Privacy and Cookie Policy

This Policy provides you with information about how we use your personal data, which we might receive in connection with our services, enquiries submitted through or use of our website db-recruiter.com or its subdomains (the Sites), or otherwise in connection with our business. When we refer to you we mean any individual outside our business – you could be one of our clients, a prospective client, a supplier, a referrer or anyone else.

We or us means Status200 Ltd (company registration no. 11019310), a limited company whose offices are at 113 Manchester Road, Warrington, England WA1 4AP.

This Policy only covers personal data of which we are the data controller. Sometimes we handle personal data on behalf of our clients as their data processor: that’s dealt with separately in the terms we’ve agreed with our clients.

Summary

Full details are set out in the relevant sections of this Policy below, but keeping it brief:

• we normally receive your personal data from you, but sometimes it might be from a third party with whom we are mutually acquainted (e.g. referrals);
• we use your personal data to conduct our business, keep appropriate records and meet our legal obligations;
• we only provide your personal data to third parties for our business purposes or as permitted by law. We don’t share your data with third party advertisers;
• we store personal data for specified periods for our limited business purposes;
• you have legal rights in relation to your personal data which you can exercise on request;
• the Sites use cookies; and
• you can contact us to enquire about any of the contents of this Policy.

1. Our use of personal data

1.1 Service data
When we’re engaged to provide services, we may handle personal data such as your name, contact details, information about your business, and documents and correspondence relating to the services provided by us (such as emails to and from you). We call all of this service data, and we use it for the purposes of providing our services and for record-keeping and client management purposes.

1.2 Communication data
When you communicate with us, or vice versa, and whether by letter, email, through the Sites, through social media, or otherwise, we may handle personal data contained in or relating to that communication. may include content and metadata associated with the communication, as well as any contact details you provide to us such as your name, email address, phone number, job title, address or social media username. We call all of this communication data, and we use it for the purposes of communicating with you and record-keeping. If you are a client or prospective client, then we may also use communication data to provide you with occasional news about our business and services: you can opt out of receiving further news at any time.

1.3 Transaction data
We may handle personal data relating to transactions, such as bank account details, contact details, transaction data or associated documents (POs, bills, invoices) in relation to payments made by us to you or by you to us (transaction data). We use this to make and receive payments and to keep proper records of the relevant transactions. We do not collect or process your credit or debit card details when you make payments through the Sites. We use Paddle.com Market Limited (Paddle) as a reseller of our software or services. Paddle in turn uses various payment processing service providers such as PayPal, and it is only those payment processing service providers who will collect and process your payment information. For more information about how Paddle works, please see www.paddle.com.

1.4 Partner data
If we have some other commercial relationship with you (for example, a sponsorship or referral relationship) then we may handle your contact details, and any related documents and communications. We call all of this partner data, and we process it for the purposes of administering our commercial relationship with you.

1.5 Account data
When you register for an account on a Site (for example, DB Recruiter), we will receive and handle certain personal data in order to open, maintain and administer that account, such as your name and email address. We call this account data, and we process it for the purposes of administering your account.

1.6 Usage data
We may collect data about your use of the Sites (usage data). This may include your geographical location, browser type and version, IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use. This data is obtained through Google Analytics and GoSquared. We process usage data for the purpose of improving our Sites and analysing how they are visited and used. Generally usage data is anonymised and does not constitute personal data: however, if you are a registered user of our Site then some usage data may be associated with your account and may constitute personal data.

1.7 Personal data we obtain from others
Your personal data may be provided to us by someone other than you: for example, we might be introduced to you in correspondence if you and we are both advising the same client, or if we’re working for your employer then they might put us in touch with you in connection with those services. Normally this data will be communication data, service data or partner data as described above and will be processed by us for the purposes described above.

2. Our legal basis of processing

2.1
We’re required by law to identify the “legal basis” on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (GDPR).

2.2
We process personal data on the following lawful bases identified in Article 6 GDPR:

1. for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Article 6(1)(b) GDPR). This may be our basis for processing communication data, service data, partner data, account data and transaction data; 2. for our legitimate interests (Article 6(1)(f) GDPR). This may be our basis for processing: 1. communication, service, account and partner data (as we have an interest in properly administering our business and communications and in developing our business with interested parties); 2. transaction data (as we have an interest in making and receiving payments promptly and in recovering debts); 3. any personal data in connection with legal claims (as we have an interest in being able to bring and defend claims to protect our rights and the rights of others); and 4. any personal data in connection with backups of our IT systems or databases containing that personal data (as we have an interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data).

2.3
We may also handle your personal data to comply with legal obligations (for example, we have to keep records for tax purposes).

3. Providing your personal data to others

3.1
We may disclose your personal data to our insurers and/or professional advisers to take professional advice and manage legal disputes.

3.2
We may disclose personal data to our suppliers or subcontractors in connection with the uses we’ve described above. For example, we may disclose:

1. any personal data in our possession to suppliers which host the servers on which our data is stored (such as Amazon Web Services, Inc. and Digital Ocean, Inc.) or who provide us with content management services (such as Box, Inc.); 2. any personal data related to our development services (most likely service and communication data) to providers of our software development platforms (such as Circle Internet Services, Inc., and GitHub, Inc.). If the software we develop accesses or makes any use of personal data provided by you then it is possible that during the course of development that information will be temporarily stored on the relevant platform provider’s servers; 3. communication data to providers of email or email marketing services (such as Fastmail Pty Ltd, Avenue 81 Inc. d/b/a Leadpages); 4. communication data relating to help desk enquiries to providers of help desk services (such as Help Scout, Inc.); 5. transaction data to our payment processing service providers; and 6. transaction data and other relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.

