PRIVACY NOTICE FOR WEBSITE USERS
At Norton Loxley Ltd, we’re committed to protecting and respecting your privacy. This applies to our wider business as well as our website.
Our privacy notice below explains how, when and why we collect personal information about who visits our website – including how we use it and how we keep it secure.
Who are we?
We are a Human Resources and Recruitment Consultancy with the aim of providing a fresh take on HR and recruitment support to businesses. Our registered address Norton Loxley, 46 Park Place, Leeds, LS1 2RY and our telephone number is 01904 373105.
How do we collect information from you?
When you use our website, including when you contact us about our services or sign up for our newsletter, we collect information from you.
What type of information is collected from you?
We collect personal information that might include your IP address, geographical location, browser type, source of referral as well as which pages you looked at and for how long. It also includes contact information that you give us when you register with us so that we can send you email updates and newsletters.
How is your information used?
We may use your information to:
• improve your browsing experience by personalising the website;
• seek your views or comments on the services we provide;
• notify you of changes to our services;
• send you communications which you have requested and that may be of interest to you.
• provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
• deal with enquiries and complaints (incredibly rare…) made by or about you relating to the website.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes other than what is set out in Disclosures.
Social Media
If you make comments or posts on social media (our Linkedin page, for example), then the rules of that platform apply, so please be aware that your comments or reactions could be made public.
If you add a comment to any of our own blogs or reviews, these will be shared with other users and the wider general public. So please don’t be offensive, insulting or defamatory. In addition, you’re responsible for ensuring that any comments you do make comply with relevant policies on acceptable use.
We don’t control any social media platforms, such as LinkedIn and Facebook so please make sure you review their privacy notices as well as the terms and conditions of any social media platforms you use. It’s important that you understand what they do with your information – and it means you can adjust your privacy settings if you don’t want things shared or in the public domain.
Disclosures
We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy notice.
In addition, we may disclose information about you:
• to the extent that we are required to do so by law;
• in connection with any legal proceedings or prospective legal proceedings;
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
• to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
Peace of mind about your choices
We may contact you for marketing purposes by post, email or phone.
You can change your marketing preferences at any time by contacting us by email at sayhello@nortonloxley.com.

How you can access and update your information

If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at sayhello@nortonloxley.com.

What we do to protect your personal information

When you give us personal information, we take great care to ensure that it’s treated securely.

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We take great care to ensure any confidential information remains protected, but we cannot guarantee the security of data sent over the Internet.

Use of ‘cookies’ (not the interesting, edible kind)

Like many other websites, ours uses cookies – small pieces of information that enable us to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. Cookies help us to improve our website and deliver a better service.

We use both “session” cookies and “persistent” cookies on our websites. We will use the session cookies to keep track of how you move around our website and to monitor user behaviour for statistical and marketing purposes. We will use the persistent cookies so that we recognise you when you visit our website.

Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

We use Google Analytics to analyse how our website is used. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website.

You can switch off cookies by changing your browser preferences. Be aware that this might affect functionality when using our website.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit – we are not responsible for the privacy notices and practices of other websites, even if you access them using links from our website.

16 or Under

If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Review of this Privacy Notice

This Notice was last updated in February 2024.

We review our policies on a regular basis and may update this Privacy Notice by posting a new version on our website.

You should check this page occasionally to make sure you are happy with any changes. We may also notify you of changes to our privacy notice by email.

PRIVACY NOTICE FOR CANDIDATES & JOB SEEKERS

Norton Loxley (the company) is a HR and recruitment business which provides HR support services and work-finding services to its clients and candidates.

As part of any recruitment process, the company collects and processes personal data relating to job applicants so that it can provide a recruitment service. The company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Data controller details

Norton Loxley Ltd is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:

Sian Whelan, Company Director, sayhello@nortonloxley.com.

Data protection principles

In relation to your personal data, we will:

• Process it fairly, lawfully and in a clear, transparent way.

• Collect your data only for reasons that we find proper for the course of our business relationship.

• Ensure it is correct and up to date.

• Keep your data for only as long as we need it.

• Process it in a way that ensures it will not be used for anything that you are not aware of or have not consented to (where appropriate).

Types of data we process

You may give your personal details to the company directly, such as on an application form, by submitting your CV or via our website or we may collect them from another source, such as online job boards or publicly accessible sources, such as social media.

