Privacy Notice
Reviewed 2022
This privacy notice is to let you know how we collect and use your personal data. We may update this notice from time to time. We are committed to keeping personal data secure and being transparent about our personal data use.
three rocks Ltd are the data controller responsible for your personal data. You can contact us on hello@threerocks.co.uk or via our main number +44 (0) 1865 632643.
If you feel that we have not used your personal data correctly you can contact the Information Commissioner’s Office (ICO) (www.ico.org.uk). However, if you would contact us first we will do our best to try to resolve any issues for you.
The data we collect about you
Personal data means any information capable of identifying an individual. It does not include anonymised data.
Contacting us via hello@threerocks.co.uk
If you use the link on the website to email us at hello@threerocks.co.uk we will receive your contact details (email address, name, telephone numbers) and your enquiry. Your email goes to the selected people who monitor this address and is then shared with the person(s) most appropriate to answer your enquiry via our email system.
Contacting us via recruitment@three rocks.co.uk
If you use the link on the website to email us at recruitment@threerocks.co.uk we will receive your contact details, your enquiry and any other personal details you send with it. Your email goes to the selected people who monitor this address and is shared, when appropriate, with those involved in specific recruitment activities. Please see our job applicant privacy notice for further details.
Contacting us by post, phone, email or otherwise
We may collect information about you from other sources, such as LinkedIn or from search engines as part of our normal business activities for marketing and networking.
Please be aware if you comment on our social media posts your personal details will be in the public domain. You have the option to send us private or direct messages instead.
Third party or publicly available sources
We may collect information about you from other sources, such as Linked In or from search engines as part of our normal business activities for marketing and networking.
Please be aware if you comment on our social media posts your personal details will be in the public domain. You have the option to send us private or direct messages instead.
How we use your personal data
We will only use personal data in ways compatible with the purposes set out below. Our lawful grounds for processing personal data in these ways is:
- You expect a response to an enquiry and it is in our legitimate interests to respond so you have a positive customer experience from our brand
- We discuss future work or services you can provide to us, or us to you and so take steps before and to enter in a contract with you
- It is in our legitimate interests (or those of a third party) to develop our business by introduction using information gained from social media and networking sites which you may also belong to for your own legitimate interests
- Consent given for direct marketing of services and products, we will only send you direct marketing you have consented to receive, and you can opt out of receiving it at any time
For recruitment purposes:
- It is in our legitimate interests to administer well and make good hires
- We need to take steps before and to enter into a contract of employment or agreement to source applicants
- We comply with legal obligations relating to recruitment practices.
Who we share the data with
We may have to share your data with:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We will not sell, distribute or lease your personal data to third parties unless we have your permission to do so or are requested to do so by law.
Data transfers
Your personal data may be transferred outside the European Economic Area where we use service providers whose servers are based outside the EEA. We use providers that have adequate privacy arrangements in place such as being part of the EU-US Privacy Shield or use the EEA model contractual clauses for data transfers.
Protecting your data
We take the security of your data seriously. We have internal policies and controls in place to prevent data being lost, accidentally destroyed, misused or disclosed, and accessed by unauthorised person(s). We have a process in place to deal with any breaches of personal data.
We only allow your personal data to be accessed by those internally and externally who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
How long we keep your data for
We only keep your personal data for as long as is necessary to fulfil the purpose we collected it for. This includes keeping it for legal, accounting or reporting requirements.
- Enquiry data is deleted after dealing with the enquiry
- Contractual data is kept for 6 years after the end of the contractual relationship for tax and legal purposes
- Business development data is kept for two years after the development activity but may be kept for longer in an anonymised format to provide historical insight into business operations
- Direct marketing data is kept until you unsubscribe from our marketing lists
- Recruitment data is kept for one year for unsuccessful applicants
- In some circumstances you can ask us to delete your data: see below for further information.
Your rights
Where we process your personal data, you can:
- Access and obtain a copy of your data on request
- Require the company to change incorrect or incomplete data
- Require the company to delete, or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- Request us to restrict processing of your personal data
- Request the transfer of your personal data to another party and
- Object to the processing of your data where the company is relying on its legitimate interests as the legal ground for processing
- Withdraw your consent.
You can help us keep your personal data accurate and up to date by keeping us informed if your personal information changes.
If you would like to exercise any of these rights, please contact us at hello@threerocks.co.uk.
You will not have to pay a fee to access your personal data or to exercise any of the other rights under data protection laws. However, we may charge a reasonable fee if your request for access is excessive, unfounded or you request additional copies. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to confirm your identity before we can ensure your right to access the information (or to exercise any of your other rights). This is to ensure that personal information is not disclosed to any person who has no right to receive it.
Third party links
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy information on the other websites you visit as we do not have control over any of your personal data that could be shared when you leave our website.
Google analytics and cookies
We use Google Analytics (GA) to track site user interaction. We have GA code installed on our site which creates one or more text files on your computer (called a “cookie”). The cookies contain an ID number which is used to uniquely identify your browser and track each site you visit that has GA enabled.
We use this data to determine the number of people using our site and to better understand how they find and use our web pages. With this information we can continually improve the information that we provide on our site and the processes for actions such as contacting us. We can also use it to increase the number of new people finding our site.
Google analytics stores the following data:
- Time of visit, pages visited, and time spent on each page of the webpages
- Interactions with site-specific widgets
- Referring site details (such as the URL a user came through to arrive at this site)
- Type of web browser
- Type of operating system (OS)
- JavaScript support, screen resolution, and screen colour processing ability
- Network location and IP address
- Clicks on links leading to external websites
- Errors when users fill out forms
- Clicks on videos
- Scroll depth.
Google also collects information about you from its Doubleclick tracking and profiling service, from ad-supported apps on your Android or iOS device, from your YouTube and Gmail activity and from your Google account. This data is put together and used to make inferences about your age, gender, interests, hobbies, shopping habits and living circumstances.
If you already have GA cookies, they will be updated with the latest information about your visit to the site. As we cannot access any personal data about you ourselves, we are not the Data Controller for your Google Analytics or Doubleclick profile data. You would need to contact Google directly for this information. You have the right to object to this tracking and to stop it happening.
If you are uncomfortable with this tracking, you can take the following actions:
- Use a tracking-blocker, such as Privacy Badger
- Clear cookies after every browsing session
- Install the Google Analytics opt-out extension.