MORGENSTERN ENERGY – PRIVACY POLICY NOTICE
As a service provider, Morgenstern Energy (hereinafter referred to as ‘The Company’) must process personal data (including sensitive personal data) so that it can provide these services; in doing so, the Company acts as a data controller.
This Privacy Policy outlines how the Company collects, uses and processes your personal data, and how, in doing so, it complies with its legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights in line with the General Data Protection Regulation (EU) 2016/679 (GDPR).
This Privacy Policy also applies to the personal data of our Website Users (www.morgensternenergy.com), Candidates, Clients, and 3rd Party individuals whom we may contact for the purposes of providing payroll processing and/or contractual processing. The website is not intended for children and we do not knowingly collect data relating to children.
You must read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
How we collect your data
You may give your personal details to the Company directly, such as on an application or registration form or via our website registration, or we may collect them from another source such as a jobs board.
While processing your information we will issue you with a Privacy Notice which will confirm our legal basis for collection and use of your data. Personal Data collected & processed includes but not limited to:
- Name, Address, Telephone/Email contact
- Passport
- Employment History
- Education History / Certification
- Referees
- Next of Kin details
- Bank details
- NI Number.
We may also collect information about your computer and your visits to and use of this website, such as your geographical location, IP address, browser type, referral source, length of visit and number of page views. This information will not be shared with external third parties.
How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Recruitment: this means processing your data where it is necessary for a recruitment process.
- Performance of Contract: thismeans processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- Comply with a legal or regulatory obligation: this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Do be aware that the Company is required by law to ensure that when processing any of your personal data, that it is:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained
to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept in a form which permits you to be identified for only as long as necessary for the purposes we have told you about.
- Kept securely.
Cookies
We may use cookies on the Company’s website. A cookie is a text file sent by a web server to a web browser and stored by the browser. The text file is then sent back to the server each time the browser requests a page for the server. This enables the web server to identify and track the web browser.
We may send a cookie which may be stored by your browser on your hard drive. We may use the information we obtain from the cookie in the administration and optimisation of our website to improve our websites usability and for marketing purposes. We may also use that information to recognise your computer when you visit our website and to personalise our website for you.
Most browsers allow you to refuse to accept cookies (in internet options -> settings) Selecting to block all cookies may affect your experience while browsing the site, and enhanced features directed towards users with cookies enabled will not appear.
We will be using Google Analytics to analyse the use of this website, Google Analytics generates statistical and other information about website use by using cookies which are stored as mentioned above. This information is used to create reports about use of our website. Google will store this information for their Privacy Policy please visit http://www.google.com/privacypolicy.html
Who We Share Your Personal Data With
The Company may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.
- Internal Third Parties such as HR, Recruitment.
- External Third Parties Service such as:
- Providers acting as processors based in the United Kingdom who provide IT and System Administration Services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom, who require reporting of processing activities in certain circumstances.
- Third parties/ Company Clients whom we may choose to partner with.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International Transfers
We may share your personal data within the company and its clients. This will involve transferring your data outside the European Economic Area (EEA).
Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA we ensure a similar degree of protection is afforded to it by implementing certain safeguards.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Candidates who we provide payroll services or provide on a contract basis to our Clients’ information will also be stored in our Payroll software. Information from payroll is shared as required under payroll/ contractual obligations i.e. HMRC, Pension Auto Enrolment Provider.
We may be required to share your data when required by law or to help protect the rights and safety of you, us or others. We do not share your data with 3rd Parties without your explicit consent. This does not include trusted 3rd parties who assist us in operating our website, provision of IT / support and external auditors who may view data in the course of their upkeep/maintenance & audit of our business systems. All 3rd parties with access to this data, agree to adhere to strict confidentiality rules regarding any information viewed.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our clients and candidates (including contact, identity, financial and transaction data) for six years after they cease being clients/partners/employees.
In some circumstances you can ask us to delete your data: see Your legal rights below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Rights
Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:
- Request access to your data: You can ask us to provide a copy of the personal data we hold about you.
- Request corrections to be made to your data: If you think that your personal data is incomplete, inaccurate you can ask us to correct it.
- Request erasure of your data: If you consider there is no lawful basis for us to continue processing your data you can ask for that data to be deleted or removed.
- Object to the processing of your data: If our lawful basis for processing your data relates to a legitimate business interest (or third party interest) you can raise an objection to that interest. You can also object to us using your information for direct marketing purposes.
- Request that processing restrictions be put in place: If you believe that your information is being processed without a lawful reason or that the information is incorrect you can request that a freeze/restricting is placed on the processing of the information until your concerns are
addressed.
- Request a transfer of your personal data: You can ask us to transfer your personal data to a third party.
If you wish to exercise any of the above rights please contact our Data Privacy Manager on +441224900121. Once we receive your notice of withdrawal we will cease processing your data unless we have any other lawful basis on which to continue processing that data.
No fee required – with some exceptions
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Policy Amendments
We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. Any amendments/updates will be indicated by changing date updated under the title subject.
Third Party Websites
The website may contain links to other websites. We are not responsible for the privacy policies or practices of third party website you chose to browse to from our website.
Queries, Requests or Concerns
To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact our Data Protection Manager on +441224900121.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.