application Data: may include Finance Data, Position Data, details of visa or eligibility to work, Media Data, CV Data, Legal Data.

Media Data: includes photographs, video data and recordings from any interview with the Candidate including, Contact Data, Professional Data, Education Data, Health Data, Registration Data and Communications Data.

Legal data: includes criminal record and credit checks undertaken where required as part of the application process.

Position Data: includes information on rate of pay, working hours and job description and performance of the services by the Associate.

Emergency Contact Data: may include the name and contact details provided by an Associate in case of an emergency.

Communications Data: may include Personal Data included in communications with us over email, text, phone or letter.

Marketing Data: may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.

Special Category Data: this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or Health Data.

Web Data: may include information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

Our Processing Activities

We can only collect your Personal Data if we have a lawful basis for doing so. Please see our General Data Protection Statement

for a description of each lawful basis.

We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.

Purpose Activity

Associate Sourcing and Relationship Management

to facilitate engagement through the Org Group website
to agree any contract between Org Group and the Associate for the provision of professional services to Org Group Business Contacts
to create a record/file for the Associate on our system and to link all notes and tracking throughout the engagement process including, interview, placement, onboarding and contracting process
to keep up to date information about Associates in relation to their requirements, in order to assess their suitability for current or future project opportunities, for example based on their previous skills and experience overall, their own statements about career aspirations, professional development, strengths and weaknesses, their level of technical experience, professional qualifications
to maintain our Associate database
screening and identification of Associates for assignments
to communicate with Associates about assignments that might be of interest to them
to receive and review Associate enquiries
to understand current and expected day rate requirements, notice periods and availability, current and required locations to enable Associates to participate in our professional development services
to tailor our products and services to better identify the right Associates for upcoming engagements with Org Group’s Business Contacts
to undertake profiling for the purposes of semi-automated or manual decision making about Associates

Type of Personal Data

Contact Data
Identification Data
CV/ Profile Data
Communications Data
Marketing Data
Health Data
Application Data
Legal Data

Lawful Basis For Processing

Legitimate interest
Consent
Contract
Assessment of Working Capacity

Purpose Activity

Associate Registration

responding to Associate queries
receiving and reviewing Associate applications received from Associates directly
communications with Associates re application
setting up meetings with the Associates
engaging with Clients in relation to the Associates. We are not responsible for the processing activities of Business Contacts once an Associate’s Personal Data has been shared. Please refer to the Privacy Statement of the relevant Business Contact

Type of Personal Data

Contact Data
Identification Data
CV Data
Communications Data
Registration Data

Lawful Basis For Processing

Consent
Legitimate Interest
Contract

Purpose Activity

Associate Meetings

to arrange and undertake Associate meeting
recording notes of Associate Meeting
to communicate with the Associate following meeting

Type of Personal Data

Contact Data
CV Data
Communications Data
Media Data

Lawful Basis For Processing

Consent
Legitimate Interest
Contract

Purpose Activity

Associate Registration

responding to Associate queries
receiving and reviewing Associate applications received from Associates directly
communications with Associates re application
setting up meetings with the Associates
engaging with Clients in relation to the Associates. We are not responsible for the processing activities of Business Contacts once an Associate’s Personal Data has been shared. Please refer to the Privacy Statement of the relevant Business Contact

Type of Personal Data

Contact Data
Identification Data
CV Data
Communications Data
Registration Data

Lawful Basis For Processing

Consent
Legitimate Interest
Contract

Purpose Activity

Associate Screenings

to identify if the Associate meets the engagement criteria and eligibility

Type of Personal Data

Contact Data
CV Data
Health Data
Test Data
Legal Data

Lawful Basis For Processing

Consent
Assessment of Working Capacity

Purpose Activity

Associate Project Management

to carry out our obligations under Client contracts
for performance management activities

Type of Personal Data

Contact Data
Role Data
Position Data
Communications Data

Lawful Basis For Processing

Contract

Purpose Activity

Associate Finance Activities

to ensure day rate expectations are met
to undertake financial audits
to communicate professional fee arrangements between Client and Associate
to pay referral fees
to make an offer of professional fees to an Associate on behalf of a Business Contact in relation to a specific engagement;
to generate placement activity on our central systems in order to invoice a Client;
to benchmark day rate expectations for Associates with similar experience or for companies with similar vacancies;
to undertake financial audits;
to communicate invoice and other financial information to Associates, any third party intermediaries of Associates and Business Contacts.

