Privacy Policy
This is the Website Privacy Notice of Afiniti Consultants LLP and it is approved and authorised by the Afiniti Leadership Team.
Afiniti takes its responsibilities with regard to the management of the requirements of the General Data Protection Regulation 2016/679 (UK GDPR) and the Data Protection Act 2018 very seriously. We have appointed Defense.com Cyber Security Ltd. (Bulletproof) as our designated Data Protection Officer (DPO) who works alongside Afiniti’s Information Security Manager to ensure robust governance, policies and procedures are in place and adhered to.
We, Afiniti Consultants LLP, take the protection of your personal data very seriously and strictly adhere to the rules laid out by data protection laws and General Data Personal Regulation (GDPR).
This privacy notice aims to give you information on how Afiniti, as a “data controller” collects and processes your personal data through your interaction with our websites under the domain https://www.afiniti.co.uk/ or by entering into a relationship with us, for the delivery of our services and to comply with legal requirements.
We have appointed a Data Protection Officer (DPO) who is responsible for monitoring and providing guidance with our GDPR status. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at compliance@afiniti.co.uk.
The types of personal data we process, our purpose and the lawful basis for processing as well as how we make use of the data depends upon the relationship you have with us.
In the sections that follow we have outlined the type of personal data we collect and how we collect it, the purposes for which we process personal data and our lawful bases for our different relationships. Please select the relevant section for you from the list below, based on the relationship you have with us:
- Website Visitors
- Clients and Their Employees
- Suppliers and Their Employees
- Partners, Associates and Employees
- Our Recruitment Candidates
Why we collect your personal information:
- For operational purposes such as operating our website and ensuring it is presented in the most effective manner for you and for your computer or device
- For the purpose of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post and/or telephone, providing support services and complaint handling including to process your enquiries
- For providing you with information you’ve requested from us via our web enquiry form, to discuss your enquiry
- Where you have consented to be contacted for such purposes, for the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and making contact by telephone for marketing-related purposes including sending of our newsletter or to provide you with information, resources or services that you request from us or which we feel may interest you
- For the purpose of researching and analysing the use of our websites and services
- To send you Afiniti Insights in case you subscribe to our Insights Blog
- For the purpose of allowing you to participate in interactive features of our service, for example if you complete our online Change Readiness Assessment via the website, we may contact you via telephone or email to make sure you received your free report and to discuss your business change requirements
- For the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally
- For ensuring the safe operation and monitoring the performance of our website
- For notifying you about the changes to our service
Lawful basis to collect and use your personal information
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:
- The data subject (you) has given consent to the processing activity taking place.
- If the processing is necessary for the performance of a contract.
- If the processing is necessary for compliance with a legal obligation to which the controller is subject.
- If the processing in necessary for the purpose of the legitimate interest pursed by us or our partners.
Where legitimate interest is identified as a lawful basis, we will undertake a legitimate interest assessment which is a three-part test covering:
- The purpose test – to identify the legitimate interest
- Necessity test – to consider if the processing is necessary for the purpose identified
- Balancing test – considering the individual’s interests, rights or freedoms and whether these override the legitimate interests identified.
To obtain more information or view our legitimate interest assessment please contact compliance@afiniti.co.uk.
What Information do we collect and where from
We collect personal information from you, when you interact with our websites under the under the domain https://www.afiniti.co.uk/ subscribe to our newsletter or enquire about any of our services. The categories of personal information that we may collect, store and use about you include:
- Information about your activity on our site including Information that you provide by filling in forms on our website, this includes information provided at the time of registering to use our site, subscribing to receive one of our newsletters or requesting further services. We may also ask you for information when you report a problem with our site.
- Your details for sending out newsletters
- Records of your correspondence with us
- Company name and job title
- Contact information such as email addresses, postal address & telephone numbers
For more information please see here.
