Privacy Notice

Who we are

We are risk and control data standards, benchmarking and controls data analysis company. 

How do we collect information from you?

We collect and use your Personal Information in accordance with this our Privacy Policy. Personal Information is information that identifies you as an individual.

What Personal Information do we collect?

Personal Information we collect about you may include the following:

General identification and contact information, this could include: your name; address; email; IP address; telephone details; gender; marital status; family status; date and place of birth; physical attributes including photos

Other sensitive information which could include: trade union membership, religious beliefs, political opinions or racial or ethical origin, and criminal record.

Information enabling us to provide products and services: age, location, whether you hold a driving licence that enable identification of job search (for example, post code or job role)

Publicly available information in relation to professional history: educational background; employment history; skills and experience; professional licenses and affiliations; educational and professional qualifications

What legal basis do we rely on to process your Personal Information?

Consent

On some occasions we process your data with your consent. For example, we rely on consent when we complete processes including background screening, criminal checks, information for references and for validation of educational and professional qualifications.  You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Legitimate Interest

We process your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights.

Our legitimate interests include:

• Ensuring the security and integrity of our Services and in ensuring that our Websites and Apps operate effectively;
• Supplying services to our customers;
• Protecting clients, employees and other individuals and maintaining their safety, health and welfare;
• Promoting, marketing and advertising our products and services;
• Sending promotional communications which are relevant and tailored to individual clients;
• Improving existing products and services and developing new products and services; handling clients contacts, queries, complaints or disputes; and fulfilling our duties to our clients, colleagues, shareholders and other stakeholders.

The processing is necessary because of a legal obligation that applies

Acin may process your data to comply with our legal and regulatory obligations e.g. preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies

Who do we share your Personal Information with?

Acin may make Personal Information available to:

Our Group Companies

We may share your personal data with certain members of our group companies.  Where they have access to your personal data they will use it only for the purposes set out in this Privacy Policy. Acin will remain responsible for the management and security of jointly used Personal Information. Access to Personal Information within Acin, and our group of companies, is restricted to those individuals who have a need to access the information for our business purposes.

Our Service Providers

This includes external third-party service providers, such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.

Governmental Authorities and Third Parties involved in Court Action

Acin may share Personal Information with governmental or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.

Other Third Parties

Occasionally, we may share Personal Information with other third parties. We will always do this under contract and in accordance with your instructions.

How we use Personal Information?

We use Personal Information to do some or all of the following:

• Communicate with you as part of our business;
• Send you important information regarding changes to our policies, other terms and conditions, the Anchura Website and other administrative information;
• Provide improved quality, training and security and manage other commercial risks;
• Provide marketing information to you
• Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;
• Resolve complaints, and handle requests for data access or correction;
• Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence);
• Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.

International Transfers of Personal Information

Personal Information which you supply to us is generally stored and kept inside the European Economic Area.

However, due to the nature of our global business and the technologies required, your Personal Information may be transferred to third party service providers outside the EEA, in countries where there may be a lower legal level of data protection. In such situations, we transfer the minimum amount of data necessary, anonymise it where possible and enter legal contracts to aim to ensure these third parties handle your Personal Information in accordance with this Privacy Policy and the European levels of data protection.

How can you manage or delete Personal Information?

When you access our website online, we store some information about you. This is anonymous and used for statistical purposes.

When you engage with our Resourcing team with regards to opportunities your CV will be uploaded on to an internal database.  You can however ask for your information to be removed from the database at any time, please email privacy@acin.com with the subject line “Permanently delete my information and account”. Please do not forget to tell us who you are.

Security

Acin is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold.

Our security measures include:

• Encryption of our services and data;
• Review our information collection, storage and processing practices, including physical security measures;
• Restrict access to personal access to personal information to Anchura employees and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations; and internal policies setting out our data security approach and training for employees.

Consent

Through agreeing to this privacy notice you are consenting to Acin processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing or by phoning +44 203 728 8585, see last section for full contact details.

Disclosure

Retention Policy

Acin will process personal data during the duration of any contract and will continue to store only the personal data needed for six years after the contract has expired to meet any legal obligations. After six years any personal data not needed will be deleted.

Your rights as a data subject

At any point whilst Acin is in possession of / or processing your personal data, all data subjects have the following rights:

• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that Acin refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

Acin at your request, can confirm what information it holds about you and how it is processed. You can request the following information:

• Identity and the contact details of the person or organisation (Acin) that has determined how and why to process your data.
• Contact details of the data protection officer, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests of Acin or a third party such as one of its clients, information about those interests.
•  The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict or object to such processing.
• Information about your right to withdraw consent at any time.
• How to lodge a complaint with the supervisory authority (ICO).
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
• The source of personal data if it wasn’t collected directly from you.
• To access what personal data is held, identification will be required.

Acin will accept the following forms of ID when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Acin is dissatisfied with the quality, further information may be sought before personal data can be released.

All requests should be made to privacy@acin.com or by phoning +44 (0)203 846 6709 or writing to us at the address further below.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by the Acin, you have the right to complain to the Data Controller at Acin Ltd.  If you do not get a response within 30 days, you can complain to the ICO.

The details for each of these contacts are:

Data Controller, Acin Ltd., 70 Gracechurch Street, London, EC3V 0HR

Telephone +44 (0)203 846 6709 or email privacy@acin.com

ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone +44 (0) 303 123 1113 or email: https://ico.org.uk/global/contact-us/email/