Privacy
Contents
1. Introduction
2. Who are we. How to contact us.
3. What information we process and how
3.1 General principles and policies
3.2. Business contacts
3.3. Direct marketing
3.4. Contracts
3.5. Personnel management
3.6. Recruitment
3.7. Online resources
3.8. Client projects
4. Your rights and how to exercise them
4.1. Right to be informed
4.2. Right to access your data
4.3. Right to get your data corrected
4.4. Right to get your data deleted
4.5. Right to limit how we use your data
4.6. Right to object to the use of your data
4.7. Right to data portability
4.8. Right to raise a concern
5. Version and change log
1. Introduction
At Renaissance, we are committed to protecting your personal data and complying with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018). This privacy notice describes why and how we process personal data. It also informs about your rights and how to exercise them. Please, do not hesitate to contact us if you have any question or request regarding your personal data or this notice.
2. Who are we. How to contact us.
Renaissance Business Strategy & Engineering Ltd. (referred in this document as 'Renaissance', 'we' or 'us') is a company based in the United Kingdom which provides business to business (B2B) services in the areas of Management Consultancy and Technology. Renaissance is a data controller, which means that we are responsible for ensuring that our processing of personal data is compliant with GDPR and DPA 2018.
If you have any query regarding your data or our privacy policy, you can contact us by email at info@renaissance-bse.com
You can find further details about our company on http://www.renaissance-bse.com/company_info.
3. What information we process and how
Renaissance carries out different business activities which may involve the processing of personal data. We have mapped our processing activity into seven main use cases:
- Business contacts
- Direct marketing
- Contracts
- Personnel management
- Recruitment
- Online resources
- Client projects
3.1. General principles and policies
3.1.1. Personal data. Special category data. Protection of children.
According to GDPR, personal data is any information relating to an identified or identifiable living person. Depending on the purpose of our processing, we may collect different kinds of information about individuals:
a) Personal details. For example: Name, title, date of birth, ID and/or passport details, etc.
b) Contact details. Information used to contact an individual. For example: Phone numbers, email addresses, postal addresses, etc.
c) Professional details. Information related to the professional activity and background of an individual. For example: Company name, job title, details about professional experience, training or education, languages spoken, etc.
d) Business interaction details. Information about the interactions between Renaissance and an individual. For example: Participation in meetings, workshops, events or marketing campaigns, log of interactions (email, phone, social media...), etc.
e) Recruitment records. Information related to the participation of an individual in our talent acquisition and recruitment processes. For example: CV, information obtained from their application, interviews or assessments, references from third parties and public sources, etc.
f) Personnel records. Information related to the contract and work of an individual as an employee, contractor or business partner of Renaissance. For example: Contract details, professional assessments, performance reports, bank account details, tax details, etc.
g) Business contract details. Other personal data which may be necessary for the performance of a business contract between Renaissance and one of our clients, partners or suppliers.
h) Online interaction details. Information about the interactions of users and visitors with our online resources (e.g. our website).
i) Other information. For example: User names, service preferences, etc.
The GDPR defines specific requirements for the processing of certain sensitive information about individuals: "special category data" and criminal offence data. Special category data includes personal data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification purposes), physical or mental health, sexual life or sexual orientation. This type of specially protected information can only be processed with the explicit consent of the individual or under certain conditions defined by GDPR and DPA 2018.
Renaissance will not require, collect nor process "special category data" or criminal offence data except in the context of an employment relationship with us, if this data is necessary for legal reasons or to protect your rights or the interests of our company. In any other case, we expressly ask you not to provide "special category data" to us.
In the same way, personal data about children merits particular protection under the GDPR. As a company providing business to business products and services, Renaissance only intends to interact with individuals aged 18 or over. Renaissance will never knowingly process personal data of underage individuals. Apart from setting reasonable measures to prevent it, Renaissance expressly asks individuals below 18 years of age to refrain from using our products, services and online resources or interacting with our company.
Apart from the information above, Renaissance may process other personal data in the framework of consultancy projects with clients. In those cases, the details and conditions of the data processing will be defined in the contract between Renaissance and the client, and may be subject to a specific privacy policy. See section 3.8 for more details.
3.1.2. Lawful bases for processing
"Data controllers" are required to determine their legal ground for collecting and using personal data. The GDPR defines six lawful bases for data processing:
a) Consent: the individual has given us clear consent to process their personal data for a specific purpose.
b) Contract: the processing is necessary for us to perform a contract, or to take some agreed steps before entering into a contract.
c) Legal obligation: the processing is necessary for us to comply with the law.
d) Legitimate interests: the processing is necessary to pursue our legitimate interests as a company or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
e) Vital interests: the processing is necessary to protect someone’s life.
f) Public task: the processing is necessary to perform a task in the public interest or for the official functions of the "data controller", and the task or function has a clear basis in law.
