PRIVACY POLICY v0.1

Last Update: 010718

POLICY STATEMENT

ASTRiiD takes data privacy very seriously and recognises the importance of protecting and respecting your personal data. This Privacy Policy describes the information we collect, how we use that information, to whom we pass the information, your rights and key contact information.

1. Overview

To provide you with our job matching services we need to collect information about you. Our aim is not to be intrusive, and we won’t ask you unnecessary questions. Any information we receive about you will be subject to strict controls to minimise the risk of misuse including unauthorised access to, or disclosure of, your personal data.

Please read this notice carefully, together with our Terms and Conditions and any other documents referred to in it. Here we set out the basis on which any information we collect about you or from you, or that you provide to us, will be processed by us and other parties in providing you with the services accessed through the website, apps or over the phone (“ASTRiiD Services”). ASTRiiD (“our”, “us” and “we”) commits to using your information only in accordance with the terms of this Privacy Policy.

For the purposes of this Privacy Policy, the term “information” means any confidential and/or personal data or other information related to users of ASTRiiD Services including, but not limited to, corporate and individual customers and their connected parties.

By visiting this website, our partners’ websites, or providing your personal information to one of our employees, for example by telephone or email, you accept and expressly consent to our use and disclosure of your personal information and direct us to do so in the manner described in this Privacy Policy.

This includes consenting to the processing of any sensitive personal information you provide, as described below in section 2. It also includes information you provide when you browse our website, register with us, follow up an expression of interest from another party, enter a competition, promotion or survey and when you contact us for other reasons.

If you have concerns about any of the terms of this Privacy Policy, please contact us so that we can provide further information.

A special note about children

Children are not eligible to use ASTRiiD Services. We respectfully ask that minors (persons under the age of 18) do not submit any information to us or use ASTRiiD Services.

2. What information we collect

Information you provide to us

You may provide us with information by filling in forms on our website or by corresponding with us via email or otherwise. This includes information you provide when you register with us, follow up

an expression of interest from another party, enter a competition, promotion or survey and when you contact us for other reasons.

Initial information

To register with ASTRiiD or use ASTRiiD Services, we ask you to provide your name, address, phone numbers and email address. If you are a candidate seeking work we ask you to provide your CV, including work experience, education level and languages spoken, details of any unspent criminal convictions, your eligibility to work in the UK, your gender, confirmation that you have a long -term health condition and, optionally, your LinkedIn profile reference and your Skype ID. If you are a contact at a prospective employer we ask you to provide your name, role, email address and telephone numbers.

When we communicate

When you communicate with us for customer service or other purposes, including by phone, email or using other methods, we retain that information and our responses to you.

We ask that you do not disclose sensitive personal information, including the state of your health, in any communication, however if you should do so voluntarily, you consent for us to hold that information in our communication records.

Information we collect when you use our website

When you arrive at or leave the ASTRiiD website, whether connected by a fixed line or wirelessly, we receive the address of the site that you came from or are going to.

While you are using our site we collect information on the services you search for or view, page response times and length of visits to specific pages, how you interacted with each page (including scrolling, clicks and mouse-overs), and methods used to browse away from the page.

We collect information about the device you are using, such as the type of device, operating system and platform, the type and version of browser, browser plug-in types and versions, the times you access our website/app and the time zone setting, mobile network information and unique device identifier, which may include your Device’s IMEI number and/or MAC address, or the mobile phone number used by the Device. We do not capture GPS information about you.

Individuals who are not registered users of ASTRiiD Services

If it is necessary for you to provide personal information about other individuals in the course of dealing with us, for example other people at your organisation who are involved in the hiring process, you should do so only where you are authorised by those individuals.

Sensitive data

Sensitive data includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning sex life or sexual orientation. It also include health information, which is particularly relevant to ASTRiiD.

These persons have the same rights to access and correct information about themselves as registered users of ASTRiiD Services. You should bring this Privacy Policy to their attention at the

earliest opportunity so they aware of how their information will be processed by us and aware of their rights in relation to that information.

ASTRiiD is expressly designed to help those members of the invisible talent pool who have long term health conditions. Potential employers will therefore reasonably infer that all candidates using ASTRiiD have long term health conditions. If you do not wish potential employers to make this inference, we respectfully request that you do not use ASTRiiD Services.