3.3
We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.

3.4
We may also disclose your personal data where necessary to comply with law.

3.5
If any part of our business is sold or transferred, your personal data may be disclosed to the new owner.

4. International transfers of your personal data

4.1
Some of the service providers discussed above may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. We will ensure that transfers made by our data processors will only be made in accordance with law using appropriate safeguards, such as Privacy Shield or the use of standard data protection clauses approved by the European Commission. You may contact us if you would like further information.

4.2
We may also transfer personal data outside the EEA from time to time:

1. with your consent; 2. where required by your instructions (for example, if we are supporting you on a project based outside the EEA); or 3. if we take our mobile devices with us when travelling overseas to ensure continuity of service.

5. Data security

We have put in place appropriate security measures to protect your personal data. We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law.

6. Retaining and deleting personal data

6.1
We will delete personal data when it’s no longer needed, and in particular:

1. service, partner and transaction data will be retained for seven years after the end of the relevant contractual relationship; 2. communication data will be retained for the period of the enquiry or chain of correspondence and then deleted after twelve months; 3. account data will be retained for as long as your account is open, and will be deleted on account closure; 4. usage data which is anonymised, and therefore not personal data, may be retained by us indefinitely. Any usage data which is associated with your account will be retained for as long as your account is open, and will be anonymised on account closure.

6.2
We maintain system backups for disaster recovery purposes and may retain those backups for up to two years. That means that information which is deleted from our live systems may still remain in backup for up to two years.

6.3
We may retain your personal data longer where necessary to comply with law or in connection with any legal claim.

7. Your rights

7.1
You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office at ico.org.uk for a fuller explanation of your rights. In summary, though:

1. **the right to access**: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with certain additional information; 2. **the right to rectification**: you have the right to have any inaccurate or incomplete personal data about you rectified or completed; 3. **the right to erasure**: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes); 4. **the right to restrict processing**: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law; 5. **the right to object to processing**: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law; 6. **the right to data portability**: you have the right to receive your personal data from us if the legal basis for our processing is the performance of a contract with you, and such processing is carried out by automated means; and 7. **the right to complain to a supervisory authority**: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint with the ICO.

8. About cookies

8.1
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

8.2
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

8.3
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

8.4
We use these kinds of cookies:

1. **Strictly Necessary Cookies**: These are required for the operation of the Sites and allow you, for instance, to log into your account or make use of e-payment services. 2. **Analytical/Performance Cookies**: These allow us to recognise and count visitors to the Sites and analyse their actions and movements on the Sites. This helps us improve the Sites (for instance by ensuring that users can find key functions easily). 3. **Functionality Cookies**: These are used to remember visitors to our Sites and choices they have made, allowing us to remember your preferences. 4. **Targeting Cookies**: These cookies record your visit to the Sites, pages you have visited and links you have followed. We use this information to make the Sites (and any advertising on the Sites) more relevant to your interests. 5. **Google Analytics**: The Sites use Google Analytics (an analytical/performance cookie) to help analyse how users use the Sites, collecting standard internet log information and visitor behaviour information in an anonymised form from which no user is identifiable. This information is transmitted to Google and processed to compile statistical reports on activity on the Sites. These reports allow us to optimise our user experience. Google provide a browser add-on for users who wish to prevent their data from being used by Google Analytics. Further information is available at https://tools.google.com/dlpage/gaoptout/. 6. **Go Squared Ltd**: The Sites use Go Squared Ltd’s web analytics services, which involve the use of analytical/performance cookies. The information generated by the cookie about your use of this website (including your IP address) are transmitted to GoSquared (which may use data repositories outside of the European Economic Area (EEA) such as the United States of America), where it is then stored for us. We control how the information collected about you is used. GoSquared will use it on our behalf to evaluate your use of this website and report to us about this website’s operations. GoSquared may provide it to third parties if needs be, for example, in order to comply with the law or to third parties processing that information on behalf of GoSquared. For more information on GoSquared’s practices, please see http://www.gosquared.com/legal/. 7. **Third Parties**: Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

8.5
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies via the support pages made available by your browser operator.

9. Further information

If you have any questions in relation to the contents of this Privacy Policy you can contact us using the contact form or support page on the Site or at info@status200.co.uk.

10. Third Parties and Security

10.1
The Site may contain links to third party websites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party entity referred to on the Sites, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.

10.2
We do our best to ensure the security of personal data provided to us (and to use only reputable service providers), any transmission of data via the Internet is by its nature insecure and we cannot guarantee the security of any personal data you provide to us.

11. Amendments

We may update this Policy from time to time by publishing a new version on the Sites. You should check occasionally to ensure you are happy with any changes to this Policy, although we may notify you of material changes to this Policy using the contact details you have given us.

12. Contact Us

If you have any questions, comments or requests regarding this Privacy and Cookie Policy or our use of any personal data you provide to us, please contact us at Status200 Ltd, at 113 Manchester Road, Warrington, England WA1 4AP or at info@status200.co.uk.

Last updated: 20.11.2021