The company collects a range of personal data. In relation to recruitment, this includes:

• your name, address and contact details, including email address and telephone number;

• details of your qualifications, skills, experience and employment history;

• information about your current level of remuneration, including benefit entitlements;

• whether or not you have a disability for which an organisation needs to make reasonable adjustments during the recruitment process; and

• information about your entitlement to work in the UK.

How we collect your data

The company collects information about you in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

The company may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. The company will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.

Data will be stored in a range of different places, including on your application record, in HR and recruitment management systems and on other IT systems (including email).

Why we process your data

The law on data protection allows us to process your data for certain reasons only:

• Where we have your consent.

• In order to perform the contract and services that we are party to

• In order to carry out legally required duties.

• In order for us to carry out our legitimate interests.

• To protect your interests or where it is processed in the public interest.

All of the processing carried out by us falls into one of the permitted reasons.

The Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding services. This includes, contacting you about job opportunities, assessing your suitability for job opportunities, adding your details to our candidate databases, putting you forward for job opportunities (which includes passing your details on to third parties involved in providing work-finding services) and developing and managing our services and relationship with you as a candidate and our clients.

In some cases, the company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.

The company has a legitimate interest in processing personal data during the recruitment process in relation to both candidates and clients and for keeping records of the process. Processing data from candidates allows the company to manage the recruitment process, assess and confirm a candidate’s suitability for a job role and decide who to put forward to a client for consideration. The company may also need to process data from candidates to respond to and defend against legal claims.

If your application is unsuccessful, the company will keep your personal data on file in case there are future employment opportunities for which you may be suited. The company will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.

Special categories of data

Special categories of data are data relating to your:

• health

• sex life

• sexual orientation

• race

• ethnic origin

• political opinion

• religion

• trade union membership and

• genetic and biometric data.

We must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:

• you have given explicit consent to the processing

• we must process the data in order to carry out our legal obligations

• we must process data for reasons of substantial public interest

• you have already made the data public.

The company processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.

Where the company processes other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.

Criminal conviction data

We will only collect criminal conviction data if it is necessary for us to carry out our client obligations and exercise specific rights in relation to a particular job vacancy and where the law permits us to do so.

Sharing your data

We may share your data with third parties involved in providing our work-finding services, including (but not limited to) legal and professional advisers with whom we work with, subcontractors and services such as accountancy marketing support services.

Your information will be shared internally for the purposes of providing our work-finding services or for sales and marketing purposes. Your data will also be shared externally with prospective employers and clients of the company as part of the recruitment process. The company will also use third party suppliers to process your data, such as software solutions providers.

With the exception of a prospective employer and clients of the company, the company will not share your data with third parties, unless your application for employment is successful and an offer of employment is made. The company may then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.

Protecting your data

The company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

How long we keep your data for

If your application for a specific job vacancy is unsuccessful, the company will hold your data on file for 12 months after the end of the relevant recruitment process. If you agree to allow the company to keep your personal data on file, the company will hold your data for a further 12 months for consideration for future employment opportunities and for relevant marketing purposes. At the end of that period we may ask for your consent to hold your data for a further 12 months. Once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful and you become an employee of one of our clients, personal data gathered during the recruitment process will be transferred to your new employer and client of the company. Once your data has transferred to your new employer, the data will become the responsibility of your new employer.

Your rights in relation to your data

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request;

• require the company to change incorrect or incomplete data;

• require the company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;

• object to the processing of your data where the company is relying on its legitimate interests as the legal ground for processing; and

• ask the company to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the company’s legitimate grounds for processing data.

• Where you have given your consent to the company to process your personal data, you have the right to withdraw your consent at any time. If you would like to withdraw your consent or you would like us to update your personal data, please send an email to sayhello@nortonloxley.com.

If you do not provide your data to us

You are under no statutory or contractual obligation to provide data to the company whilst using our work-finding services. However, if you do not provide the information needed to do this, the company may not be able to process your application properly or at all.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.

Automated decision-making

Recruitment processes are not based solely on automated decision-making.

Complaints and queries

We hope this privacy notice has been helpful in setting out how we handle your personal data. If you have any questions or a query that hasn’t been covered, please contact us by email in the first instance at sayhello@nortonloxley.com.