Why we collect your personal information
- For the purpose of looking for new prospects
- For the purpose of managing sales processes
- To enable the arrangement and fulfilment of the contract of services between us
- To retain a suppression list to ensure we comply with our data subjects’ right to object to the processing of their data
- For the purpose of managing our relationships, account development, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post and/or telephone, providing support services and complaint handling including to process your enquiries
- For providing you with information you’ve requested from us via our web enquiry form, to discuss your enquiry
- For the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and making contact by telephone for marketing-related purposes including sending of our newsletter or to provide you with information, resources or services that you request from us or which we feel may interest you, for running a campaign if we feel your organisation might benefit from our services
- For the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:
- The data subject (you) has given consent to the processing activity taking place.
- If the processing is necessary for the performance of a contract.
- If the processing in necessary for the purpose of the legitimate interest pursed by us or our partners
Where legitimate interest is identified as a lawful basis, we will undertake a legitimate interest assessment which is a three-part test covering:
- The purpose test – to identify the legitimate interest
- Necessity test – to consider if the processing is necessary for the purpose identified
- Balancing test – considering the individual’s interests, rights or freedoms and whether these override the legitimate interests identified.
To obtain more information or view our legitimate interest assessment please contact: compliance@afiniti.co.uk.
We collect personal information from you, through publicly available resources, referrals or directly from you when you interact with our websites under the under the domain https://www.afiniti.co.uk/ subscribe to our newsletter, or enquire about any of our services. The categories of personal information that we may collect, store and use about you include:
- Name, email address, telephone numbers, home address
- Business information containing names of key stakeholders within the business
- Records of your correspondence with us including email records
- Company Name and job title
When we are providing our services to Clients, Afiniti will also act as a data processor for personal data for the provision of training to Client employees, management of Client stakeholders, creating materials and distribution lists and sending out surveys.
For more information please see here.
Why we collect your personal information
- For the issuing and tracking and invoices and where we need to perform the contract we have entered with you such as by making payments.
- For the purpose of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing)
- For the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally
Lawful basis to collect your personal information
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:
- If the processing is necessary for compliance with a legal obligation to which the controller is subject.
- If the processing is necessary for the performance of a contract.
What information do we collect and where from
We collect your personal data when you or your employer enters a relationship with us. We may collect and process the following information about you:
- Identification information such as name and surname
- Contact information such as email, telephone number
- Job Title, company address, VAT, bank details, payment information
For more information please see here.
As a current Partner, Associate or Employee of Afiniti you have already been provided with the relevant Privacy Notice upon the commencement of our relationship. This privacy notice gives you information on how we collect and process your personal data at recruitment, during employment/engagement and after your employment/engagement with us.
You can find this document in the Policy area on the Afiniti Intranet.
Why we collect your personal information
- For the purpose of carrying out our recruitment process and determine eligibility for the advertised role and your suitability to work with us
- For the purpose of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post and/or telephone, providing support services and complaint handling.
Lawful basis to collect and use your personal information
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:
- The data subject (you) has given consent to the processing activity taking place
- If the processing is necessary for compliance with a legal obligation to which the controller is subject
- If the processing is necessary for the performance of a contract.
What information do we collect and where from
As well as collecting information from you we may also collect it from other sources including any professional profiles online (such as LinkedIn) and your professional referees such as former managers. We use all data sources lawfully and we only collect types of data relevant to our recruitment needs; we do not process irrelevant data (such as cultural information) for recruiting purposes.
We may collect and process the following information about you:
- Identification information such as name and surname including any other listed on the CVs such as nationality
- Information available on CV or cover letters
- Contact information such as email addresses, postal address & telephone numbers
- Education history such as establishments attended and qualifications.
- Employment history
- Professional references from referees you provide
- Proof of right to work in the UK
- If you give your explicit consent, information on any disability you may have for which we need to make reasonable adjustments during the recruitment process.
Where your job application with Afiniti is unsuccessful, we will delete your personal data after 6 months following the end of campaign. If we would like to consider you for future roles, with your consent we’ll hold your data for an additional six months. After one year, if you and Afiniti wish to continue to keep in touch for recruitment purposes, we’ll ask for your consent to continue storing your data for a further year.
