Privacy

Privacy notice

How we use your information

This privacy notice tells you what to expect when CARD Group collects your personal information and how we plan to use that information.

From 25 May 2018 the EU General Data Protection Regulation (GDPR) replaces existing EU data protection regulations.  It is designed to harmonise data privacy laws across Europe, to protect and empower all citizen’s data privacy and to reshape the way organisations across the region approach data privacy.  For more information you can refer to the Information Commissioner’s Office: guide-to-the-general-data-protection-regulation-gdpr

 

As someone who has engaged with CARD Group, and about whom we hold any personal data, you are a data subject.  CARD Group is a data controller, because we determine how and why personal data is processed.  We are also a data processor, in that we process personal data in order to administer a service.  We will also, from time to time, use third party data processors.

CARD Group is committed to upholding the principles of the GDPR when processing personal data.  According to Article 5 of the GDPR, personal data shall be:

 

  • processed lawfully, fairly and transparently
  • Collected for specific purposes, and not processed for other purposes
  • “just the right amount” of data for the task at hand – not too much, but enough to do your job accurately
  • accurate and up to date
  • kept no longer than necessary
  • processed securely

 

Visitors to our website

CARD Group operates the website www.card-group.com as the main source for information on our work, the services we provide and how to contact us.

 

Use of cookies by CARD Group

Cookies are files with a small amount of data, which may include an anonymous unique identifier.  Cookies are sent to your browser from a website and stored on your computer’s hard drive.  We use ‘cookies’ to collect information.  You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

 

Information collection and use

While using our website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.  Personally identifiable information may include, but is not limited to, personal information such as your email address and your name.

We may also collect information that your browser sends whenever you visit our website (Log Data).  This Log Data may include information such as your computer’s Internet Protocol (IP) address, browser type, browser version, service provider, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other statistics.  We may use third party services such as Google Analytics to collect standard internet log information and details of visitor behaviour patterns.  We do this to find out things such as the number of visitors to the various parts of the site.  This information is only processed in a way which does not identify anyone.

We do not make any attempt to find out the identities of those visiting our website.  If we do want to collect personally identifiable information through our website, for example, through our ‘Contact us’ form, we will be up front about this.  We will make it clear when we collect personal information and will explain what we intend to do with it.

 

Search Engine

Our website search function is powered by WordPress.  Search queries and results are logged anonymously to help us improve our website and search functionality.  No user-specific data us collected by either WordPress or any third party.

 

E-newsletter and emails

We use a third party provider, MailChimp to deliver e-newsletters and emails.  We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletters.  For more information please see https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr.

We may also use Mailtrack.  To find out more about the Mailtrack privacy policy please visit: https://mailtrack.desk.com/customer/en/portal/articles/1830529-privacy-security-and-mailtrack

 

Security and performance

CARD Group uses a third party service to maintain the security and performance of the CARD Group website.  To deliver this service, it processes the IP addresses of visitors to the website.

 

Links to other sites

Our service contains links to other sites that are not operated by us.  If you click on a third party link, you will be directed to that third party’s site.  We strongly advise you to review the Privacy Policy of every site that you visit.

We have no control over, and assume no responsibility for, the content, the privacy policies or practices of any third party sites or services.

 

Contact us form

We collect information from those who contact us with a request for information, a query or a comment.  Information provided is processed and stored in order to provide an information service to stakeholders.  Your details may be forwarded within CARD Group to the appropriate department in order to deal with your query however they will not otherwise be shared.

 

Service providers

We may employ third party companies and individuals to facilitate our own service provision, to provide a service on our behalf, to perform related services or to assist in analysing how our service is used.

These third parties have access to your personal information only to perform these tasks on our behalf ad are obligated not to disclose or use it for any other purpose.

 

Security

The security of your personal information is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure.  While we strive to use commercially acceptable means to protect your Personal information, we cannot guarantee its absolute security.  As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.

Communications

Service updates and client feedback

In addition to the lawful processing of your data for the purposes of administering CARD Group service, if you are a user of CARD Group we many also send you electronic updates on the provision of the CARD Group service to you.  We will send you these using the information provided by you at registration.  We will do this on the basis that there is a legitimate interest to share communication with you for the purpose of providing and administering the service.  We may also contact you to ask for your feedback on the service that we provide so that we can ensure you continue to receive the best possible service.  You may opt out of receiving any, or all, of these communications from us following the unsubscribe link of instructions provided in any email we send.

 

Newsletters

We may also gather your personal information to contact you with newsletters containing updates, marketing or promotional materials and other information that may be of interest to you in the context of the work of CARD Group. We will never share or sell personal data with third parties outside of CARD Group unless use of a third party is required for the administration of a service, for example, use of Mail Chimp to send e-newsletters.

We will only send you this material with your consent unless there is a legitimate interest t share communication with you for the purposes of providing and administering the service. You many opt out of receiving any or all of these communications from us by following the unsubscribe link of instructions provided in any email we send.

Examples of newsletter content include:

  • Updates on the work of CARD Group including new services
  • Invitations to events
  • Invitations to participate in research

 

Completing customer satisfaction surveys and research

CARD Group uses a third party tool to gather feedback from users about their experience of CARD Group, or for other research purposes.  No service user is under any obligation to provide feedback in order to continue to use the service.

We will only use the information gathered for the purposes that it is requested and will use the information only in ways that will not identify anyone.

In the case of our research, data will be aggregated for data analysis and generation of statistics.  Personal identification data will then be deleted unless an individual has provided their explicit consent that it can be used for another purpose, for example, added to a newsletter mailing list.