The last two bases ("Vital interests" and "Public task") are not applicable to the current business activity of Renaissance.
When we rely on your consent for processing personal data, we will apply a number of best practices recommended by data protection authorities: Renaissance will not use pre-ticked boxes or any other type of default consent. We will ask you to positively opt-in. At the time of consent, we will explain the purpose of collecting your data and how we are going to use it, we will name the data controllers who will be relying on your consent and we will inform you about the applicable privacy policy, your rights under data protection law and how to withdraw your consent at any time.
Sections 3.2 to 3.8 specify the legal bases for Renaissance's processing activity, as well as a description of the purposes and reasons which support them.
3.1.3. Security
Renaissance has put in place appropriate technical measures and procedures to protect personal data and the systems used to process it. These measures and procedures are designed to guarantee the confidentiality, integrity and availability of both the information and our systems. When working with external parties, we specifically assess that their security policies are also compliant with the requirements of data protection law and our policies.
If necessary, further details can be provided by contacting us.
3.1.4. Data retention.
Renaissance will not keep personal data for longer than required by the purpose for which the information was collected. In line with that principle, in sections 3.2 to 3.8 we have defined standard retention periods for each type of data and circumstance. Personal data may be held for a longer time where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
Renaissance run periodical audits to ensure the fulfilment of our data retention policies.
3.1.5. Data sharing. Locations of processing.
Renaissance only shares personal data with other parties when legally permitted to do so. In particular, Renaissance does not sell nor transfer personal data to third parties for the purpose of allowing them to market their products or services without consent from individuals to do so.
In the cases we share data with others or use external services or tools to store or process personal data, we check that the information is transferred and processed in accordance to data protection law and our privacy and security standards, including the requirements set by GDPR about the locations of processing.
3.1.6. Disclosures
In addition to the cases described in section 3.1.5, we may disclose data to other parties for legal reasons. If we suspect criminal activity, we may disclose data relating to those involved or affected to the appropriate authorities. Finally, we may have to disclose data to law enforcement, other government and regulatory agencies or to other third parties as required by law, or if it is needed to protect our rights and defend ourselves against claims.
3.2. Business contacts
Renaissance processes personal data about individuals we interact with in the course of business. This section refers to the processing of personal data about our business contacts, which include existing and potential clients, partners, suppliers and other third parties, intermediaries and stakeholders.
Processing details
Renaissance processes the following types of information (see section 3.1.1) about business contacts: personal details, contact details and professional details. This information may be obtained from you (e.g. business cards, emails, etc.), from publicly available sources (e.g. business websites, social media, public directories, etc.) and from other third parties. Renaissance may also process information about your interactions with us (business interaction details).
The information is stored in our Business contacts database and it is retained for as long as the relationship with a particular individual is relevant for the business and interests of Renaissance.
Purposes and lawful bases for processing
Renaissance processes personal data about business contacts for any combination of the following purposes: identify and contact potential clients, partners, suppliers and other third parties, intermediaries and stakeholders; develop and manage the relationship with existing clients, partners, suppliers and other third parties, intermediaries and stakeholders; inform about our company, business activity and capabilities; market our products and services; research the market and understand client needs; explore business opportunities and partnerships; perform other tasks which may be relevant to our activity.
It is important to note that when the purpose of the communication with a business contact is related to our business development activity, this section only refers to interactions made on a one to one basis. In particular, marketing actions targeting segmented groups of individuals are out of the scope of this section. Please, refer to section 3.3 about "direct marketing" for more details.
We rely on the following legal basis for processing personal data about "business contacts":
- Legitimate interest: The processing is necessary to pursue our legitimate interests as a company or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
3.3. Direct marketing
We perform different marketing activities to promote our business. This section specifically refers to Renaissance's direct marketing campaigns: marketing actions directed to segmented groups of particular individuals, which excludes the one to one commercial communication with business contacts (covered in section 3.2) and other marketing actions not targeting specific individuals.
Processing details
Renaissance may collect the following types of information, as described in section 3.1.1: personal details, contact details and professional details. This information may be provided by you (e.g. if you subscribe to receive information from us), although we may also link this information to the one available in our "Business contacts database" (see section 3.2). Renaissance will also record your consent and preferences about direct marketing, as well as the marketing interactions between you and Renaissance. Finally, if you withdraw your consent, we will record your request and immediately cease any further processing of your data for direct marketing purposes.
