Privacy & Cookies Notice
Your Privacy Matters
CandidateX is a community-led movement, accelerating equality in the workplace. Central to this is our commitment to be transparent about the data we collect about you, how it is used and with whom it is shared.
- The information we collect on our website
- How we use your information
- Who we might share your information with
- How we keeping you updated on our business, products and services
- Your rights over your information
- How long we keep your information for
- Your data and Social Networks
- Cookies used by this website
- How to contact us
Our registered users (“Members”) share their identities, engage and exchange knowledge and professional insights. Content and data on some of our Services is viewable to non-members (“Visitors”).
2. THE INFORMATION WE COLLECT ON OUR WEBSITE
We only collect information that we know we will genuinely use and in accordance with the General Data Protection Regulation (GDPR). The type of information that we will collect on you, and you voluntarily provide to us on this website includes:
- Your full name
- Other supplied personal data
- The name of your company
- Your Email address
- Your phone number
- Your IP address at the time
- The time and date of when you submitted information
- The corresponding statement that you consented to
- Your CandidateX support image
We may, in further dealings with you, extend this information to include the services used, and subscriptions, records of conversations and agreements.
- You are under no statutory or contractual requirement or obligation to provide us with your personal information; however we require at least the information above in order for us to deal with you as a prospect or customer/member/service user in an efficient and effective manner.
- The legal basis for processing your data is based on your specific consent/performance of a contract/compliance with a legal obligation/your vital interest/our legitimate interest that we will have requested/stated at the point the information was initially provided, therefore we will not store, process or transfer your data outside the parties detailed above unless we have an appropriate lawful reason to do so.
Contact Form The primary instance where our website will ask you for personally identifiable information is our contact form. The contact form specifically, is powered by a popular WordPress plugin called Contact Form 7. Upon completing your information, you will be asked to consent to our data processing policy which is outlined within this document. Once submitted, your information will be processed and forwarded to us within a single email sent by the website application. Your information will not be stored within the website application’s database.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
2.2 Posting and Uploading
We collect personal data from you when you provide your support to the CandidateX movement such as when you fill out a form, (e.g. with demographic data, your photo, response to a survey)
Customers and partners may provide data to us.
3. HOW WE USE YOUR INFORMATION
- To use on ‘The Hub’
- To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
- Make available our products and services to you;
- For statistical analysis and to get feedback from you about our products, websites, mobile apps, and other services and activities. For example, occasionally we may invite you to review a product or service we are creating;
- To power our security measures and services so you can safely access our website and mobile apps;
- Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
- Contact you about products and services from us;
- Provide you with online advertising and promotions; and
- Help answer your questions and solve any issues you have
- Research purposes
Our Services allow you to stay informed about news, events and ideas regarding professional, equality, diversity and inclusion topics you care about.
We use the data we have about you (e.g., data you provide, data we collect from your engagement with our Services and inferences we make from the data we have about you), to personalize our engagement for you.
5. HOW WE KEEP YOU UPDATED ON OUR BUSINESS, PRODUCTS AND SERVICES
From time to time we may send you relevant information and news about our business, products and services by email, but only if you have consented to receive these marketing communications. When interacting with our website, you may be asked if you’d like to sign-up to receive our email marketing communications and will you be asked explicitly to opt-in to receiving these. You can change your Email Marketing subscription anytime by editing your preferences or unsubscribing altogether via the link at the bottom of any of our email marketing communications or by contacting us via the details at the end of this policy.
6. YOUR RIGHTS OVER YOUR INFORMATION
Right to Access Your Personal Information
For personal data that we have about you, you can:
- Delete Data: You can ask us to erase or delete all or some of your personal data.
- Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is unlawfully held or inaccurate).
- Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. If you would like to exercise any of these above rights, please contact us via the details listed at the very end of this policy.
7. HOW LONG WE KEEP YOUR INFORMATION FOR
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of 2 years after our last contact with you/some other identifiable action or period, at which point it will be permanently deleted and therefore irretrievable.
8. YOUR DATA AND SOCIAL NETWORKS
When using this website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
Data security is of the highest importance to CandidateX and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data. We take security measures to protect your information including: Physical & Managerial Security Procedures
- Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
- Implementing access controls to our information technology
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, offices and stores.
- Never asking you to disclose your own passwords,
- Advising you never to enter your account number or password into an email or after following a link from an email.
Website Application and Hosting Security Procedures
- HTTPS – This website is secured via Hyper Text Transfer Protocol Secure (HTTPS). It means all communications between your browser and this website are securely encrypted. This means that even if somebody managed to intercept the connection, they would not be able to decrypt any of the data which passes between you and the website.
- Secure Payments via PayPal – All transactions taken and processed on this website are handled separately by PayPal.
- Secure Update Process – Inline with the security processes of our website development partner agency, this website application’s code-base is administered and updated via a password and FTP free process.
- All code-changes are deployed via a secure process that does not rely on the storage and visible access of passwords.
- Two Factor Authentication – Where possible, the administration interface to this website application and any personally identifiable information herein, is secured behind a two factor authentication login to all staff who have access to it. Additionally, our website development agency can only access the same interface via their secure Google GSuite accounts and hold no password records for accessing the platform at super-admin level.
- Web Application Maintenance – Our organisation, working in collaboration with our website development agency, regularly monitor the security of this website and consistently update the core CMS platform and supporting extensions and plugins.
- PCI-DSS Compliant Server – Our website application is hosted and operations on a PCI-DSS compliant server independently certified by Security Metrics. The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments.
- Cloudflare – Our website’s DNS is managed through CloudFlare who provide our content delivery network (CDN), DDoS attack mitigation, Internet security and distributed domain name server services.
11. HOW TO CONTACT US
This Policy was last updated on 17-02-2020