Privacy

Privacy and Security of Your Data

We take the security and privacy of your data very seriously. Action Deafness holds personal data about employees and clients for a variety of business purposes. We gather and use information or ‘data’ as part of our business and to manage our relationship with you.

We intend to comply with all our legal obligations under the Data Protection Act 2018 and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.

Principles of GDPR

  • Be collected and processed only for specified, explicit, and legitimate purposes.
  • Be adequate, relevant, and limited to what is necessary.
  • Be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay.
  • Not be kept for longer than is necessary for the purposes for which it is processed.
  • Be processed securely and confidentially, protecting against unauthorised / unlawful processing, accidental loss, destruction, or damage.
  • Be processed lawfully, fairly, and transparently.

Main Points of Our Policy

  • We will only ask you what we really need to know.
  • We will collect and use the personal data that you share with us transparently, honestly, and fairly.
  • We will always respect your choices around the data that you share with us and the communication channels that you ask us to use.
  • We will put appropriate security measures in place to protect your personal data.
  • We will never sell your data.

What is Personal Data?

Personal data relates to information about a living person (a ‘data subject’) who can be identified from that information on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person.

This policy applies to all personal data whether it is stored electronically, on paper, or on other materials.

What Information Do We Have?

This personal data will be provided to us by you when using Action Deafness Services. Whether you book an interpreter, use our Personal Assistant Community services, make a website purchase, or use our training services, we will require information to effectively provide our service. It could also be provided or created during the recruitment process or provision of services or after its termination.

Data gathered may include:

  • Name, address, contact details, dates of birth, gender, marital status, and family details.
  • Information detailed on a CV including educational history, employment history.
  • Financial details such as pay and bank details, tax details such as NI number.
  • References, identification documents such as driving licence.

Additional Information for Applicants

Applicant data is held and stored within the EasyWeb ATS (Applicant Tracking System). Applicant data will be kept up to and including 365 days of inactivity, after which point the data will be cleansed. Please see EasyWeb ATS’ privacy policy and GDPR FAQ pages below for further information:

How We Use Your Personal Information

Action Deafness will only use your information to process the service that you have requested. In order to carry out our obligations under contract, we must process the information you give us.

We will use your personal data for:

  • Performing the provision of services between us.
  • Complying with any legal obligation.
  • If it is necessary for our legitimate interests (or for the legitimate interests of someone else).

If you choose not to provide us with certain personal data, you should be aware that we may not be able to carry out certain parts of the contract between us.

We will never sell your information to another party, nor will it be used for any other purpose than the one we have agreed.

How Long We Keep Your Data

  • We will only retain your personal data for as long as it is needed for the purposes set out in this document or as long as the law requires us to.
  • In general, this means that we will only hold your personal data for a minimum of 1 year and a maximum of 7 years.

Information We Process for Legitimate Reasons

Wherever possible, we aim to obtain your explicit consent to process this information. Sometimes we might share your personal data with contractors, agents, and third parties to carry out our obligations under our contract with you.

We will disclose your personal information where required to do so by law or in accordance with any safeguarding concerns.

Complaints

When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint. If your complaint reasonably requires us to contact another person, we may decide to give that person some of the information contained in your complaint.

Retention and Review or Update or Remove Personally Identifiable Information

  • You have the right to information about what personal data we process, how, and on what basis.
  • You have the right to access your own personal data.
  • You have the right to rectification of any inaccuracies in your personal data.
  • You have the right to be forgotten and request that we erase your personal data.
  • You have the right to restrict the processing of personal data whilst it is being corrected, erased, or contested.
  • You have the right to request portability of data.
  • You have the right to object to data processing where we are relying on a legitimate interest to do so.
  • You have the right to object if we process your personal data for the purposes of direct marketing.
  • You have the right not to be subjected to automated decision-making.
  • You have the right to be notified of a data security breach concerning your personal data.

Security and Access of Your Personal Data

We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure of, or access to your personal information.

Action Deafness is accredited with ISO 27001:2013 Information Security Management System and is audited annually to check compliance.

How to Deal with Data Breaches

We have procedures in place to minimise and prevent data breaches. Should a breach occur, we would take detailed notes, keep evidence, and notify all concerned parties. If the breach poses a risk to individuals’ rights and freedoms, we must notify the Information Commissioners Office within 72 hours.

Review of Our Privacy Policy

We keep this policy under annual review and reserve the right to update from time to time. We recommend you check this policy occasionally to ensure that you remain happy with it.

Contact

If you have any queries, concerns, or requests, you may contact us at: [email protected].