 

Attending a CARD Group event

Individuals’ names may be shared as part of a delegate list for networking purposes, no contact details will be shared.  This will only be done with the consent of the individual concerned, however.  Delegate lists used by us for communication before and during events for planning and reminder purposes, and may be used to contact delegates about future events that may be of interest to them.  Consent will be sought where appropriate.

Group photographs may be taken at events and can be used for post event communications and in reports such as CARD Group’s social impact report.  Event attendees will be made aware of this and can advise CARD Group if they do not wish to be visible in any photograph.  Individual photographs where people are names are attributed will only be used with consent.

 

Using CARD Group’s services

CARD Group offers various services to stakeholders.  We have to hold certain details of the people who have requested the service in order to provide it.  However, we only use these details to provide the service the person has requested and for other closely related purposes unless we have clear consent.

 

Provision of market research services

Information will be required from stakeholders in order to provide an efficient service.  Personal data requested will be kept to a minimum and only that information which is required to provide the service, and to keep the clients updated, will be requested.  Clients may be asked if they consent to be contacted with broader information about the work of CARD Group.  Consent once given can be withdrawn at any time.

 

Responding to queries

Queries may be received through letter, email or telephone.  These will be passed to the relevant department within CARD Group for answering.

 

Changes to this privacy notice

We may update our privacy notice from time to time.  We will notify you of any changes by posting the new privacy notice on this page. You are advised to review this privacy notice periodically for changes.  Changes to this privacy notice are effective when they are posted on this page.

If we make any material changes to this privacy notice, we will notify you either through the email address you have provided or by placing a prominent notice on our website.

This privacy notice was last updated on Monday 5th March 2018.

 

Your rights

Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information we hold about you. You can read more about these rights here – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/

CARD Group tries to be as open as it can in terms of giving people access to their personal information.  Individuals can find out if we hold any personal information by making a ‘subject access request’.  If we do hold information about you we will:

  • Give you a description of it
  • Tell you why we are holding it
  • Tell you who it could be disclosed to
  • Let you have a copy of the information in an intelligible form
  • Remove your data if this would not prevent the administration of a service we are contracted to deliver.
  • Remove your data if this would not prevent the administration of a service we are contracted to deliver

To make a request for any personal information we may hold you need to put the request in writing:  info@card-group.com

 

Children’s privacy

Our service does not address anyone under the age of 13 (“children”).

We do not knowingly collect personally identifiable information from children under 13.  If you are a parent or guardian and you are aware than your child has provided us with personal information, please contact us.  If we become aware that we have collected personal data from children under 13 without verification of parental consent, we take steps to remove that information from our servers.

 

Jurisdiction

This Policy shall be governed and construed with the laws of Northern Ireland, without regard to its conflict of law provisions.

 

Complaints or queries

CARD Group endeavours to meet the highest standard when collecting and using personal information.  For this reason, we take any complaints we receive about this very seriously.  We encourage people to bring it to our attention if the think that our collection or use of information us unfair, misleading or inappropriate.  We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind.  It does not provide exhaustive detail of all aspects of CARD Group‘s collection and use of personal information.  However, we are happy to provide any additional information or explanation needed.  If you want to make a complaint about the way we have processed your personal information, or if you have a query, you can contact us.

You can also report a concern to the Information Commissioner’s Office.  Further information is available here: https://ico.org.uk/concerns/

 

Contacting us by telephone

When you call CARD Group we may record this call.  We use this information to help improve our efficiency and effectiveness.

 

When you email us

Any email you sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy.  Email monitoring or blocking software may also be used.  Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Emails may be shared within CARD Group to ensure that a query is addressed to, and resolved by, the correct Department.

 

When you contact us via social media

CARD Group uses a variety of social media outlets to engage with stakeholders.  We cannot guarantee that information shared through these media will be private, for example, if you share your contact details in an unsecure and public space then these may be viewed by parties other than CARD Group.  Please do not share personal information in a public forum.  For the relevant privacy notices, please see:

Twitter

Linkedin

Google+

Facebook

 

If you send us a private or direct message via social media the message will be stored but will not be shared with any other organisations.

 

Job applicants, current and former CARD Group employees

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.  We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area.  The information you provide will be held securely by us and/or our data processors whether the information us in electronic or physical format.  We will use the contact details you provide to us to contact you to progress your application.  We will use the other information you provide to assess your suitability for the role you have applied for.

 

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.  The information we ask for is used to assess your suitability for employment.  You don’t have to provide what we ask for but it might affect your application if you don’t.

We ask you for your personal details including name and contact details.  We will also ask you about your previous experience, education, referees and for all answers to questions relevant to the role you have applied for.  Our recruitment team will have access to all of this information.

You will also be asked to provide equal opportunities information.  This is not mandatory information – if you don’t provide it, it will not affect your application.  This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you.  Amy information you do provide, will be used only to produce and monitor equal opportunities statistics.

We might ask you to attend an interview.  Information will be generated by you and by us.  For example, you might complete a written test or we might take interview notes.  This information is held by CARD Group.

If you are unsuccessful following assessment for the position you have applied for, we would proactively contact you should any further suitable vacancies arise.

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks.  You must successfully complete pre-employment checks to progress to a final offer.  We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide:

  • Proof of your identity
  • Proof of your qualifications
  • AccessNI check

We will contact your referees, using the details you provide in your application, directly to obtain references.  If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments
  • Emergency contact details – so we know who to contact in case you have an emergency at work
  • Details required for the purposes of pension enrolment

We may also seek information to assist in securing your membership of relevant health or other occupational benefit schemes.

 

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment.  This includes your criminal records declaration, fitness to work, records of any security checks and references.  If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months.  Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months.  Equal opportunities information is retained for 6 months whether you are successful or not.

 

How to contact us

If you want to request information about our privacy policy you can contact us.