Other than confirmation that you have a long term health condition, it is ASTRiiD’s policy that we do not ask for or collect any other sensitive data. We therefore ask that you please do not reveal any other sensitive data about yourself or others in any communication with us.

If you do reveal sensitive data, for example by in an email, you will be giving express consent for us to process that information by storing the email or other communication.

Information received from 3rd parties

We occasionally receive referrals of potential employers from people who support ASTRiiD. We will typically receive a name and an email address and/or a phone number.

3. How we use your information

Our primary purpose in collecting your information is to provide you with a successful job matching experience. By submitting your information to ASTRiiD and using ASTRiiD Services you agree that we may use your information for the following purposes:

Providing the job matching service

As a candidate, we will use your information as follows:

  • To match your skills, experience and location with open roles;
  • To share your skills and experience with potential employers;
  • To facilitate contact with employers who would like to engage with you;
  • To assist in the successful completion of the hire; and
  • To administer any promotion, survey or competition that you enter via our website. As a point of contact at a potential employer, we will use your information as follows:
  • To discuss whether you would like to register with us as a prospective employer;
  • To facilitate contact with candidates who would like to engage with you;
  • To assist in the successful completion of the hire; and
  • To administer any promotion, survey or competition that you enter via our website.

Communication and customer service

We may communicate with our users via email, phone and other methods for the purposes of:

  • assisting the conclusion of a successful hire;
  • responding to requests for customer service;
  • resolving complaints from candidates and prospective employer contacts;
  • carrying out collection activities;
  • resolving disputes about billing or transactions; and
  • conducting customer surveys. We use your email address to:

    confirm your registration with ASTRiiD;

  • send to both candidates and prospective employer contacts notice of any matches, expressions of interest and requests for contact by other parties;
  • send you information about changes to our products and services, including notice of any times that our services may not be available; and send notices and other disclosures required by law.

Users cannot opt out of these communications, but they will be primarily service-oriented rather than promotional.

Sending these communications to current customers is all part of our service. If you do not wish to receive these communications at all, then unfortunately you must deregister.

Marketing

We also use your email address to send you other types of communications that you can control, including:

  • sharing stories about successful matches between candidates and employers;
  • news about ASTRiiD, including keeping you up-to-date with how our good works are developing and being reported in the media;
  • telling you about new products and features we are developing that you may find useful; and asking you to complete the occasional optional customer survey. You can choose whether to receive some, all or none of these communications and the methods by which you receive them when you register with us, or at any time thereafter by logging in to your account on the ASTRiiD website, visiting your profile page and accessing the preference centre.

Service improvements and account management

We will use your information to deliver and improve ASTRiiD Services and manage your account, including:

  • improving our existing, and developing new services;
  • administering our website and for internal business administration and operations purposes, including storage, backup, archiving, troubleshooting, data analysis, testing, research, statistical

    and survey purposes; and

  • as part of our efforts to keep our site safe and secure, including managing and protecting our information technology infrastructure.

Device information

We will use this information to:

  • administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • improve our website(s) and the app to ensure that content is presented in the most effective manner for you and for your computer;
  • as part of our efforts to keep our website safe and secure; and to comply with our regulatory obligations.

Location information / IP (Internet Protocol) address:
We will use information about your location, derived from your IP address:

to identify your geographical area in order to recommend roles that are local to you.

Questionnaires, surveys, competitions and profile data

From time to time we may offer you optional questionnaires, surveys and competitions. If you choose to answer these questionnaires, surveys or competitions, we may use your information to improve ASTRiiD Services, send you marketing information, manage the competitions and for such purposes as collecting demographic information or assessing customers’ needs. You will be given notice of how the information will be used prior to your participation in the survey, questionnaire or competition.

Compliance and legal support

We ask everyone to read and abide by our Terms & Conditions. Where we identify that there may have been a breach of our Terms & Conditions, we may use your details as part of an investigation or remediation, including sharing the details with our legal advisers.

Accessing and changing your information

You can review the information you have provided to us and make any desired changes to your information or to the settings on your ASTRiiD account at any time by logging in to your account on the ASTRiiD website, visiting the dashboard page and changing your details.

4. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. You may adjust the settings on your browser to refuse cookies but some of the services on our

website may not work if you do so. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

5. Sharing information with third parties

To facilitate role matches

Our function is to match candidates with employers. When candidates register with us you give us permission to publish your skills, experience and location for prospective employers to view. Throughout the customer journey, both candidates and employers have the option to select which roles or candidates, respectively, you would like to be connected with. When you do this, you give us permission to share your contact details with the other party so the match can be progressed. At all times you remain in control of the parties with whom your data is shared. If a match is successful, we charge a small success fee to the employer (which helps to fund ASTRiiD) and the candidates name may appear on the invoice and payment confirmation.

To spread the word about our successes

We love telling people about how we can help them, especially by telling everyone about our successful matches. If you are involved in a successful match, either as an employer contact or candidate, we may ask you if we can publish details including your name, location and photograph in our newsletters, social media posts or other marketing materials. We will never do this unless you give us specific permission.

To support our business and provide services to you

ASTRiiD works with third-party service providers who provide important functions that allow us to deliver our job matching service.

This includes business partners under contract with us who support our business operations, such as running our website. We need to disclose user data to them from time to time so that the services can be performed. Our contracts dictate that these business partners only use your information in connection with the services they perform for us, and not for their own benefit.

By accepting this Privacy Policy and maintaining an account with ASTRiiD, you expressly consent to the transfer of your data to those third parties for the purposes listed.

Where required by law

We may disclose necessary information to the police and other law enforcement agencies, governmental bodies, regulatory authorities and other third parties, where we are legally compelled and/or permitted to do so.

Mergers and acquisitions

It is possible that in the future ASTRiiD could buy, merge with, or be acquired by, another organisation. We may disclose your information to the prospective seller or buyer of such business or assets, along with its professional advisers. If ASTRiiD or a substantial proportion of its assets are acquired by a third party, information held by us about our customers will be transferred to the successor organisation, which would continue to be bound by this Privacy Policy unless and until it is amended.

Analytics and search engine providers

We share your IP address with analytics and search engine providers that assist us in the improvement and optimisation of our site.

Third party websites

Our site may, from time to time, contain links to the websites of organisations that support us, report our activities or offer complementary services.

ASTRiiD is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EEA.

The information that we collect from you may be transferred to, and stored in, a country outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for our suppliers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

The laws in some countries may not provide as much legal protection for your information as in the EEA. In these circumstances, our policy to protect your data is to rely on findings of adequacy by the European Commission.

Please note that these websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any information to third party websites.

6. Transferring data overseas

European Commission (for countries in scope of those findings), the EU-US Privacy Shield (for transfers to the USA) or standard contractual clauses adopted by the European Commission or the UK Information Commissioner (for all other countries).

By submitting your information and making use of ASTRiiD Services, you agree to such transfers, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

We will do our best to protect your information, however we cannot guarantee the security of your information transmitted to our site or sent to us by email or other non-secure electronic methods; any such transmission is at your own risk. Once we have received your information, we will use protective procedures and security features to try to prevent unauthorised access.

7. Data Retention Policy

It is our policy to retain personal data for 5 years after the closure of an account so that we can

monitor ongoing success rates. In some circumstances, such as an enquiry from a law enforcement agency, we may have to hold it longer. We may also retain information if required to protect our

interests, for example in case of litigation. When data falls outside those retention periods we will take steps to delete it from our system. Where you have asked us not to contact you, we will retain that information on a ‘do not contact’ list to reduce the risk of us contacting you in the future.

8. Systems Security Policy

ASTRiiD has security measures in place designed to prevent data loss, to preserve data integrity, and to control access to the data. Only authorised employees of ASTRiiD and our business partners processing data on our behalf have access to your personal data. All ASTRiiD employees and volunteers who have access to your personal data are required to comply with our privacy policy. All business partners are requested by ASTRiiD to ensure that any of their employees who have access to your personal data have signed non-disclosure agreements. Contracts with business partners acting as data processors for ASTRiiD involving personal data require an adequate level of security and require that personal data is processed only as instructed by ASTRiiD.

System security and monitoring

ASTRiiD is supported by Salesforce’s Community Cloud platform, which holds all candidate and employer contact details. A description of the security measures in place to protect your data can be found in the privacy policy at salesforce.com.

Where we use other hosted IT services, we rely on their integrated security measures and you can read their security policies for added reassurance.

Other personal information is held securely by our suppliers in secure data centres with high levels of physical and technical security, including using firewall systems, data encryption and anti-virus protection. They use security surveillance systems to detect and prevent illegitimate access to and activities on our systems.

