Codethink Limited ("Codethink") values your privacy. On our website (the "Site"), we offer information about our software engineering and consultancy services.
In this Privacy Notice ("Notice"), we describe how we collect, use, and disclose information that we obtain about you when you contact us, or when we contact you, to explore your potential use of Codethink services, or if you are applying to work for or with us, for example. Your communications with us, and any dispute over privacy, are subject to this Notice.
The Information We Collect About You
We may collect information about you from public sources, or we may collect information directly from you when you contact us, or when we contact you, to discuss our services, or to discuss your employment application.
Information We Collect from Public Sources. We may obtain information about you from public sources such as your company’s information published on its website, or from openly-published information such as press releases, media articles, etc.
Information We Collect Directly from You. When you communicate with us to consider a possible business or personal relationship with Codethink, we may record the following information about you: your name, job title, company/organisation name, company/organisation address(es), email address, mobile phone, business phone, CV, and other relevant data of a similar nature. We may record details of the communications that we have with you. This might include emails, phone conversations, meetings held, interview records, potential or actual Codethink activities for you and proposals for them (if we’ve been discussing any), how we came to know you, etc.. Codethink staff may also communicate with you by contact through social networking sites such as LinkedIn – again, we may keep records of such exchanges. If you choose to connect with any of our staff through LinkedIn (or equivalent), we may collect further information (that you have thereby shared) about you.
We Do Not Use Web Technologies to Track You. We will not automatically collect any information about you through tracking cookies/mechanisms, web beacons, or any similar technologies. We do not use tracking cookies on our web site, and we do not use any mechanisms on our web site to personally identify any individuals who choose to use our site. We may hold logs storing IP addresses for up to 30 days.
How We Use Your Information
We use your information for the following purposes: to contact you to discuss your possible interest in our services, or to respond to your inquiries, and for other business purposes in the event that you become a Codethink customer, partner, supplier or apply to be an employee. We might do this by various means such as sending you personal email messages, through LinkedIn messaging (or similar), contacting you by phone or, perhaps, by text. We might also contact you periodically to remind you of your rights under the UK’s General Data Protection Regulations (GDPR). Access to your personal data will be restricted as much as is feasibly possible to those who need access.
Your data will be processed primarily on systems inside the European Union, which may be hosted by third-parties. Codethink is legally required to make sure that any third-party data processing or storage company we employ respects your rights and assists us as needed to comply with our legal obligations. We will store your data for up to three years since our last contact with you, depending upon the nature of your interactions with Codethink, at which point it will be deleted. We may need to retain some personal data for longer for legal or regulatory purposes.
How We Will Not Use Your Information
We will not use the information that we gather about you to send spam email messages, mail-shots, or similar blanket marketing campaigns. We will not send you newsletters, special offers or promotions. We will not use any information that we learn about you for advertising, market research or profiling purposes.
How We Share Your Information
We will not share your information with anyone outside of Codethink, other than with third parties who host our data, unless we are obligated to do so in one of the following circumstances:
Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
When jointly cooperating with you and other third parties. We also may disclose certain information such as email addresses when jointly working with you and other companies.
Security of Your Personal Information
We have implemented commercially-reasonable precautions, including, where appropriate, password protection, two-factor authentication, SSL and other encryption, firewalls, and internal restrictions on who may access data. This is to protect the information that we hold about you from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. Please be aware that, despite our best efforts, no data security measures can guarantee 100% security.
Our Lawful Basis for Collecting and Storing Your Information
We will only use personal data for specific purposes and under an appropriate lawful basis. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where relevant.
|Purpose/ Processing Activity||Lawful Basis for processing under Article 6 of the GDPR|
|processing job applications||Performance of a contract|
|preparing contracts / draft contracts / bids for Codethink services and new suppliers||Performance of a contract|
|delivery of the contracted project services and communication with customer contacts by the assigned team||Codethink has a legitimate interest as a business to process personal data to contact individuals who work for companies for whom Codethink have a business contract, without which Codethink would be unable to carry out the contracts and survive as a business;|
|store and refer to rejected job applications||Codethink has a legitimate interest to process personal data to review recruitment history, compare candidates and feedback given and reduce duplication where multiple sources are used.|
|to form business relationships and facilitate new commercial contracts for Codethink services, to the mutual benefit of Codethink and our customers||Codethink has a legitimate interest as a business to process personal data and has assessed that there will be minimal impacts to your rights, as set out under GDPR.|
|cloning or forking to Codethink infrastructure of repositories of source code from public services (e.g. GitHub, GitLab) and/or made available to us by customers, partners and/or suppliers in the course of our normal business||Codethink has a legitimate interest as a business to process the personal data contained within source repositories. Such personal data was added by the contributor and is kept with the source code itself; the contributors have no expectation to be informed and doing so would cause unnecessary disturbance for the individual.|
|processing of personal information of children to support activities such as work experience||Consent. We will only process personal data relating to children if you have given your consent for us to do so. In the case of children under the age of 13 then only with written consent of a parent/guardian.|
Where we have identified Legitimate Interests as the lawful basis for processing, we believe we are using your data only in ways that you would reasonably expect, and that this processing is necessary for Codethink’s business, and we don’t believe we are using your data in ways you might find intrusive or could cause you any harm.
What Rights Do You Have Regarding Codethink’s Use of Your Personal Information?
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data; to the portability of your personal data, and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office, about the processing of your personal data.
Where we need to process personal information of children, for example in the case of work experience, we will ask for relevant consent. Such data will be deleted from our systems within one month of the purpose of needing the personal information being completed, with the exception of any information required for legal or regulatory purposes.
Our Site may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Notice, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
Note to Non-E.U. Persons
If you are located outside the European Union, please note that information about you that we collect and use will be processed within the European Union subject to the General Data Protection Regulations (GDPR) for the United Kingdom, effective in UK and EU law from 25 May 2018. We will protect your personal information through the implementation of this Notice, and we will respect any requests you make to us as described under the heading “What Rights Do you Have…”, above - even if you are not an EU resident or citizen.
If you have questions about the privacy aspects of your dealings with Codethink or would like to make a complaint or request, please contact us at firstname.lastname@example.org We are required to reply as quickly as practical, and within one month, using reasonable means.
Changes to this Notice
This Notice is effective as of the 25 May, 2018. We may change this Notice from time to time. We will post any changes to this Notice on our Site. If we make any changes to this Notice that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavour to provide you with notice in advance of such change by highlighting the change on our Site, and by contacting you via email.