For more information please see here.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We will review your personal information regularly to establish whether we are still entitled to process it. If we decided that we are not entitled to do so, we will stop processing your personal information to the extent that it is appropriate to do so and securely delete or anonymise it. To determine the appropriate retention period, we will consider the amount, nature and sensitivity of that information, the potential risk of harm from unauthorised use or disclosure, and whether we can achieve the purposes for which we process that personal information through other means.
If you would like to find out how long your information is being retained, please contact compliance@afiniti.co.uk.
Afiniti takes the responsibility for protecting your privacy very seriously and we will ensure your data is secured in accordance with our obligations under the Data Protection laws. We have in place technical and organisational measures to ensure personal information is secured and to prevent your personal data from being accessed in an unauthorised way, altered or disclosed. We use computer safeguards such as firewalls and data encryption, we enforce access controls to our files, and authorise access to personal information only for those employees who require it to fulfil their job responsibilities.
We have policies and procedures to handle any potential data security breaches and data subjects, third parties and any applicable regulators will be notified where we are legally required to do so.
We have ensured that all employees have had information security and data protection training. If you would like more details of the security we have in place, please contact compliance@afiniti.co.uk.
Your principal rights under data protection law are:
- the right to access – you can ask for copies of your personal data; you or any third party acting on your behalf with your authority may request a copy of the personal data we hold about you without charge. We, Afiniti will ask to verify your identity or request evidence from the third party that they are acting on your behalf before releasing any personal data we hold about you.
- the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data.
- the right to erasure – you can ask us to erase your personal data.
- the right to restrict processing – you can ask us to restrict the processing of your personal data.
- the right to object to processing – you can object to the processing of your personal data if, processing relies on legitimate interests, processing is for scientific or historical research, processing includes automated decision making and profiling, processing is for direct marketing purposes.
- the right to data portability – you can ask that we transfer your personal data to another organisation or to you.
- the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
- rights relating to complaints and remedies.
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
You ask any questions about these rights or exercise any of your rights in relation to your personal data by contacting compliance@afiniti.co.uk.
Afiniti may disclose your personal data, listed under the relevant section to some third parties insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Categories of third parties that we use are listed below:
- Business partners, suppliers, contractors for the performance of any contract we enter into with them or you
- Third parties that support us to provide products and services e.g. IT support, cloud-based software services, providers of telecommunications equipment) Website services and Marketing services providers Banks for the purposes of making payments
- Professional advisors e.g. lawyers, auditors, DPO services
- Web analytics and search engine provider to ensure the continued improvement and optimisation of our website.
- Website and social media for the purposes of promotion of Afiniti
If you want to find out in detail who your personal data is shared with, please contact compliance@afiniti.co.uk.
We may share personal information to third parties outside of the United Kingdom. Likewise, the hosting facilities for our website and/or data centres may be located outside the United Kingdom. Any personal information transferred will only be processed on our instruction and we ensure that information security at the highest standard would be used to protect any personal information as required by the Data Protection laws.
If personal data is transferred outside of the UK to a country without an adequacy decision, we will ensure appropriate safeguards are in place prior to the transfer. These could include:
- International Data Transfer Agreement
- UK – US Data Bridge
- An exception as defined in Article 49 of the GDPR
For more information about transfers and safeguarding measures, please contact compliance@afiniti.co.uk.
Our website uses cookies. Please see our Cookie Policy for the cookies used: https://www.afiniti.co.uk/cookie-policy/.
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading, or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact us via email on compliance@afiniti.co.uk.
Alternatively, you can make a complaint to the Information Commissioner’s Office:
- By Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- By Website: Click Here
- By Email: Click Here
- By Phone: 0303 123 1113 (Local rate) or 01625 545 745 (National rate)
Your trust is important to us. That is why we are always available to talk with you at any time and answer any questions concerning how your data is processed.
If you have any questions that could not be answered by this privacy policy or if you wish to receive more in -depth information about any topic within it, please contact our DPO via email on compliance@afiniti.co.uk.
We keep this Privacy Notice under regular review. This Privacy Notice was last updated on 02/04/2024. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