The personal data provided by you as well as your consent, withdrawal and marketing preferences is stored in our Direct marketing database. The personal data is kept for as long as we have your consent for processing it for direct marketing purposes. If you withdraw this consent, that information will be moved onto a suppression list for a standard period of up to 12 months to ensure that we comply with your request and no further processing is made.
Purposes and lawful bases for processing
The purpose of this processing is the execution of "direct marketing" campaigns to promote Renaissance business, inform about our activity and market our products and services.
We rely on the following bases for processing:
- Consent: You provide your consent to be included in our marketing campaigns and to process your personal details, contact details, and professional details for that purpose.
- Legitimate interest: We process the information about your involvement in our marketing activities to optimise our commercial activity and provide a better experience and meaningful information about our business.
- Legal obligation: We record your consent/withdrawal and marketing preferences to comply with our legal obligations regarding direct marketing in the context of data protection law.
3.4. Contracts
As part of our business activity, we sign contracts with clients, partners and suppliers. This section refers to the processing of personal data necessary for the performance of these contracts.
Processing details
Renaissance may collect the following types of information, as described in section 3.1.1: personal details, contact details, professional details and business contract details. This information will be provided by the parties of the contract, although we may also link this information to the one available in our "Business contacts database" (see section 3.2).
This information may be stored in our Contract database and in other related systems (e.g. our accountancy system). The personal data will be kept in our systems until the end of the contract. This period of retention may be extended for the reasons explained in section 3.1.4.
Purposes and lawful bases for processing
The purpose of this processing is the performance of contracts between us and our clients, partners or suppliers.
We rely on the following bases for processing:
- Contract: The processing is necessary for us to perform a contract, or to take some agreed steps before entering into a contract.
- Legitimate interest: In certain cases, we may need to retain information about a contract to protect the interests of our company.
- Legal obligation: In certain cases, we may need to retain information about a contract to comply with law or regulation.
3.5. Personnel management
This section refers to the processing of personal data of Renaissance's personnel, which may include staff, contractors and certain partners.
Processing details
Renaissance collects, stores and uses personal data about our personnel, which is necessary for the performance of their contracts with Renaissance and the application of our people management policies. This information may include the following types of information, as described in section 3.1.1: personal details, contact details, professional details, recruitment records and employment/contract records. This information will be provided by the individual and may be completed by Renaissance with internal information generated as part of our people management policies (e.g. performance reports) and information from external sources (public sources, references provided by our business contacts). If the processing of "special category data" and criminal offence data is required, we will follow the guidelines described in section 3.1.1.
This information will be stored in our Personnel database and in other related systems (e.g. the PAYE system). The information will be kept for the duration of the contract with Renaissance, plus an additional standard period of 2 years. Exceptionally, certain information may have to be kept for a longer period to comply with law and regulation (e.g. HM Revenues & Customs require companies to keep certain records up to 3 years from the end of the tax year they relate to). In the same way, Renaissance may have to share some of that information with authorised parties for legal reasons.
Purposes and lawful bases for processing
The purpose of this processing is the effective management and development of Renaissance's personnel and the performance of their contracts with Renaissance.
We rely on the following bases for processing:
- Consent: The individual has expressly provided their consent for processing certain information.
- Contract: The processing is necessary for us to perform a contract, or to take some agreed steps before entering into a contract.
- Legitimate interest: The processing is necessary for us to pursue our legitimate interests as a company.
- Legal obligation: The processing is necessary to comply with law or regulation.
3.6. Recruitment
This section refers to the processing of personal data of individuals who take part in Renaissance's talent acquisition and recruitment processes.
Processing details
Renaissance processes personal data about applicants and potential candidates in relation to job opportunities with us. The processing may include the following types of information, as described in section 3.1.1: personal details, contact details, professional details and recruitment records. This information may be provided by the individual as part of their application or during the recruitment process. It may also be obtained and completed by Renaissance, using information from both internal sources (e.g. information generated during our recruitment process, like interview reports, etc.) and information from external sources (e.g. personal referrals, public sources, etc). If the processing of "special category data" and criminal offence data is required, we will follow the guidelines described in section 3.1.1.
The information will be stored in our Recruitment database for a standard period of up to 1 year after the end of the recruitment process. If the selection process is successful, the information will be moved to our "Personnel database" and aggregated into the corresponding employment record (see section 3.5).
Purposes and lawful bases for processing
The purpose of this processing is the performance of Renaissance's talent acquisition and recruitment processes.
We rely on the following bases for processing:
- Consent: You provide your consent to process your personal details, contact details, and professional details for that purpose.
- Legitimate interest: The processing is necessary for us to pursue our legitimate interests as a company.
