The Maverick Group’s privacy notice for data captured through maverick-group.com and for recruitment purposes, information and marketing purposes.
For purposes of this policy, the following definitions will be used.
The Data Protection Act 2018 – the UK’s implementation of the General Data Protection Regulation (GDPR).
Personal data – includes but is not limited to any personal data; names, addresses, bank details, cookies, racial or ethnic backgrounds, marital statuses, religious beliefs or political beliefs.
Processing – this includes storing, collecting, sending or deleting data.
The company – refers to The Maverick Group.
This policy is intended for anyone whose personal data is processed by The Maverick Group.
Written by: Clair O’Brien, Talent Manager
Approved by: Chris Tedman, COO
Approval date: 22 March 2021
Review date: 22 March 2024
The Maverick Group is the trading name of Maverick Advertising and Design Ltd, a full-service Marketing and Communications group, based in London and working across the whole of Europe.
This policy demonstrates how the Company processes data and shows our commitment to limiting processing and protecting your privacy and data security in accordance with the Data Protection Act 2018 and other relevant regulations.
DATA WE MAY COLLECT FROM YOU
We may collect, store and use the following categories of personal information about you:
Personal contact details such as name, telephone number, e-mail address, mobile telephone number and social media profile details; and
For recruitment applicants and employees: personal details such as date of birth, gender, marital status, next of kin details, National Insurance number, bank account details, salary, annual leave, pension and benefits information, copies of ID documentation, employment history and other employment records.
For users of the Maverick WiFi services: personal identifiers in relation to your device, the volume of data you use, the websites and applications which you access, and your usage by access time, frequency and location.
1) Cookies and similar technologies
A cookie is a small text file which is placed onto your computer or electronic device when you access our website. Similar technologies include web beacons, action tags, local shared objects (‘flash cookies’) and single-pixel gifs. Such technologies can be used to track users’ actions and activities, and to store information about them. We use these cookies and/or similar technologies on this website to track website usage and traffic.
2) Information collected
We may obtain information about your computer or any other electronic device which you use to access our website, such as your IP address, your browser and/or other internet log information. We will treat this information as your personal information.
3) Consent for cookies
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
PROCESSING FOR EMPLOYEES:
The Company holds personal data of employees for contractual purposes and to allow us to comply with our legal obligations. This will be held for 5 years from leaver date, per HMRC guidelines. The information will inform HMRC of your employment status and will be accessed only by the HR and Finance teams and our external Payroll provider. The basis for this processing will be either that it is necessary for the entry into or performance of the contract between us in respect of your employment or in order for us to fulfil our legal obligations as an employer.
PROCESSING FOR RECRUITMENT PURPOSES:
For recruitment purposes, your personal details will be given by you to the Company in applying for the role and will be processed for the purpose of considering your application. The basis for processing will be that this forms part of our legitimate interests as a data controller in considering and progressing applications made to us by potential employees. If your application is successful, then further processing may take place as outlined in “Processing for employees” above.
Your personal details may be held for 12 months to allow the Company to provide tailored employment opportunities to you in the future. The Company will only hold enough data to allow you to be contacted, such as your employment history, name, email address and phone number. The basis for processing will be that this forms part of our legitimate interests as a data controller in ensuring that interested candidates are made aware of relevant available employment opportunities.
The data will only be accessed by the HR team and potential hiring managers. We will never share your details with any hiring manager or third party without explicit consent to do so.
PROCESSING FOR MARKETING PURPOSES:
We may process your personal data for marketing purposes in order to send you details of services which we provide which we believe may be of interest to you. Any such processing will be on the basis that this forms part of our legitimate interest as a data controller in ensuring that you are aware of the full range of services which we offer.
PROCESSING FOR USERS OF MAVERICK WIFI
We do not require you to provide any personal data to access our guest WiFi network. However, if you use our guest WiFi, we may collect and process identifiers relating to your device including IP address. This will be processed only for the purpose of providing the WiFi service and the basis for the processing will be that it is necessary for legitimate interests in providing the WiFi network to guest users.
SHARING PERSONAL INFORMATION WITH THIRD PARTIES
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship or employment relationship with you or where we have another legitimate interest in doing so.
For employees this may include, without limitation, sharing with third party service providers in respect of payroll administration and related matters.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
TRANSFERRING INFORMATION OUTSIDE THE EU
We may transfer the personal information we collect about you to countries outside the EU in order to perform our contract with you or where this otherwise forms part of our legitimate interests.
When we do so, we will only do this where there is an adequacy decision by the European Commission in respect of those countries or another lawful basis for the transfer under the Data Protection Act 2018.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties that need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
BLOG/News Article COMMENTS POLICY
Abusive language will not be tolerated and as such, The Maverick Group reserves the right to edit or delete any comments submitted to this blog without notice. Additionally, The Maverick Group is not responsible or liable for any comments made by others on this blog.
HOW LONG WILL YOU USE MY INFORMATION FOR?
Subject to any specific retention periods specified elsewhere in this privacy notice, we will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If, for any reason, you cease to be a customer of the company, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
YOUR RIGHTS IN CONNECTION WITH PERSONAL INFORMATION
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party (where this is applicable under the Data Protection Act 2018).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Compliance Manager, Rosemary Osei-Wireko , whose contact details are as follows:
Telephone: +44 (0)20 7378 6969
By post: 5 Gainsford Street, London SE1 2NE, United Kingdom
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
RIGHT TO WITHDRAW CONSENT:
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This right can be exercised by contacting our Compliance Manager, Rosemary Osei-Wireko at the details set out above.