Type of Personal Data

Contact Data
Identification Data
Role Data
Financial Data

Lawful Basis For Processing

Legitimate Interest
Contract

Purpose Activity

Associate IT Activities

to facilitate insights into activities and develop new services
back-up and storage of Associate data
to make improvements and develop efficiencies in the services

Type of Personal Data

Contact Data
Identification Data
Professional Data
Education Data
Communications Data
Marketing Data

Lawful Basis For Processing

Legitimate Interest
Contract

Purpose Activity

Website Delivery

to respond to web forms completed by you;
to promote our products and services;
to administer the Website;
for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
to ensure the safety and security of our website and our services.

Type of Personal Data

Contact Data
Web Data

Lawful Basis For Processing

Consent
Legitimate Interest

Purpose Activity

Marketings Activities

to respond to any requests from you
to send newsletters and other information that may be of interest
to inform you of events or webinars that might be of interest
to deliver and organise our conferences, seminars, events
to develop relationships with Associates
to tailor our products and services to better identify the right Associates and present the right opportunities at the right time and meet the Associate’s needs more effectively
to personalise and make the marketing information sent as relevant as possible;
to ask for your help in relation to sharing information about opportunities we may have, with your network;
to aggregate data used as part of surveys or to produce market insights;
to segment and distribute targeted marketing;
to follow up with attendees of our events/webinars or to contact attendees about current or future opportunities;
to ask for your opinion about our products or services;
to produce aggregated models to predict trends and produce market insights.

Type of Personal Data

Marketing Data
Contact Data
Web Data

Lawful Basis For Processing

Consent
Legitimate Interest

Purpose Activity

Legal Related Processing

to meet equal opportunity and diversity requirements
to meet health and safety requirements
to capture consent/contract acceptance on paper or electronic registration forms, terms & conditions or forms;
to comply with our legal obligations in respect of: the collection of taxes, levies, contributions; the detection of crime; labour standards; anti-bribery legislation; and industry specific legislation;
to comply with Client requests relating to their employment practices;
to comply with the law in certain jurisdictions;
to fulfil contractual obligations with Clients and vendors, for example, in relation to the enforcement of intellectual property rights.

Type of Personal Data

Contact Data
Identification Data
Legal Data
Health Data
Special Category
Personal Data

Lawful Basis For Processing

Consent
Contract
Assessment of Working Capacity
Carrying out obligations under employment or social protection law

Retention Associate Data

Our mission is to build lasting relationships with Associates, not just for one assignment but for the purposes of building a partnership over many years.

Our aim is to build lasting relationships with our Associates and thus to contribute to long term career success and development.

So our goal is to continue to engage and interact with Associates even after they have secured a new position – for example to keep them informed of market developments, invite them to topical seminars and networking events, and to be on hand to offer advice about career planning.

We recognise that the level of engagement we have with different Associates may vary and so our retention policy is designed to reflect this.

If you have a contract with us we will generally retain your Personal Data for a period of 7 years from the date when your last deployment under that contract ceased. If we have reliably sourced your Personal Data as described in this Data Protection Statement, and in compliance with Data Protection Laws, and we have meaningful engagement with you we will retain your Personal Data for a period of two (2) years since our last contact unless you request to have your Personal Data deleted. For this purpose “meaningful engagement” shall include:

the Associate engaging with Org Group to provide Services
the Associate meeting one of our consultants, to register for new opportunities, or for example to update on their situation and seek professional advice or some other professional input;
us sending an Associate’s profile (with their approval) to a Client for consideration for an assignment;
us arranging a business meeting with the Associate or between the Associate and a Client of Org Group;
us exchanging email correspondence or having telephone conversations with the Associate;
the Associate interacting with us in other ways for example, clicking to open our market insights, newsletters, surveys etc.

In some circumstances it is not possible for Us to specify in advance the period for which We will retain your Personal Data. In such cases We will determine the appropriate retention period based on balancing your rights against Our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Business Contacts

Overview

We want to explain clearly how we process the Business Contact Personal Data that we hold.

