Privacy Policy
Date last revised: March 2024
THE EDWIN GROUP LIMITED (we/us/our) is the holding company for The Edwin Group of companies. We are located at 1st Floor (South), Cathedral Buildings, Dean Street, Newcastle NE1 1PG (company number 12406031).
We process personal data in accordance with this Privacy Policy, applicable data protection laws, the Information Commissioner’s Office (ICO) guidance or best practice, and in accordance with the requirements of our contracts agreed with our clients (if any).
1.1 This policy sets out how we process personal data, to the extent we do so. This policy also signposts you to the various entities within The Edwin Group of companies who may process your personal data at any time.
1.2 We employ a limited number of staff who are subject to our internal staff privacy notice.
1.3 We do not provide services to clients or customers. We enter into commercial contracts with our suppliers in our ordinary course of business, and any data protection compliance provisions are set out in those contracts.
1.4 This policy is published on our website at www.edwin.group but is not directly accepted by individuals as we do not engage with individuals directly – it is for information and reference only. We only capture personal data directly through the contact form on our website if you wish to get in touch with us for the purposes of re-directing you to the appropriate Edwin entity listed in Paragraph 2.1 below, or through cookies used on our website. Please refer to our cookies policy for more information.
1.5 This policy is not intended to be a contractual document unless expressly stated in any relevant contract we enter into.
1.6 Terms used within this policy shall have the meaning(s) given in the Data Protection Act 2018 (Act), the EU General Data Protection Regulation (2016/679) (GDPR) and/or the UK GDPR, as applicable.
1.7 Any changes or updates we make to this policy will be posted on this page. Any changes will apply when you continue to work with us after the date of the relevant change, so you may need to update policyholders directly.
1.8 If you have any queries relating to this policy, please contact us at dpo@edwin.group.
2.1 For the purposes of the Act, the data controller will be either The Edwin Group's relevant entity, or that entity’s client or customer (depending on the data flows). You are directed to The Edwin Group's following entities and their respective privacy policies set out below:
2.2 We are required to be registered with the ICO to process personal data in the limited circumstances in which we do so, and our ICO registration number is ZB589488.
3.1 Personal data processed within The Edwin Group is on the lawful basis either set out in the relevant entity’s Privacy Policy, or the contract between The Edwin Group company and its customer.
3.2 We host all personal data relating to contacts we liaise with in connection with our services through The Edwin Group's wider databases, and access to that data is made available to other companies within The Edwin Group and may be used for marketing and data analytics purposes.
4.1 We process personal data based only on the data we can access through The Edwin Group’s centralised databases, which we may access from time to time in a data processing capacity only. These reports contain a wide range of personal data, including contact information (including names, addresses, emails, telephone numbers), NI numbers, previous experience, financial information (including salary, tax and bank account details), information relating to work absences and special category data ordinarily processed by The Edwin Group's relevant entity. We do not capture or receive any personal data from third parties relating to internal employees.
4.2 We may, from time to time, process personal data relating to employment tribunal claims or related insurance policy complaints or claims, where necessary.
4.3 We also collect personal data from website users through cookies and Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses "cookies", which are text files placed on your computer to help analyse how you use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the USA. Google will use this information for the purpose of evaluating your use of our website, compiling reports on your activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this your ability to use our website may be restricted. By using the website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
4.4 We automatically collect technical information about the device you use to visit our website, including your IP address, browser type / version and related settings. We also use cookies to monitor website use and how you interact with it.
5.1 In all cases, the personal data we process is returned to The Edwin Group entity who disclosed it to us. We do not pass the contents of any reports to third parties unless The Edwin Group's relevant entity has agreed this with their client.
5.2 We do not use third parties to process any personal data on our behalf in connection with our services, our software, web portal or our contracts. Only our Cloud-hosting services provider is engaged to process our personal data at any time and they are hosting from the USA. Our hosting provider, Cloudinary Inc. have self-certified themselves with the US-EU Data Privacy Framework to ensure safe and reliable data transfer mechanisms from the UK to the USA.
6.1 Data subjects can contact us directly at any time to ask us to clarify what personal data (if any) we hold about them, how it was obtained and why we use it. Where we do process any of their personal data, they can ask us to amend any inaccurate data, delete data they think we no longer need, or to reduce the circumstances in which we process it. However, data subjects are directed to contact The Edwin Group's relevant entity with whom they (or their organisation) are likely to be contracting with in the first instance.
6.2 We can provide support to The Edwin Group's relevant companies in connection with any rights exercised by data subjects at any time.
6.3 We have the capacity to extract personal data from our databases, but as we do not capture personal data from data subjects directly, any data we process duplicates personal data processed by our clients contained in the relevant reports we receive from them, and you (as data subject) will need to also ask them to delete your personal data (if required). We cannot ask our client to do that on your behalf.
6.4 If you wish to exercise your rights at any time, please contact us on the details set out at the beginning of this policy. We will require you to verify your identity to us before we can provide any personal data to you, and we reserve the right to ask you to specify the types of personal data you want to see. We may also notify our client, if you have not already done so.