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.

Last reviewed: February 2024

PRIVACY NOTICE FOR CLIENTS AND SUPPLIERS

Norton Loxley Ltd is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently.

This privacy notice sets out, in line with GDPR, the types of data that we hold on you as a prospective client, client, employee of our client or supplier to the Company. It also sets out how we use that information, how long we keep it for and other relevant information about your data.

Data controller details

Norton Loxley Ltd is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:

Sian Whelan, Company Director, sayhello@nortonloxley.com.

Data protection principles

In relation to your personal data, we will:

• Process it fairly, lawfully and in a clear, transparent way.

• Collect your data only for reasons that we find proper for the course of our business relationship.

• Ensure it is correct and up to date.

• Keep your data for only as long as we need it.

• Process it in a way that ensures it will not be used for anything that you are not aware of or have not consented to (where appropriate).

Types of data we process

We process personal data about the following categories of people:

• Clients

• Potential clients

• Other people involved in client matters we are providing HR and recruitment services to

• Referrers of work

• Other third parties we (including our employers, contractors and suppliers) that we have a business relationship with.

We hold many types of data about you, including:

• Your personal details including your name, address, email address, phone numbers.

• Our contracts, correspondence and transaction history as a user of our services or as a supplier.

• Client data, including any information in relation to the services we are providing, business and company relationships, personal circumstances, employment background and circumstances, services provided to clients or could be provided to potential clients and employee or prospective employee relationships.

• Bank details.

• Letters, contracts, meeting minutes and other documentation relating to employment advice and support we provide to our clients.

• Lists of delegates for any training events.

• Any marketing and communication preferences.

How we collect your data

We process and collect data about you in a variety of ways for the purposes of providing HR and recruitment services to our clients and prospective clients or as a supplier to us.

In addition, data about you may be obtained from other workplace sources (including, company systems and correspondence) during the course of providing our services.

Personal data is kept in hard copy files, email correspondence or within our IT systems.

Why we process your data

The law on data protection allows us to process your data for certain reasons only:

• Where we have your consent.

• In order to perform the contract and services that we are party to

• In order to carry out legally required duties.

• In order for us to carry out our legitimate interests.

• To protect your interests or where it is processed in the public interest.

All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on performing our contractual obligations to process your data.

We also need to collect your data to ensure we are complying with any legal requirements.

We also collect data so that we can carry out activities which are in the legitimate interests of the Company.

If you have signed up to our newsletter via our website, you have explicitly consented to us processing your data.

Special categories of data

Special categories of data are data relating to your:

• health

• sex life

• sexual orientation

• race

• ethnic origin

• political opinion

• religion

• trade union membership

• genetic and biometric data.

We must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:

• you have given explicit consent to the processing

• we must process the data in order to carry out our legal obligations

• we must process data for reasons of substantial public interest

• you have already made the data public.

We will use your special category data:

• as required in client workforce matters where relevant.

We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under employment law. However, we may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.

If you do not provide your data to us

One of the reasons for processing your data is to allow us to carry out our duties in line with our services provided to you. If you do not provide us with the data needed to do this, we will be unable to perform our services and duties eg providing HR advice.

Sharing your data

We may share your data with third parties involved in providing our services, including (but not limited to) legal and professional advisers with whom we work with, subcontractors and services such as accountancy marketing support services.

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.

We also limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know and who will only process your personal information on our instruction.

How long we keep your data for

In line with data protection principles, we only keep your data for as long as we need it for, which will be at least for the duration of our business relationship and for six years after our contract/s has ended for HMRC record keeping and the defence of potential legal claims.

Automated decision making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

Your rights in relation to your data

The law on data protection gives you certain rights in relation to the data we hold on you. These are:

• The right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.

• The right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.

• The right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.

• The right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.

• The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.

• The right to portability. You may transfer the data that we hold on you for your own purposes.

• The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests.

• The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact the Data Controller listed above.

Making a complaint

Last reviewed: February 2024

How you can access and update your information

TAKE THE FIRST
STEP TO BETTER HR

GET IN TOUCH

How you can access and update your information

TAKE THE FIRST STEP TO BETTER HR

GET IN TOUCH

TAKE THE FIRST
STEP TO BETTER HR