Date last revised 17th May 2018
We are WORKPAD TRADING LIMITED (we/us/our), a UK company registered at Lynton House, 7-12 Tavistock Square, London WC1H 9BQ (number 08604231). This policy sets out how we will process any personal data you provide to us. We only collect the personal data we reasonably require in order to do business with you, and we are committed to protecting it.
1. This policy
- This policy applies to our business relationship with you and any personal data you provide to us in connection with the same. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 1998 (Act) and/or the General Data Protection Regulation (Regulation), as applicable. This does not apply to any data that relates solely to your business, or that does not allow us to identify a living individual from it.
- By visiting our website at www.workpad.co.uk (Website), or by otherwise doing business with us, you understand, accept and consent to the practices described in this policy. Please check back frequently. Any changes we make to this policy will be posted on this page, and will be binding on you.
- For more information about your rights, please see section 8. You are welcome to direct any related queries to us at [email protected].
2. Who we are
- WORKPAD TRADING LIMITED is a member of a group of companies operating under the “WORKPAD” brand. We are a wholly-owned subsidiary of Workpad Group Limited (number 07886983). We process limited amounts of personal data relating to the staff of our customers or suppliers, and we only take the data we need in order to carry out our services and to licence the temporary occupation of our premises to you. We are registered with the ICO to process your personal data for these purposes and our registration number is ZA374073.
- All data that is obtained by us is done in a business-to-business context, and we are a third party you use to occupy business premises only. We are therefore a data processor in relation to any of your staff data we may process (from time to time).
- The lease for each of our properties is held by a separate company (which will be apparent to you as your commercial landlord) who pass your business and personal data to us for centralised administration.
- All personal data will be held and stored by us in our internal management information systems on servers located in the UK. All personal data is processed by UK based staff who are regulated by our internal staff data protection standards.
3. Your consent
- To process your personal data we are relying on necessity in order to perform our contract with you, and we consider the personal data we obtain is reasonable and necessary for these purposes. However, we review this intermittently and remove any inaccurate or obsolete data. We are therefore not ordinarily relying on your consent to process your data.
- You may exercise your rights under section 8 at any time, which includes withdrawing your consent to our processing of your personal data. However, where this withdrawal prevents us from performing our contract with you, we may not be able to continue to licence our premises to you.
4. What we collect
- We will only collect your name, address, telephone number and email address from you to allow us to maintain accurate records and to verify your identity. Occasionally, we will ask for a scanned copy of a passport or driving licence for ID verification purposes. Bank details (which are likely to be business bank account details only) are retained for the purposes of returning deposits only.
- Where you are a current, potential or former employee, worker or other member of our staff, we may collect additional categories of your personal data for the purposes of providing you with the necessary benefits under our contract with you. In those circumstances, a separate privacy notice applies and a copy is available on request.
- We use CCTV at some of our premises for the protection of our property, and for the prevention and detection of crime, and we are registered with the ICO to process your data in this way. Your biometric data may be taken during your time in such premises and this will be stored and retained by us in accordance with our internal data retention policy.
5. How it is collected
The categories of data in section 4 are collected in the following ways:
- When you provide it to us
- personal data is primarily provided to us when you enter into a contract with us;
- when we correspond with you in relation to our contract (either by email or telephone); or
- when you correspond with us by phone or e-mail as part of our business with you, or if you use our live chat function on our Website, any of your personal data contained in that correspondence (including your IP address and location) will be retained by us
- When we collect it from you
- When you use our Website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings.
- We also monitor your use of our Website. This includes the full URLs, your clickstreams through our Website, the pages you view and how you interact with them and how you leave the Website
- When we receive it from others. We are registered with many UK-based brokers and agents (based chiefly in London) who are aware of our range of premises. It is therefore likely that your contact details will have been passed to us by those third parties where they reasonably consider our premises may meet your needs. We only engage agents and brokers on written terms and conditions.
6. What we use it for
- The primary reason for processing your personal data is stated in section 1.
- Technical information we collect about your visit to our Website is used to enable us to:
- personalise and improve its functionality and security (to keep it safe and secure);
- administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
- ensure that we can offer you the most effective and efficient browsing experience, and make improvements where necessary.
- We also use your personal data to send you information by email about premises that may be similar to premises you have previously occupied on licence from us (or enquired about). We only do this where you have given us permission to do so, and you can opt-out at any time. Where you opt out, we will no longer contact you until you ask us to, and we will not prompt you to do so.
7. Security and retention
- Once collected, any of your personal data will be retained by us for the duration of the time you are in occupation of our premises, and for up to 6 years after the termination or expiry of your occupation licence (in case of any dispute or claim, or should you require a reference). We may retain limited contact details (email address and name only) to contact you for marketing purposes only (where you give us permission to do so).
- Any personal data we process will be stored:
- with Salesforce.com, inc. on Cloud storage solutions. SalesforceareEU-U.S. Privacy Shield accredited and compliant and their detailed privacy statement is available on their website at https://www.salesforce.com/uk/company/privacy/full_privacy/
- on Google Drive®, a storage solution hosted by Google LLC (Google) who are based in the USA (California);
- on local hard drives on staff computers and devices (all of which require unique user-authentication to access).
- We do not provide any hardware to you when occupying our premises. We merely provide a wi-fi and Ethernet connection. We do not gain any access to any VPN you may operate, nor do we host any data you process through your internet connection or store on your local machines. Any IT support is provided to us by a third party on our behalf.
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. These include access being restricted to those members of our team with appropriate seniority and length of service, and staff are all regulated by our internal data protection policies/standards. Whilst access is not by way of authentication software, and we do not encrypt the data we hold, we consider these measures to be appropriate to the nature and limited sensitivity of the personal data we process.
8. Your rights
- Under the Act and the Regulation, you have the following rights (in relation to all of the personal data we hold about you) to ask us:
- not to process your personal data for marketing purposes;
- to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
- to amend any inaccurate data we hold about you;
- to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
- to only process your personal data in limited circumstances, for limited purposes.
- We have the capacity to extract your personal data from our databases and provide it to you in a structured, commonly-used way (typically by .csv file), and we can delete all of your data at any time (should you require us to do so).
- If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.
- Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.