It is our goal to make this privacy notice easy to follow, easy to read and easy to validate, but should you have any questions, please reach out to our Data Protection Officer.
Data Protection Officer
The Engine Room
1 Bash Street
t. 01382 529 528
e. [email protected]
The Data We Collect from this Website
However, if you contact us through our contact forms, we collect, with your consent, the following personal data:
Your basic contact details
Your CV (as a file upload)
Anything else you tell us at the point of application.
Project enquiry forms:
Some basic company details
Your email address
A summary of your intended project.
Your basic contact details.
Please note that it is usual to share your contact details with the event organiser. When possible we will detail the event organiser in the event contact form. In all cases, we conduct due diligence on our event organisers to ensure compliance with data protection regulation.
Your email address.
We use “MailChimp” to provide our newsletters, which is a globally compliant, industry leading service provider. It has a user friendly unsubscribe facility, meaning you, the user, can easily unsubscribe from our mailing list at any time.
Why we collect this data and our legal basis for collecting it
We collect contact details from the project enquiry form in order to pursue business opportunities. The lawful purpose for processing this data is CONSENT as defined by the UK DPA 2018, which is obtained during the completion of the enquiry form.
Our recruitment team collects contact & CV details from the recruitment enquiry form (including your CV if you upload it) for the purpose of finding employees. The lawful purpose for processing this data is also CONSENT, which is obtained during the completion of the recruitment enquiry form.
Waracle frequently holds events to pursue both business and recruitment opportunities. Our events coordinator collects your basic contact data from the events form and again the lawful purpose for processing this data is CONSENT.
We hold your data securely in applications, which are fully compliant with all applicable data protection regulation and which are designed for this purpose.
Waracle conducts various research projects, generally related to how people use the internet and online services. Volunteers for such projects undergo a separate and strict compliance process, which details all privacy and security aspects of any given research project. As you would expect, this is an entirely consensual process, with the highest standards of transparency and privacy compliance possible.
Who we share this data with
Aside from the secure sub-processors listed below, and when applicable event organisers, we don’t share your personal data with anyone unless you have given us your unequivocal consent to do so.
The data you consent to provide us with through our various contact forms is treated with the utmost confidentiality and security.
We say this with confidence for two reasons.
- We only share data externally if there is a very specific purpose and the person whose data it is has given Waracle their unequivocal consent for this to happen. This is unlikely to happen, except in the process of recruitment for external clients, and even then further safeguards are applied as detailed a little further down the page.
- The sub-processors, commonly referred to as applications or “apps”, we use to store and manage personal data are all vetted for data protection compliance. This includes the use of secure storage and processing facilities, which are only accessible to the account holder – which is us, Waracle.
The sub-processors we use for recruitment, business development and research enquiries are:
We conduct due diligence on all our sub-processors and ensure they are all fully compliant with all UK & EU Data Protection Legislation, including GDPR.
In the case of recruitment, if we progress your application and forward your details to one of our partners or clients (the partner or client organisation you are likely to be working with) your CV would be anonymised first. We do this not only to comply with data protection regulations, but also to protect our commercial interest.
How long we retain this data
We retain business contact data indefinitely, but we only retain recruitment data and CVs for 12 months. We may contact existing applicants after 12 months to refresh their consent, if we believe an employment opportunity is likely. Research data retention will be detailed at the consent stage, but generally research data is deleted immediately on cessation of each project.
It’s your data – these are your rights.
There is no better place to study your rights in respect to your personal data than the ICO’s website. Here’s the link:
Should you need to contact us in respect to your personal data rights, you can write, phone, or email us using the contact details at the top of this page.
This privacy notice only covers the collection of personal data through our website and associated recruitment, event, research and business development activities. Where prospective client or prospective employee contact proceeds to formally contracted engagement, both parties will necessarily undertake mutual due diligence, covering all aspects of UK regulatory and legislative compliance, including, but not limited to, all aspects of data protection legislation.
For the purposes of due diligence and compliance, Waracle has a full compliance team, led by a senior manager with Board level access.
The compliance team can be contacted using the contact details at the top of this page.