3.7. Online resources
Renaissance owns and operates a number of online resources which may be accessed by internal and external users, including the Internet domains renaissance-bse.com and renaissance-bse.co.uk, as well as their associated websites www.renaissance-bse.com and www.renaissance-bse.co.uk (currently redirected to the .com domain). This section refers to the processing of data about users and visitors of Renaissance's "online resources".
Processing details
Renaissance processes limited personal data about online users and visitors, including their user preferences and information about how they interact with our resources. For that purpose, Renaissance uses different technologies, including HTTP cookies and services like Google Analytics. You can find out further information about cookies technology and their usage by our website in the last version of our cookies notice, which is available at: https://www.renaissance-bse.com/cookies.php.
Google Analytics collects and processes data on behalf of Renaissance to track visitor interaction with our website and produce analytics reports for us. For example, Google collects details of the pages you view and the time you viewed them, the features of your browser, etc. We have configured the service to limit the information collected to the minimum required by our needs (e.g. enabling IP anonymisation to prevent the storage of your full IP address). To know more about the information collected by Google Analytics and their processing, you may find interesting this article from Google, where you can also find a link to their privacy policy.
You can manage your preferences about cookies and web analytics at any time, including the option of opting out of the tracking made by Google Analytics when you visit our site. For more information, please, refer to our cookies notice.
Finally, we want you to be aware that our online resources may contain links to third party sites not controlled by us and, therefore, out of the scope of our privacy policy. We encourage you to review the privacy policy of each external site that you visit.
Purposes and lawful bases for processing
The purpose of this processing is to allow us to analyse how visitors interaction with our site in order to improve our site and our services.
We rely on the following bases for processing:
- Consent: Renaissance requires your consent to store non-essential cookies on your device.
- Legitimate interest: The processing is necessary for us to optimise the use of our online resources, improve our contents, products and services and provide a better user experience.
3.8. Client projects
This section refers to the processing of personal data in the context of a project of Renaissance for a client which requires that processing.
Processing details. Purposes and lawful bases for processing.
If the execution of a project for one of our clients requires the processing of personal data by Renaissance in a scenario not covered in sections 3.2 to 3.7, the details of that processing (including our role as "data controller" or "data processor", information being processed, purposes and lawful bases for processing, etc.) will be defined in a specific privacy policy. That policy will be shared with all the relevant parties in accordance with data protection law.
4. Your rights and how to exercise them
You have a number of rights under data protection law. In this section, you will find information about all these rights, when they are available and how to exercise them. Renaissance is committed to replying promptly to your requests and, in any event, within the time limits defined by the regulation. In some cases, we may need that you provide certain details in order to process the request. If any further steps have to be taken by you or us, we will explain it on our reply. Please, read carefully the information and instructions given below to help you exercise your rights.
4.1. Right to be informed
You have the right to be informed about the collection and use of your personal data (what information is processed, how and on what legal grounds). You must also be informed about your rights and how to exercise them. With that purpose, we make publicly available a copy of the latest version this privacy notice on Renaissance's website, as explained in section 5 of this document. When explicit approval is required process your personal data (e.g. if you want to subscribe to our marketing communications or if you apply to work with us), prior to obtaining your consent, we will also inform you about our privacy policy and your rights.
How to exercise your right to be informed
If you have any further questions about our privacy policy (or you need a copy of the latest version of this document and you cannot access our website), please, email us at info@renaissance-bse.com (if possible, adding "GDPR: Right to be informed" to the subject).
4.2. Right to access your data
You have the right to obtain confirmation as to whether Renaissance process personal data about you, receive a copy of your personal data held by us as a controller and get information about how and why we process your personal data (similar to the information provided in this privacy notice).
How to exercise your right to access your data
Send us your request by email at info@renaissance-bse.com (if possible, adding "GDPR: Right of access" to the subject). We will need that you provide enough information in your request to identify you. We may also ask you to prove your identity to ensure that only you access your personal data.
4.3. Right to get your data corrected
If the information that Renaissance stores about you is inaccurate or incomplete, you have the right to request us to amend or complete your personal data.
How to exercise your right to get your data corrected
This right may be exercised by emailing Renaissance at info@renaissance-bse.com (if possible, adding "GDPR: Right of rectification" to the subject). We will need that you indicate in your request the information to be amended or completed. We may also ask you to prove your identity to ensure that only you change your personal data. In certain cases, we may also require further evidence from you about the information to be corrected (e.g. a contractor who wants a professional certification to be added to their record).