In addition to our General – Data Protection Statement this Data Protection Statement for Business Contacts provides further information about the Personal Data we process in relation to Business Contacts.

Please see the General – Data Protection Statement for information on:

For information about Associates click here

For information about General Contacts click here

For the purposes of this Business Contacts – Data Protection Statement, a Business Contact includes suppliers, partners, and other business contacts of Org Group including clients of our resourcing services (“Clients”).

Sources of Business Contact Personal Data

We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We will only ever source Personal Data relating to Business Contacts in a way that would be generally expected. We receive Personal Data about Business Contacts from a variety of sources, as follows:

the Personal Data is often provided by the Business Contact or created by Org as part of the relationship;
the Personal Data may be collected from public sources;
the Personal Data may be collected indirectly from another person within the company of the Business Contact;
the Personal Data may be collected through our website;
the Personal Data may be collected indirectly from a website or from a third party.

Categories of Business Contact Personal Data

Org Group only collects the Personal Data that we require in order to ensure we can have a productive business relationship with Business Contacts.

The table below sets out the general categories of Personal Data that we collect in relation to Business Contacts:

Contact Data: may include a person’s name, email address, phone number, postal address, other communication details, including social media links (e.g. Skype, LinkedIn)

Communications Data: may include Personal Data included in communications with us over email, phone or letter.

Position Data: includes role, job title, reporting line etc

Associate Data: may include opinions or references provided about an Associate of Org Group including Client feedback about the Associate.

Client Data: may include certain Personal Data about the Client received as part of Associate feedback about the Client.

Marketing Data: may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.

Financial Data:

may include payment details, bank or credit card details

Our Processing Activities – Business Contacts

We want to ensure that the Personal Data is used for the purposes that you would expect.

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.

In limited circumstances we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose.

Purpose/Activity

Managing Payments and Administration of the Contract

to process payments to and from our business.
to negotiate and administer the relationship with the Business Contact
to fulfil our legal/contractual obligations
to manage/respond to complaint/issue
to generate placement activity on our systems for invoicing purposes
to communicate payroll and other financial information to Clients

Types of Personal data

Contact Data
Communications Data
Financial Data
Position Data
Client Data
Associate Data

Lawful Process

Contract
Legitimate interest
Legal Requirement

Purpose/Activity

Service Delivery Activities

to keep in contact with the Client to discuss and review their requirements
to inform update and discuss a Associate that may be of interest to Clients
to organise and schedule meetings between an Associate and a Client
to inform the Client about progression of an Associate through the engagement process, to discuss the contracts and on-boarding of an Associate
to discuss any reference or other pre-screening information provided for an Associate
to discuss the on-boarding of an Associate
to consider an Associate for engagement with Org Group and its clients
to obtain information about the performance of an Associate including the provision of references by the Client
to understand the type of solutions (including type of Associates) required by the Client, and build up knowledge and understanding of the Client organisation and its structure
to create a record/file for the Client on our internal systems to associate all notes and tracking throughout the engagement process, meetings held, negotiation, on-boarding and contracting process
to send Client Contact information to Associates in relation to the interview and on-boarding process;
to carry out our obligations under our contract with the Client.
to manage relationship with Client

Types of Personal data

Contact Data
Communications Data
Financial Data
Associate Data
Position Data
Client Data

Lawful Process

Contract
Legitimate Interest

Purpose/Activity

Website Delivery

to respond to web forms completed by you;
to promote our products and services;
to administer the Website;
for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
to tailor our products and services to better identify the right opportunities at the right time and meet Client needs more effectively
to produce aggregated models to predict trends and produce market insights
to undertake modelling to produce lead scores in order to predict which Associates our Clients are most likely to deploy
to undertake modelling to identify improvements in efficiencies in the engagement process
to ensure the safety and security of our website and our services.

