1. What information we may hold about you
We may collect, store and use the following personal data:
• Personal contact details which may include name, title, job title, workplace addresses, department, telephone numbers and workplace email addresses, signature (if you give them to us, or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf).
• Other personal information you provide to us by telephone, our portal or by contacting us via our website or through any of our social media sites, or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf.
• If you are involved in either a security or a health & safety incident connected to us or the service we provide, then the information that we gather under our obligations.
• If you visit our head office we gather information via our visitor sign-in process, including your name, email address, phone number, photograph and signature.
• Any personal information about you provided to us during our interactions with you and your employer or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf.
• Voice recordings from phone calls to the company. Video and voice recording from calls over the Internet (such as Microsoft Teams).
• Convergence Group does not knowingly collect information on children without consent from a responsible parent. If Convergence Group has collected personal information on a child, please contact firstname.lastname@example.org so we can remove this information without any undue delay.
Additional Information We May Hold about Partners and Customers
• All information, whether personal data or otherwise, relevant to the service we provide to you, whether supplied by you (or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf) or gathered during the work we carry out.
• Personal information provided to us by our vendors or third-party service providers.
• Network information you or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf, provide to us or gathered by our monitoring systems (if this is part of the service provided to you) which may include machine identifiers (such as IP addressing information).
Additional Information We May Hold about Vendors and Suppliers
• If you are attending a customer site on our behalf, then we may request a copy of your real time location details
• Network information you or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf, provide to us which may include machine identifiers (such as IP addressing information)
Additional Information We May Hold about Job Applicants
• Personal contact details may include home addresses, personal telephone numbers and personal email addresses.
• Recruitment information (including copies of right to work documentation, references and other information included in a subject profile, CV or cover letter or as part of the application process).
• Personal information provided to us by our recruitment partners in relation to your application for employment with us.
• Personal information provided to us during the course of your application, for example, qualifications and professional accreditations, employment records (including job titles, work history, working hours and training records), and professional certifications and membership records (e.g. CCIE or Prince II).
• Personal information gathered during your application process, including psychometric test data and personality test data, and any background checks which we require you to undertake as part of the application process.
2. How will we use information about you and the legal reason for doing so
We process personal information in order to manage our contractual relationships, provide the services we offer as a business & to measure performance of our processes. We will make sure that we only process the information in the way and to the extent that we are permitted to under the current law, which includes having a legal reason for doing so.
The following legal grounds are the ones which apply to the way that we use your personal information:
• Contract – where we need your personal information in order to perform the contract that we have entered into with you or to take steps in order to enter into a contract with you.
• Legitimate Interests – Where we need your personal information in pursuit of our legitimate interests in providing the services as long as these do not override your fundamental rights and interests.
• Legal obligation – Where we need to comply with a legal obligation to which we are subject.
• Consent – Where you have provided us with your consent to process the personal information In particular the following legal basis apply:
• Contractual obligation - your contact details are needed to fulfil our contractual obligations with you.
• Legitimate interests (compliance to our certifications) – if you are visiting our offices, we require your personal information to ensure our offices are kept secure.
• Legal obligation – when we are required to contact you if we wish to use your information for a purpose not set out in this statement.
• Legitimate Interests (in ensuring our network is being used in line with our Acceptable Use Policy) – when we use the information to track your location history and your use of our IT systems.
• Legal obligations – when we require information to comply with legal obligations around health and safety requirements.
• Legal obligation – if we are required to notify our insurance providers.
• Legal obligation – if we are required to inform a law enforcement or Government body.
• Legitimate interests (of maintaining our certifications) – when required to inform our regulators.
• Legitimate Interest (ensuring employee performance is meeting the quality expectations of the business and an audit trail of conversations where legal or contractual agreements may be made) – when monitoring our telephone and video conversation recordings.
We will only use your personal information for the legal basis for which we collected it. If we reasonably consider that the basis has changed or need to use your personal information for another purpose, then we will let you know and notify you of the new legal basis.
Additional basis for Partners and Customers
In particular the following legal basis apply:
• Contractual obligation - your contact details along with site locations and machine identifiers (if required for the services provided), are needed to fulfil our contractual obligations with you (for which the legal basis is legitimate interests if your contract with us is via one of our partners and the partner is responsible for passing onto us your personal information for processing).
• Consent - where you have provided us with your consent to do so we will use your contact details to provide you with further information on our products and services.
Your personal data will not be shared outside of Convergence Group for marketing purposes.
