Oxenbury Partners Privacy Policy

 

This policy is effective from 24 May 2018.

Oxenbury Partners are committed to ensuring that your privacy is protected. This Privacy Notice explains how we use your personal information and your rights under data protection laws.

We are committed to complying with data protection laws, including: 

  • The General Data Protection Regulation (EU) 2016/679 (GDPR) and any related legislation which applies in the UK, including any legislation derived from the Data Protection Act 2018.
  • The Privacy and Electronic Communications Regulations (2003) and any successor or related legislation, including the E-Privacy Regulation 2017/0003.
  • All other applicable laws and regulations relating to the processing of personal information and privacy, including statutory instruments and, where applicable, the guidance and codes of practice issued by the Information Commissioner’s Office or any other supervisory authority.

What we do
Oxenbury Partners provides specialist technology recruitment services.  We rely on "legitimate interests" as the lawful bases on which we collect and use your personal information.

Our “legitimate interests” means the interests of Oxenbury Partners in providing recruitment services and events. We have an interest in knowing the technology market and knowing of potential candidates.  

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests do not automatically override your interests – we will not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

We will ensure that your personal information is processed fairly, lawfully and transparently, and we will only process personal information that is adequate, relevant and limited to what is necessary for our relationship.

How we collect your personal information, what we collect and how we use it
We will only process your personal information for the purposes set out below. Should we need to process your personal information for a new purpose, we will inform you beforehand.

When you provide any information to us, you can be assured that it will only be used in accordance with this Privacy Notice.

You may opt out from receiving our information at any time.

We only hold personal information on relevant persons who work in the technology sector and are of interest to our technology recruitment business.

We only hold information that has:

  • Come directly from that person (usually by in-person meeting, phone conversation, email, video conference, via social media, a job board or our website)
  • Been posted on a job board or other permissioned-access recruitment-specific websites
  • Been gathered from a publically available website (such as LinkedIn, Xing, company websites, GitHub, Stackoverflow and Twitter)

When we engage with someone for the purpose of our technology recruitment business, we will ask for personal information in order to begin our relationship with them and keep them up-to-date on our activities.

These are the types of personal information we hold:

  • Name
  • Contact details 
  • Location
  • Job title
  • Career history
  • Salary details 
  • Education 
  • Personal information affecting job decisions 
  • Visa status
  • CV

We use this information to match jobs with prospective candidates and to inform them about these opportunities, we also use this information to understand technology market trends and to engage with relevant people who work in the technology industry.  

This information is stored on our database provided by Invenias, on email, in Microsoft documents and in the form of handwritten notes kept in physical notebooks. 

You can asked to be removed from our records at any time.

Website
Like most websites, our website uses data collection tools to track user interaction. We only use cookies that are necessary to provide certain basic functionality, to help us to improve the performance of our website and provide you with a better user experience. You may delete and block all cookies from this site, but parts of the site may be negatively affected. To find out more about cookies, click here.

We currently have a basic website and do not analyse anything from it. 

Who we share your information with
We may share your information with Invenias as our database provider, and Meetup.com, our event facilitator.  If a client has paid an invoice, details of this are stored in Xero.  We hold regular email correspondence with G Suite (https://cloud.google.com/security/gdpr/ and https://privacy.google.com/businesses/compliance).

We will only share your information if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.

We will never sell, rent or otherwise distribute or make public any of your personal information, unless legally required to do so.

How we secure your personal information and how we handle data breaches
We take the security of all personal information seriously and have put into place robust physical, electronic and managerial procedures to safeguard your information against unauthorised access, theft and loss.  We limit access to personal information to those who have a genuine business need to know it.  Individuals processing personal information will do so in an authorised manner and are subject to a duty of confidentiality.

We will report any suspected data breach to the applicable authorities and to individuals where we are legally required to do so.  

How long we retain your personal information
We retain your personal information for as long as we maintain a relationship with you. If we do business with you, we may also retain and use some personal information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

What are your rights?
Under data protection laws, you have a number of important rights which you can exercise free of charge. In summary, these rights are:

  • The right to rectification: If your personal information is incorrect or incomplete, you have the right to have it corrected.
  • The right to be forgotten: In certain circumstances, you may request the removal of your personal information.
  • The right to restrict processing: In certain circumstances, you can block the processing of your personal information.
  • The right to data portability: In certain circumstances, you can receive the personal information which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit that information to a third party, or for your own use anywhere you prefer.
  • The right to object: You can object to the use of your personal information for direct marketing or in certain other situations.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

How to exercise your rights
If you would like to exercise these rights, details of how to do so are set out below.

Subject access requests
You can request a copy of any personal information that we hold about you, as well as the description of the type of information that we are processing, the uses that are being made of the information, details of anyone to whom their personal information has been disclosed, and how long the personal information will be stored. This is known as a “subject access request”. This information must be provided within one month of request at no charge to you. Please email our Data Protection Officer or call us on the number below to make a request.

Updating your details
We have an obligation to store accurate information about you, so should your personal information change at any point, please email our Data Protection Officer or call us on the number below to update your details.

Opting out
If you just want to stop receiving emails from us, you can unsubscribe at any point by emailing our Data Protection Officer emma@oxenburypartners.com or the company Director martin@oxenburypartners.com 

You can always request that we remove you from our database. If you would like us to delete your record, please email our Data Protection Officer (details below) or call Company Director Martin Jee on 00447968 816 944. We may continue processing this data if we have an overriding legitimate interest to continue the processing.

How to complain
We hope that we can resolve any query or concern you raise about our use of your information.

You also have the right to complain to the UK Information Commissioner, who may be contacted at https://ico.org.uk/concerns/ or by telephone on: 0303 123 1113.  If you live or work elsewhere in the EU or EEA, you can also complain to your local supervisory authority.

Changes to this Privacy Notice
This policy is reviewed annually by our directors to ensure we are meeting our legal obligations. It therefore may change from time to time in line with legislation or industry developments. We recommend that you check this page occasionally for any policy changes or updates.

How to contact us
Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

Data Protection Officer: Emma Jee
Email: emma@oxenburypartners.com

Oxenbury Partners is a trading name of Oxenbury Partners Limited, a company incorporated in England & Wales under company registration no. 08455610 and whose registered office is at 6a St Andrews Court, Wellington Street, Thame, England, OX9 3WT