Types of Personal data

Contact Data
Web Data
Communications Data

Lawful Process

Consent
Legitimate Interest

Purpose/Activity

Marketing Deliveries

to keep in contact with Clients and review requirements for professional services
to personalise marketing communications
to respond to any requests from you
to send newsletters and other information that may be of interest
to inform you of events or webinars that might be of interest
to deliver and organise our conferences, seminars, events
to follow up with attendees of our events/webinars; and
to ask for opinions about our products or services.
to aggregate data used as part of surveys or to produce market insights;
to segment and distribute targeted marketing;

Types of Personal data

Marketing Data
Contact Data
Web Data

Lawful Process

Consent
Legitimate Interest

Retention of Business Contact Personal Data

Our mission is to build lasting relationships with our Business Contacts.

If you have a contract with us we will generally retain your Personal Data for a period of 7 years from the date that contract was terminated. If we have reliably sourced your Personal Data as described in this Data Protection Statement, and in compliance with Data Protection Laws, and we have meaningful engagement with you we will retain your Personal Data for a period of five (5) years since our last contact unless you request to have your Personal Data deleted.

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

General Contacts

Overview

We want to explain clearly how we process the Personal Data of General Contacts which includes:

website users
details of next of kin/emergency contact details
Partner and Associate referees
Shareholders/investors and partners

In addition to our General – Data Protection Statement this Data Protection Statement for General Contacts provides further information about the Personal Data we process in relation to General Contacts.

Please see the General – Data Protection Statement for information on:

For information about Partners and Associates click here

For information about Business Contacts click here

For the purposes of this General Contacts – Data Protection Statement, a General Contact includes:

website users
details of next of kin/emergency contact details
Partner and Associate referees
Shareholders/investors and partners

Sources of General Contact Personal Data

We source General Contact Personal Data in order to provide our services. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We will only ever source Personal Data relating to General Contacts in a way that would be generally expected. We receive Personal Data about General Contacts from a variety of sources, as follows:

directly from the General Contact or created by Org Group as part of the relationship
through access to and use of the Org Group Website
from Partners and Associates in the case of next of kin/emergency contact details and referees
from Clients in the case of next of kin/emergency contact details/referees

We only collect the Personal Data that we require in order to deliver and improve the services we provide.

The table below sets out the general categories of Personal Data that we collect in relation to General Contacts:

Contact Data: may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype, LinkedIn)

Identification Data: may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype, LinkedIn)

Communications Data: may include Personal Data included in communications with us over email, phone or letter.

Marketing Data: may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.

Web Data: may include information provided on any forms on our website and, to the extent that it includes Personal Data, information collected through cookies, pixel tags, and other technologies, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

Our Processing Activities – General Contacts

We want to ensure that the Personal Data is used for the purposes that you would expect

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.

In limited circumstances we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose before processing the Personal Data.

Purpose/Activity

Use of Next of Kin/Emergency Contacts

to communicate with the contact in the event of emergency
to ensure the safety of our Associates
to communicate with the Client in the event of an emergency

Types of Personal Data

Contact Data
Communications Data

Lawful Use

Legitimate Interest

Purpose/Activity

Use of Referrals

to assess the suitability of Associates
to contact the referee
to discuss Associate with the Business Contact

Types of Personal Data

Contact Data
Communications Data

Lawful Use

Legitimate Interest

Purpose/Activity

Website Delivery

to respond to web forms completed by you;
to promote our products and services;
to administer the Website;
for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
to ensure the safety and security of our website and our services.

Types of Personal Data

Contact Data
Web Data
Marketing Data

Lawful Use

Consent
Legitimate Interest

Purpose/Activity

Management of Corporate Affairs

to take minutes at board meetings
to contact shareholders/investors
to enter into partnerships and other commercial relations
to undertake appropriate due diligence

Types of Personal Data

Identification Data
Contact Data
Communications Data
Financial Data

Lawful Use

Contract
Legitimate Interest
Legal Obligation

Retention of General Contact Personal Data

Our retention policy for Business Contact Personal Data is as follows:

Use of Next of Kin/Emergency Contacts: For the duration of which the Associate remains active with Org Group or the Associate updates their details (see our retention policy for Associate data for more information)

Use of Referee Contacts: For the duration of which the Associate remains active with Org Group (see our retention policy for Associate data for more information)

Website Delivery: 2 years from the date of last contact. Please see cookie notice for further information

Management of Corporate Affairs: Data is retained in line with our statutory obligations

Where could Organisational Engineering take your business next?

Get in touch