Privacy Notice
3R HOLDINGS LIMITED
Incorporating 3R Systems Limited, 3R Finance Limited & 3R PAYE Limited (3R Group)
Introduction
We are 3R Finance Ltd (Registered in England & Wales No. 09782074). Our registered office is at Unit 12 Swanwick Marina, Swanwick, Southampton, England, SO31 1ZL. We are registered with the Information Commissioners Office as a data controller under registration number ZB292257.
This Privacy Notice sets out the basis on which we use personal data in the course of our business activities. For an explanation of the definitions which are used in this Privacy Notice, please refer to the section at the end of the document.
Who Should Read This Privacy Notice?
This Privacy Notice applies to any living, identifiable individuals about whom we may control personal data in the course of our business activities. You should read this Privacy Notice if you are:
- An Agency Representative
- A Supplier Contact
AGENCY CONTACTS
Where We Obtain Your Personal Data
We obtain personal data relating to you:
- Directly in the course of dealing with you as a representative of an Agency
- Indirectly from:
- Online professional networking sites such as LinkedIn
- Your employer’s website and other industry-related websites
- Business information directories
- Other Agency Representatives in the course of us providing services or preparing to provide services to the Agency.
Types of Personal Data We Hold
We collect, store, and use the following categories of personal data about you:
- Personal contact details such as name, addresses, telephone numbers, and email addresses
- Your job title and position within the Agency or, if you do not hold a position with the Agency, your connection to the Agency or other Agency Representatives
- Any background information relating to your personal circumstances and your work history which you may provide to us in the course of your dealings with us
- Information about your personal assets if you have agreed to provide security to us
- Copies of your identification documents and proof of address
We do not collect, store or use any special categories of personal data if you are an Agency Representative.
How We Use Your Personal Data
We use your personal data to:
- Provide initial pre-incorporation startup services where applicable
- Assess your suitability as a guarantor where applicable
- Carry out pre-contractual “Know Your Client” and anti-money laundering checks
- Contact you in the course of providing recruitment finance services to the Agency
- Enforce our rights in respect of any security which you have provided
- Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime
Our Lawful Basis for Processing Your Personal Data
We have determined that we have a legitimate interest to process your personal data where you are an Agency Representative on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by or otherwise connected with our Agency clients. This will allow us to effectively provide services to them, better understand their requirements and generate revenue for our business.
Parties with Whom We May Share Your Personal Data
We may share your personal data with the Agency and with our Suppliers for legitimate business purposes.
We may also share your personal data with governmental and judicial bodies, such as HM Revenue & Customs, Action Fraud or HM Courts & Tribunal Services.
SUPPLIER CONTACTS
Where We Obtain Your Personal Data
We obtain personal data relating to you:
- Directly in the course of our dealings with you as a representative of the Supplier; and
- Indirectly from:
- Online professional networking sites such as LinkedIn
- Your employer’s website and other industry-related websites
- Business information directories
- Other individuals within your organisation in the course of the Supplier providing services to us.
Types of Personal Data We Hold
We will collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, addresses, telephone numbers, and email addresses;
- Your job title and department within the Supplier organisation; and
- Any background information relating to the role which you perform within the Supplier which you may provide to us in the course of your dealings with us.
We do not collect, store or use any special categories of personal data if you are a Supplier Contact.
How We Use Your Personal Data
We use your personal data to:
- Liaise with you in respect of services which are being provided by the Supplier;
- Contact you in relation to billing matters;
- Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.
Our Lawful Basis for Processing Your Personal Data
We have determined that we have a legitimate interest to process your personal data where you are a Supplier Contact, on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Suppliers. This will allow us to ensure that our Suppliers provide us with the best possible service which, in turn, is of direct benefit to our Agency clients. We do not use your data in any way which could reasonably be considered to be prejudicial to your interests.
Parties with Whom We May Share Your Personal Data
We will share your personal data within our business and with other Suppliers and Agency Representatives for legitimate business purposes
WHERE WE PROCESS PERSONAL DATA
Your personal data is held and processed by us in the United Kingdom.
We may transfer your personal data outside of the United Kingdom, particularly where we us IT service providers which are based abroad. We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the UK where:
- The transfer is to a country within the European Economic Area.
- There is an adequacy decision or regulation in respect of that jurisdiction. At present, the approved jurisdictions are Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, Uruguay and the US (limited to the Privacy Shield framework).
- The transfer of data is subject to an approved international data transfer agreement (IDTA) or standard contractual clauses. This means that we have a data-sharing agreement in place which complies with UK government requirements; or
- You have expressly given informed consent to the transfer of such data. This means that you have not only agreed to the transfer but have done so in the knowledge that your data may be transferred to a jurisdiction which does not give you the same degree of protection.
AUTOMATED DECISION MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. All decisions which are made in the course of our business processes involve human intervention. We do not make any decisions using automated means.
DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our standard data retention period is three years from the last date on which we are in actual contact with you i.e. where we actually speak with you or exchange correspondence. After this time, we will usually delete your personal data from our records.
Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is strictly necessary for these purposes, which is typically for seven years from the last date on which we are in actual contact with you.
RIGHTS OF ACCESS, CORRECTION, ERASURE & RESTRICTION
Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information. Under certain circumstances, you have the right to:
- Request access to your personal information (a Subject Access Request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not usually have to pay a fee to access your personal information but we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or you have objected to the processing and there is no overriding legitimate interest for continuing the processing.
- Object to processing of your personal information where we are relying on a legitimate interest and you object on “grounds relating to your particular situation.”
- Request the restriction of processing of your personal information. This enables you to ask us to block or suppress the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it or if you have also objected to the processing as above.
- Request the transfer of your personal information to another party when the processing is based on consent and carried out by automated means. This right is not usually applicable to any data processing carried out by us.
If you want to exercise any of the above rights, please contact the Data Protection Officer in writing. We will consider your request and confirm the actions which we have taken in response to such request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where our collection, processing and transfer of your personal information is based upon your express consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.
If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom.
Their details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745
Email: casework@ico.org.uk
DEFINITONS
This Privacy Notice uses the following defined terms:
Agency means a business which has engaged us to provide services or which we have identified as a business for which we wish to perform services.
Agency Representative means a person who is employed or engaged by an Agency or who is otherwise connected with the Agency, such as a significant shareholder.
Data Protection Legislation means the Data Protection Act 2018, the retained UK GDPR and all other applicable legislation in the United Kingdom relating to data protection, together with any successor legislation.
Supplier means a business which provides services to us and which may process personal data relating to Agency Representatives or Supplier Contacts in the course of performing such services including our:
- Professional advisers including accountants, tax advisors and lawyers;
- Insurers;
- Umbrella companies;
- IT services providers and software providers; and
- Independent consultants and subcontractors
Supplier Contact means a person who is employed or engaged by a Supplier and with whom we may liaise from time to time in respect of the services which are provided by that Supplier.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice from time to time. If we are processing your personal data, we shall notify you of any material changes to our Privacy Notice. We will not however notify you of any minor or administrative changes to our Privacy Notice and you should check it periodically to view any changes. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data.
CONTACT US
If you have any questions about this Privacy Notice, please contact our Data Protection Officer by email at info@3r.co.uk or by telephone on 01489 854741. Alternatively, please write to us at 3R Finance Ltd, Swanwick Marina, 12 The Boat Yard, Swanwick Shore Rd, Swanwick, Southampton SO31 1ZL.