Privacy Policy.

Barclay Simpson Solutions

Privacy Policy

This Privacy Policy sets out the basis on which Barclay Simpson Solutions Ltd will process personal information (personal data) which we use to deliver our services and function as an employer.

Barclay Simpson Solutions is referred to throughout as “BSS”, “we”, “us”, “our” and “ours”.

BSS takes its obligations in respect of the privacy of personal data seriously and we will only process personal information as detailed in this notice unless we inform you otherwise.

Our core business activities are consulting and the provision of managed services.  We work with our clients to supply teams of subject matter experts (SMEs) to deliver specific outcomes or to provide a service on an ongoing basis.  As an employer we recruit staff to work for us to administer BSS and to provide our services.

The person responsible for data protection matters within our organisation is Ian Coyle, Data Protection Representative (DPR) who can be contacted here:

Personal data we collect or receive includes the following as applicable:

• Name
• Address
• Email and other contact details
• Date of birth
• Employment record
• Educational record, qualifications, skills and experience
• Passport, Visa and other right to work or identity verification information
• Bank details
• National insurance and tax (payroll) information
• Contact details of referees
• Information contained in references and pre-employment checks from third parties

We may obtain your personal data from the following sources (please note that this list is not exhaustive):

• You
• Social Media
• Conversations on the telephone or video conferencing (which may be recorded)
• Our website
• Introduction from a 3^rd party

How we will use your personal data:

The processing of your personal information may include:

• Collecting and storing your personal data, whether in manual or electronic files
• Notifying you of potential projects
• Assessing your suitability for projects
• Introducing and/or supplying you to actual or potential end user clients
• Administration in connection with a project
• Complying with any regulatory, statutory authorities or legal and professional advisers
• Recording our relationship and dealings
• Information systems administration and good housekeeping

Why we process your personal data:

Entering into and performing a contract with you:

In order to engage with you as an SME or as an employee, we may enter into a contract with you and/or a third party. In order to enter into a contract, we will need to process personal data. We will process this personal data to administer and execute the terms of the contract and fulfil any statutory obligations that must be complied with in the execution of the contract.

Pursuing our legitimate interests in the provision of our services to our clients and employing our staff.

In providing our services, we will carry out some processing of personal data which is necessary for the purpose of our legitimate interests, which include:

• Retaining records of our dealings and transactions and where applicable, use such records for the purposes of:

• • establishing compliance with contractual obligations with clients or suppliers
  • addressing any query or dispute that may arise including establishing, exercising or defending any legal claims
  • protecting our reputation
  • maintaining operational resilience by facilitating systems/data restoration following a system failure or security breach
  • ensuring quality of service provision and compliance with company policies and procedures

Consent to our processing of your data:

We may process your personal data on the basis that you have consented to us doing so for a specific purpose. You may withdraw your consent to our processing of your personal information for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.

Who we share personal data with:

We shall not share your personal information unless we are entitled to do so. The categories of persons with whom we may share your personal information include:

• Individuals and other third parties necessary for the provision of our consulting and managed services
• Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us
• Parties who process data on our behalf, which may include
  • outsourced payroll providers
  • IT support
  • storage service providers including cloud
  • background screening providers
• Legal and professional advisers
• Insurers

Transfer of data to other jurisdictions

In the course of the provision of our consulting and managed services we may transfer data to countries or international organisations outside of the EEA. This may, for example, be to Clients or third parties who provide support services to us.  Where information is to be so transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and as far as is reasonably practicable, ensure that appropriate safeguards are in place.

Group companies & transfer

Although this Privacy Notice applies to us your data may be accessible to and shared with other organisations within our group for any of the purposes set out within this Privacy Notice, or where we have shared administration systems and staff.

In the event of a sale, merger, liquidation, receivership or the transfer of all or part of our assets to a third party, we may need to transfer your information to a third party. Any transfer will be subject to the agreement of the third party to this Privacy Notice and any processing being only in accordance with this Privacy Notice.

Data Security and Confidentiality

It is our policy to ensure, as far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice.

Retaining your data

In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you, and it is our policy to only store your personal data for as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests.  However, we may retain data for longer than a 6 year period where we have a legal or contractual obligation to do so, or we form the view that there is otherwise a continued basis to do so, for example where your personal information identifies specialist skill sets which may remain in demand, or we are subject to a legal obligation which applies for a longer period.

If however you believe that we should delete your personal data at an earlier date, please inform us in writing of your reasons.

Changes to this Privacy Notice

This Privacy Policy is regularly reviewed by the Board of BSS and may be updated from time to time to reflect changes in our business, or legal or commercial practice.  Where an update is relevant to our processing of your data, we shall notify you of the same.

Your rights

We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:

• Request a copy of the personal data that we hold
• Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data
• Request that we restrict processing of your data in certain circumstances
• Request that data is erased where the continued use of that data cannot be justified
• Object to any decision, which significantly affects you, being taken solely by a computer or via another automated process
• Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations
• Request that inaccurate or incomplete data is rectified
• Request that data provided directly by you and processed by automated means is transferred to you or another controller; this right only being applicable where our processing of your data is based either on your consent or in performance of a contract
• Make a complaint to the Information Commissioner’s Office Request that direct marketing by us to you is stopped

Please note that should you exercise your right to request that we erase data or cease any processing activity, we may retain a record of this request and the action taken in order to both evidence our compliance, and to take steps to minimise the prospect of any data being processed in the future should it be received again from a third-party source.

If you have any questions concerning your rights or should you wish to exercise any of these rights please contact:

Ian Coyle, Data Protection Representative:

ic@barclaysimpson.com

3^rd Floor, 20 Farringdon Street, London EC4A 4AB

Complaints

If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to Ian Coyle, Data Protection Representative. This does not affect your right to make a complaint to the Information Commissioner’s Office.