4.4. Right to get your data deleted
The data protection law defines certain circumstances where you have the right to get your personal data deleted from our systems:
a) the personal data is no longer necessary for the purpose which supported their collection or processing
b) the only legal ground for holding your data is consent, and you withdraw that consent
c) the legal ground for processing your data is legitimate interest, you object to the processing and there is no overriding legitimate interest to continue this processing
d) we process the personal data for direct marketing purposes, and you object to that processing
e) your personal data have been unlawfully processed
f) your personal data must be deleted to comply with a legal obligation
We have designed our internal procedures to delete and/or prevent the processing of your data in these cases. Regardless of that, you have the option to explicitly demand the erasure of your personal information.
How to exercise your right to get your data deleted
Should any of the cases listed above apply to you, and you want your information to be erased from our systems, please email us at info@renaissance-bse.com (if possible, adding "GDPR: Right to erasure" to the subject). You must indicate in your request which circumstance applies to you and give details of what personal data you want deleted. If additional information were needed to process your request, we would contact you.
4.5. Right to limit how we use your data
The data protection law defines certain circumstances where you have the right to restrict the processing of your personal data by us:
a) you have contested the accuracy and/or completeness of your personal data, and you request your information not to be processed while we verify it
b) you have objected to the processing of personal data that we collect or use on the grounds of legitimate interest, and you request your information not to be processed while we verify whether the legitimate grounds relied on by us are overridden by your interests
c) your personal data have been unlawfully processed, and you request restriction of processing instead of deletion
d) your personal data are no longer necessary in relation to the purposes for which they were collected and processed, and you request restriction of processing instead of deletion because that information is required by you to establish, exercise or defend legal claims
Renaissance's internal procedures restrict the processing of personal data whilst we are considering its accuracy or the legitimate grounds for processing the personal data in question. Our procedures are also designed to delete or prevent the processing in other circumstances, such as the ones described in section 4.4. Regardless of that, you have the option to explicitly request Renaissance to restrict the processing of your personal data.
How to exercise your right to limit how we use your data
Should any of the cases listed above apply to you, and you want Renaissance to restrict the processing of your personal data, please email us at info@renaissance-bse.com (if possible, adding "GDPR: Right to restrict processing" to the subject). You must indicate in your request which circumstance applies to you and the data you want to be restricted. If additional information were needed to process your request, we would contact you.
4.6. Right to object to the use of your data
According to the data protection law, you have the right to object to the processing of your personal data in the following cases:
a) processing of personal data for direct marketing purposes
b) processing of personal data whose lawful basis for processing is the legitimate interest pursued by us or a third party
Renaissance's procedures related to "direct marketing" are designed to make it easy for you to stop receiving our communications at any time. In particular, in all our direct marketing pieces, we include a link to allow you to get excluded from future direct marketing actions from us. Regardless of that, you have the option to make an explicit request. You can also use the procedure explained below to object to the processing of your data in other cases where the lawful basis for processing is "legitimate interest" (see section 3), although the data protection law requires you to provide the specific reasons why you are objecting.
How to exercise your right to object to the use of your data
Please, send us an email at info@renaissance-bse.com (if possible, adding "GDPR: Right to object" to the subject). You must indicate in your request which circumstance applies to you as well as your reasons to object (if that is required). If you object to the processing of data that we collect or use on the legal ground of "legitimate interest", we must verify whether the legitimate grounds relied on by us are overridden by your interests.
4.7. Right to data portability
You have the right to receive your personal data provided by you to us and have the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
How to exercise your right to data portability
Send us your request by email at info@renaissance-bse.com (if possible, adding "GDPR: Right to data portability" to the subject). We will need that you provide enough information in your request to identify you. We may also ask you to prove your identity to ensure that only you access your personal data.
4.8. Right to raise a concern
In the event that you have any concern about the way we are handling your personal data or any request you have made to us in connection with your rights under the data protection law, please, send us an email to info@renaissance-bse.com. We look into and respond to all the queries we receive. We are committed to working with you to resolve your concerns. We also invite you to send us your suggestions and ideas to improve our procedures and services.
If you are not satisfied with our response, you also have the right to lodge a complaint with the data protection authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. In the United Kingdom, the Information Commissioner's Office (ICO) is the independent authority set up to uphold information rights. For further information on your rights and how to raise a concern with the ICO, please refer to the ICO website: https://ico.org.uk/your-data-matters/.
5. Version and change log
This version of the privacy notice was last updated on 1 July 2020.
As part of Renaissance's internal procedures, we periodically review our privacy policy and the contents of this document. The last version of the privacy notice is available on Renaissance's website: http://www.renaissance-bse.com/privacy.php. A PDF version can be downloaded by clicking here.
Change log
- Version 1.0.0 [2020.07.01]: First public version of Renaissance's privacy notice.