Password security

To control access to our services, every customer is required to input a Username and Password. To help us protect your information, you are advised to do the following:

  • Do not choose a password that could be easily guessed by another person.
  • Avoid using personal information such as your name, birth date or telephone number, or ordinary words found in a dictionary.
  • Memorise your password – do not write it down.
  • Never reveal the password to anyone else. We will never ask you for your password and you should not disclose it to anyone claiming to work for us or our business partners.
  • Do not use the same password on other services.

Customer responsibilities

We keep our security technology up-to-date to protect your information, but we do not have control over the devices you use to access ASTRiiD Services.

It is your responsibility to safeguard your online information and transactions by taking all reasonable measures which may include the following:

  • Do not share your information or provide any opportunities for anyone to gain access to your information through your devices.
  • Do not click on any internet link contained in an email which directs you to an ASTRiiD website. Always manually type our address https://www.astriid.org.uk into your internet browser.
  • Log out and close your browser before visiting other websites once you have finished using the ASTRiiD website for the time being.
  • Ensure that you use the latest version of your internet browser and that you have up-to-date anti-virus, firewall and other security software installed on your device.

9. Customer rights

You have the following rights:

To ask us to correct any information we hold about you if it is incorrect.

Whilst we endeavour at all times to keep your information accurate, we welcome your corrections. You can correct your profile at any time by logging onto your account via the ASTRiiD website.

To ask us to erase your information if we no longer have any reason to hold it, also known as the ‘right to be forgotten’.

Our Data Retention Policy (see section 7) explains the circumstances when we retain information, however outside of those periods we will delete your information in line with our data retention policy and on request. We will maintain a record that you made an erasure request to reduce the likelihood of us contacting you in the future but we will use that information for no other purpose.

To ask us to return to you information you provided to us, also known as ‘data portability’.

You can ask us to send you in electronic format the information you provided to us under our Terms and Conditions or under consent.

To ask us not to process your information where you previously gave consent or where we are exercising our legitimate interest.

If you make a request for us to stop processing your information, we will investigate to see if there is a compelling reason for processing to continue and will discuss the conclusion of the investigation with you.

You cannot object to processing which is a legal obligation or where we must process your information to satisfy a contract to which you are a party. If you previously gave consent and we processed your data on the basis of that consent, you cannot object to that past processing, however you can ask us to stop processing it in the future.

To ask not to be subjected to automated decision making and profiling.

ASTRiiD puts the human factor at the heart of our customer service. There are no circumstances when profiling or other automated decision making will have a legal impact on you. We do use an algorithm to make suggested matches, but this has no legal effect.

To ask for a copy of the information we hold about you.

We will endeavour to respond to your request within 30 days, however at time of high demand we may need 90 days to compile a full response.

To ask us not to process your information for marketing purposes.

You can do this by checking or unchecking certain boxes on the forms we use to collect your information, or by logging onto your account and managing your contact preferences, or by clicking on the ‘unsubscribe’ link at the foot of every marketing or promotional email.

The Data Controller

Contacting us with questions or requests

Complaints

If you believe that we have breached a privacy law with which we should comply, please send an email to us at [email protected]. We aim to respond in a reasonable time, normally within 30 days. Our administration team will look after your complaint and will give you additional information about how it will be managed.

Complaints to the UK Information Commissioner

You may exercise any of the above rights by contacting us at [email protected]

10. Contacting us

The Data Controller is ASTRiiD Limited, Registered office address : The Farmhouse, Oldfield Lane

Leverton Outgate, Boston Lincolnshire PE22 0AE, registered charity 1176645.

page9image54283648

If you want to exercise your right to access your information or have any questions about this Privacy Policy, ASTRiiD’s information practices, or your dealings with ASTRiiD, you can contact us emailing us at [email protected] or by writing to us at the above address.

You have the right to complain to the UK Information Commissioner’s Office if you believe we have not handled your request in an appropriate manner. For information on contacting the Commissioner, please see their website.

11. Changes to this Privacy Policy

We may amend this Privacy Policy at any time, as new features are added to the ASTRiiD Services or as we incorporate suggestions from our customers. Any changes we may make will be posted here on our website, so please check back frequently.

Your continued use of our website after the posting of a new version of this Policy will constitute your acceptance of, and agreement to, any changes. If you disagree with the terms of this Privacy Policy, you may close your account at any time.