Privacy Policy

Our commitment

Change Network is committed to protecting your personal information and to ensuring you know how we use your data.  We adhere to Data Protection legislation and ensure that personal information is held fairly, lawfully and securely. We will always seek your permission where it is needed to ensure lawful data processing.

Purpose

This Privacy Policy describes how we gather, process and look after your personal data.  This includes how we collect, organise, host, store, modify, use, combine, handle, share and access your personal data when you use our website or are in contact with us. This Privacy Notice also tells you about how to exercise your rights in relation to your personal data.

It applies to information we collect about people, such as:

• People who use and receive our services
• Visitors to our website
• People who register for marketing updates or newsletters
• People who are referred to us by other organisations
• People who contact us with an enquiry or complaint
• Job applicants and our current and former employees
• People who participate in publicity for us

Your rights

By law you have rights over how your data is collected, processed and stored. This includes the right to:

• Be informed about how we use your personal information
• Ask for access to the personal information we hold about you
• Ask that your personal information is given to you in a commonly used format
• Ask us to stop using or to delete your information
• Ask us to limit what we use your personal information for
• Request changes to personal information you think is wrong
• Withdraw consent you have previously given to use your personal information
• Object to automated decision making and profiling where this is used.

Data Protection Officer

Change Network’s Data Protection Officer (DPO) is one of our directors, Kate Lindley.  We take our responsibilities seriously and our DPO is deliberately a senior member of the team for this reason.  Kate and can be contacted at kate.lindley@changenetwork.co.uk

Our Privacy Notice

What type of information do we hold about you?

When using the term personal data, we mean information that relates to you that could lead to you being identified, either directly or indirectly in combination with other information which we may have in our possession.

As a website user, client, supplier, job applicant or prospect, we may process different kinds of personal data about you, including, but not limited to:

• Your basic identification and contact details: This includes your name, marital status, company address, telephone number, email address, company name, job title/position and any other personal information that you provide to us. 
• Career history and qualification, training and education history: if you submit an application for a role with us, we will collect employment history, schools and universities attended and employer feedback. 
• Technical personal data:  This includes information such as your internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform and other technology on the devices you use to access this website.
• Profile personal data:  This includes information about your previous purchases of our products and services, your interests, preferences and information about events you have attended, feedback you have given us and survey responses.
• Details of your visits to our website: This includes analytical data such as the pages you view, documents you download and journey through the site. Please see our cookie policy for more information.
• Marketing and communications data: Forms signing up for newsletter content, consents, permissions and preferences that you have specified.
• Enquiry records: When you contact us with an enquiry, we may keep a record of that contact in full or abbreviated form.
• Completing surveys – we may ask you to complete surveys that we use for research purposes.
• General meetings – we may collect personal information when we meet you face to face or when you contact us either on the telephone or in writing

What principles do we apply?

We apply the following principles, aligning with our legal obligations so that your data is:

• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
• Relevant to the purposes we have told you about and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about; and
• Kept securely.

We have put policies, procedures and standards in place to seek to adopt these principles in our everyday processing activities set out in this Privacy Notice.
 

How do we collect personal data from you?

We use different methods to collect personal data from and about you including through:

• Direct interactions: For example when you fill in a form, ask about our services, subscribe to our newsletters, provide feedback or apply for a job.
• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
  • ​​​​​​​​​​​​​​Identification and technical personal data from the following parties: social media channels such as LinkedIn.
  • Identification and contact details personal data from publicly availably sources such as Companies House and the Electoral Register.
  • Your named referees 
  • Recruitment agencies, your former employer, law enforcement agencies, disclosure and barring services;
• Automated technology and analytics: As you interact with our website we collect ‘cookies’ about your browsing actions, location and patterns which might be used with other identifying data to establish other personal information about you.. We may also receive technical personal data about you if you visit other websites employing our cookies. Please see our Cookie Policy (insert link) for further details.

Purposes for which we may use your personal data

We will only process your personal information where we are satisfied that we have an appropriate lawful basis to do so.

We rely upon different lawful bases for the processing of your personal information according to our relationship with you and the purpose for which it is collected as explained in the table below.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data and therefore there may be several grounds which justify our use of your personal information.

Purpose	Type of data	Lawful basis for processing
To contact you for marketing purposes, to send you information about our services, offers, news and events, surveys, and polls.	Name, address, email address, contact information, contact preferences	Your explicit consent given by taking a positive step during your registration to receive this information or subscribe to these services and Change Network has a legitimate interest in publicising its products or services to you.
To process and deliver services to you, including service delivery and payment management	Name, address, contact details; Financial information	Performance of a contract with you. Necessary for our legitimate interests (to recover amounts due to us).
To process job application data	Name, address, Equality and Diversity information, work history, financial details	Necessary for our legitimate interests (supporting employment)

Can I opt out of marketing from you?

We may use your personal information to contact you if you subscribed and consented to receive our newsletter/updates or job alerts about future employment opportunities.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, or by contacting us at hello@changenetwork.co.uk.

Sharing your data

We will not share your personal data with any company outside of Change Network for marketing purposes without your permission, other than:

Where it is necessary to deliver service to you under the contract you have with us.  For example if we sub contract a 3^rd party to deliver services and need to share your name and contact details for them to do the work.

For credit references and payments:  Where we must share your details with banks and payment providers to authorise and complete payments.  We may also share your details, with notification to you, with credit reference agencies and organisations involved in the prevention of fraud.

With third parties which perform the pre-employment checks, including relevant vetting services.

Where we are required to to:

a. Comply with our legal obligations;

b. Exercise our legal rights (e.g. pursue or defend a claim).

We may also hold your data in systems (e.g. CRM) that are secure for use to store your data.  We will only engage with software suppliers who hold Cyber Essentials Plus or ISO 27001 accreditations to ensure your data is secure.

Your rights in connection with your personal data

You have the following legal rights in connection with your personal information:

• Request access to your personal data. This enables you to receive a copy of the personal data we hold about you as well as information about how your personal data will be processed and the legal basis for the processing.
• Request correction of the personal data that we hold about you. You can request to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.
• Request deletion of your personal data. You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), or automated decision making and you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
  •  If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you want to exercise any of these rights, please contact INSERT

Please note that exemptions set out in the Data Protection Act may apply meaning that we do not have to grant your request in full. However, we will always meet your request as far as we are able.

Security of your personal information

We have put in place appropriate security and back up measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long do we keep hold of your personal information?

Our Data Retention Standard is in development and will mandate how long records, including personal data, must be retained.

We will retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal / regulatory or reporting requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

Links to other websites

Our website may provide links to third party websites.  Change Network Limited is not responsible for the conduct of external companies linked to the site and you should refer to the privacy notices of these third parties as to how they may handle your personal information. We cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this Privacy Notice. 

The Right to Complain

If you have any concerns or complaints regarding the processing of your personal data, or our compliance with the UK GDPR and Data Protection 2018, you should contact our Data Protection Officer, Kate Lindley – kate.lindley@changenetwork.co.uk

ICO details

The Authority to investigate and enforce data legislation breaches is the UK Information Commissioner’s Office (ICO) www.ico.org.uk  You have the right to make a complaint to them for data protection issues at any time. 

Their contact details are:

Telephone: 0303 123 1113

Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Changes to our Privacy Notice

This Privacy Notice was last reviewed and updated on 5^th July 2023. We may amend this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business.