Additional basis for Job Applicants
In particular the following legal basis apply:
• Consent - your consent for us to evaluate your suitability to work with us and enter into a contract of employment.
• Legal obligation – to comply with the obligation to carry out right to work checks.
• Legitimate interests - (compliance to our certifications) – for carrying out security clearance (in line with the job role) to allow you to perform your role and maintain our contractual obligations and certifications.
• Legitimate interests - (assess suitability for role) – for obtaining your PI Behavioural Assessment and/or your PI Cognitive Assessment.
3. The type of third parties we might share your personal information with
In order to provide our services or to manage our responsibilities we use third parties for completing certain tasks, some of whom require authorisation from us to share your personal information with them in order to complete their responsibilities.
We shall ensure that any third party we use respects the security of your information, in particular that:
• They have provided appropriate safeguards in relation to the processing and transfer (particularly if the transfer of data is outside of the UK);
• You have the enforceable rights available to you; and
• There is an adequate level of protection to any Personal Data that is processed and transferred.
Below are the categories or functions provided by the third parties which we use:
• Hardware vendors who provide enhanced services and software support for networking equipment;
• Engineering support if required
• Circuit providers for telecommunications;
• Datacentres and data storage companies;
• Suppliers of software we use to host our services (such as our visitor sign in and supplier payment process);
• Regulators and law enforcement agencies;
• Security clearance providers;
• Recruitment agencies;
• Delivery companies.
If you want to know which specific third parties we pass your information to please contact us at email@example.com and we will pass that information to you.
4. How long we will keep your information for
We will keep your information for as long as is necessary for us to perform the purpose which we have collected it for, except where we are required to keep it for longer to fulfil our legal obligations, (then we will keep it for the time required by the law).
• We will keep any information contained in your contract for a minimum period of 7 years after your contract has been terminated;
• We will keep any information contained in your financial records for a minimum period of 7 years;
• If you have consented to receiving marketing information we will keep your contact details for as long as we still have your consent;
• Any data collected through our visitor sign-in process will be stored securely as stated on the notice;
Additional Information for Partners and Customers
• If you are a prospective customer or partner and choose not to use our products or services, we will keep your information for as long as reasonably required.
Additional Information for Vendors and Suppliers and Other Business Contacts
• We will keep your information for as long as our organisations do business together or for as long as we have a legitimate commercial interest in holding that information, for example, doing business in the future, inviting you to our events and providing you with information about our services where you have consented to this.
Additional Information for Job Applicants
• Where your application for employment with us is successful, the legal basis for how we use your personal information will change and we will keep your information in line with the new legal basis.
• Where your application for employment is unsuccessful, we will keep your personal information, such as your subject profile, for a period not exceeding 12 months.
5. Data Protection Impact Assessments
At Convergence Group we have identified data processing activities we believe could result in a high risk to the rights and freedoms of individuals. Data Protection Impact Assessments (DPIA’s) have been conducted on the following processing activities we undertake as an organisation:
• Employee location tracking used for mobile device management and field-based employee scheduling
• Health & medical information collected as part of Display Screen Equipment (DSE) Assessments and health & safety reporting
• Providing IP Address information to police authorities of part of The Regulation of Investigatory Powers Act 2000
• Processing of employee details to establish suitability to work in the UK
• The interception of legitimate organisation and customer communications
DPIA’s can be made available to interested parties by contacting our Compliance Team at Compliance@convergencegroup.co.uk
6. How you can access the information we hold about you
You have the right to access the information that we are processing about you, and to request that the data be:
• rectified if it is inaccurate or incomplete;
• portable so that you can have your personal information securely transferred to another organisation for processing.;
• erased if it is no longer necessary for the purpose of the processing; or
• that its processing be restricted in certain circumstances.
If we are relying on the basis of legitimate interests, then you can also object to the processing of your data on grounds relating to your particular situation.
If You would like to access some or all of your personal information, please email firstname.lastname@example.org or write to us at the above address.
If you send us your request electronically, we will provide the information to you electronically where possible.
If you have any complaints relating to your personal information that is held or processed by Convergence Group, please email email@example.com in the first instance. Convergence Group retain an outsourced Data Protection Officer (DPO), If you wish to contact our DPO directly, please email firstname.lastname@example.org
You also have the right to lodge a complaint with the Information Commissioner Office (www.ico.org.uk) if you think that we have denied or infringed any of your rights. You can contact them any of the following ways:
Via their website https://ico.org.uk/make-a-complaint/; or
call their helpline on 0303 123 1113; or
contact them via live chat service ico.org.uk/livechat