Kubrick Group Limited incorporated and registered in England and Wales with company number 10035195 whose registered office is at 96 Great Suffolk Street, London, SE1 0BE, is committed to protecting the privacy and security of your personal information.
Kubrick Group Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you and/or associated organisations.
A copy of this privacy notice is administered as it will enable you and/or your organisation to know more about Kubrick Group Limited. It makes you aware of how and why the personal data and/or your organisation’s data will be used, namely for the purposes of receiving marketing and business engagement communications, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).
Data Protection Principles
We will comply with data protection law. This says that the information we hold about you and/or associated organisations must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely and processed in a manner that ensures protection against unauthorised or unlawful processing.
- The kind of information we hold about you and/or your organisation
- In connection with your application or enquiry for work with us, we will collect, store, and use the following categories of personal information about you and/or information about your organisation:
- The information you have provided on any application form, social media platform, letter or email, including name, title, address, telephone number, company/employment details, email address, date of birth and gender.
- Any information you provide to us during discussions.
How is your personal information and your organisation's information collected?
We collect information about you and/or your organisation from the following sources:
- You and/or your organisation.
- Various social media platforms from which we may collect the following categories of data: Information which you have provided to them and agreed for it to be shared with third parties.
- Information you have submitted on our website.
- Cookies from our website.
- Information you may have shared through email.
- If you have been referred: The information they may provide to us about you and/ or your organisation.
How will we use information about you and/or your associated organisation?
We will use the information we collect about you and/or your organisation to:
- Communicate with you about the recruitment or client onboarding process.
- Inform you about our data events and updates.
- Keep records related to our hiring or client onboarding processes.
- Comply with legal or regulatory requirements.
- Where applicable, it is in our legitimate interests to decide whether to enter into a business relationship with you and/or your organisation. We may need to process your personal information and/or your organisation’s information to decide whether to enter into a business relationship.
- If you fail to provide personal information and/or information about associated organisation
- If you fail to provide information when requested, which is necessary for us to consider you and/or your organisation, we may not be able to make a proposal to work with Kubrick Group Limited successfully.
How will we use particularly sensitive personal information?
We will use your particularly sensitive personal information in the following ways:
- We will use information about a disability status to consider whether we need to provide appropriate adjustments.
- Automated decision-making
- You will not be subject to decisions that will have a significant impact on you based solely on automated decision making.
Why might we share the information with third parties?
We will only share your personal information and/or your organisation’s information with third parties for the purposes of processing your information. All our third-party service providers are required to take appropriate security measures to protect your personal information and/or your organisation's information is in line with our policies. We do not allow our third-party service providers to use your personal data and/or your organisation’s data for their own purposes. We only permit them to process the data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal information and/or your organisation’s information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information and/or your organisation’s information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process the information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information and/or your organisation’s for?
We will retain your personal information and/or your organisation’s information until the information is not necessary for the purpose for which it was collected. We may retain your personal information and/or your organisation’s information for a longer period to meet necessary legal requirements.
If we wish to retain the information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information and/or your organisation’s information for a fixed period on that basis.
Rights of access, correction, erasure, and restriction
Your and/or your organisation’s rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information and/or your organisation’s information (commonly known as a "data subject access request"). This enables you to receive a copy of the information we hold about you and/or your organisation and to check that we are lawfully processing it.
- Request correction of the information that we hold about you and/or your organisation. This enables you to have any incomplete or inaccurate information we hold corrected.
- Request erasure of your personal information and/or your organisation’s information. This enables you to ask us to delete or remove information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information and/or your organisation’s information, where we are relying on a legitimate interest (or those of a third party) and there is something about your and/or your organisation’s particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information and/or your organisation’s information for direct marketing purposes.
- Request the restriction of processing of your personal information and/or your organisation’s information. This enables you to ask us to suspend the processing of the information, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information and/or your organisation’s information to another party.
If you want to review, verify, correct or request erasure of your personal information and/or your organisation’s information, object to the processing of your personal data and/or your organisation’s data, or request that we transfer a copy of the information to another party, please contact a Data Compliance manager (firstname.lastname@example.org) in writing.
Right to withdraw consent
When you enter into a business relationship with Kubrick Group Limited, you provided consent to us processing your and/or your organisation’s information. You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please email email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information, subject to our retention policy, we will dispose of your personal data and/or your organisation’s data securely.
Data Compliance Manager
If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Compliance Manager (DCM) on DCM@kubrickgroup.com. You have the right to make a complaint at any time to the DCM and the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.