Privacy & Cookies Policy
Last modified on: 23 March 2023
This Privacy & Cookies Policy (“Policy”) explains how Digitally Inspired Ltd. (“DI”, “we”, “Company” or “us”) and all its affiliated companies (the list of Digitally Inspired group companies is here) process your (“you” or “user”) personal data received through the website https://digitallyinspired.com, other DI branded websites and all pages related to them (“Website”) and during our recruitment process, hereinafter collectively referred as the “Services”.
We take your privacy seriously and will use your personal data only for the purposes and on the legal bases for the collection and processing of your personal data on the terms specified below. We tried to write this Policy in clear and plain language for your better understanding. By doing so we hope you will get all needed details to be assured your personal data is safe with us.
The Company is the controller of the personal data collected within the Services.
Personal data collected by the Company through our Services are processed in accordance with the EU GDPR and UK GDPR, as well as with the UK Data Protection Act 2018.
The Policy defines:
- what personal data we process;
- what are the purposes and grounds of such processing;
- what rights the user has concerning such data;
- whether the data is transferred to third parties;
- what measures we take to protect personal data;
as well as other details of personal data processing.
If you have any questions about the Policy, the processing of your personal data by the Company, or the exercise of your rights as a personal data subject, send us a request to firstname.lastname@example.org.
1. What is Personal Data?
Personal data (or data) is any information relating to you, and that alone or in combination with other pieces of information allows the person who collects and processes such information to identify you as an individual. In general, these could be your name, email-address, location data etc. Personal data could also include such technical information as MAC-addresses, IMEI, IP-address, both static and dynamic, browser, and system information.
Personal data processing means any action with it, for example, collection, recording, organising, structuring, storage, use, disclosure by any means, and so on.
2. What Data Do We Collect?
The categories of personal data are divided into separate subsections based on the specific Services that you consume. Please be aware that we do not purposely collect and process any of your sensitive information.
You can enjoy our Website without giving us your personal data or providing your consent.
1. Data related to your requests
When you send any request or message to the Company’s email address, we collect and process the data you voluntarily provide to us (e. g. your name, surname, email address, phone number). You can also specify other personal data in the request. We ask you not to provide us with excessive personal data, including the personal data of any third parties or sensitive data.
2. Data related to recruitment and employment
From time to time, we receive and collect personal data about potential candidates in order to invite them to join our team. This may happen if you send us your CV in response to an available vacancy posted by us on the Website or if we collect certain recruitment data with the use of platforms like LinkedIn or JustjoinIT, etc. You will find more information about our recruitment process in Section 5.
Also, we may collect and use your personal data for the purpose of your employment within DI.
3. Automated collection (cookies and similar technologies)
The cookies are tiny pieces of code that may remain in your device after you have visited some website. Cookies and similar web technologies help us to automatically receive the information from your device and send the information back to improve your interaction with the Services and ensure its effective functioning.
A cookie file usually contains the name of the domain it comes from, its “expiry time” and an individual, randomly selected number identifying this file. In some cases, cookies are used to collect data that is recognized to be personal data, such as IP addresses and data linked to the IP address (traffic data). The usage of such cookies is regulated by the data protection laws. That is why you as a user obtain more rights to control the collection and processing of some data. Cookies could be placed by the website owner and third parties.
You can find more information about cookies at All About Cookies and Internet Cookies websites.
We may collect information about your activity on the Website using the Services with analysis purposes. Please find more details about how and what cookies we use in Section 8.
3. Lawful Basis and Purposes of Processing Your Data
a. Lawful basis
We may also use this basis when it is necessary to take steps at your request prior to entering into a contract with you and we cannot obtain your freely given consent, but we are eager to conclude a contract with you upon your request. For instance, this could be when you directly ask us to consider your CV for a particular opportunity.
You can find details about this legal basis for the recruitment purpose in Section 5.
In some cases for recruitment, we may ask for your freely given, specific, unambiguous consent, when other grounds are not applicable. Where processing of your data is based on consent, we remind you that you can withdraw your consent at any time. You can find more details about this legal basis for the recruitment purpose in Section 5.
Legitimate interest. We collect and process data related to your responses to the vacancies placed on the Website on the basis of the legitimate interest. Such interest is to evaluate you as a candidate to the particular position and be able to communicate with you in this aspect or when you contact us via email available on the Website or otherwise.
We make a legitimate interest assessment in each particular case to make sure that our interests are not overridden by your interests or fundamental rights and freedoms.
You can find details about this legal basis for the recruitment purpose in Section 5.
b. Purposes of processing
We collect and process the personal data described in the section above in order to provide you with all the necessary Services.
In particular, we collect and process different types of data for the following purposes:
- data related to your requests – to communicate with you at your request, to provide a comprehensive answer to your inquiries, and to make sure that you are satisfied with our Services;
- data related to recruitment and employment – in order to be able to contact you to discuss possible forms of cooperation; to be able to assess whether you meet the criteria described in the vacancy. You can find details about the data collected for the recruitment purpose in Section 5;
- data collected through the automated collection – as indicated in Section 8 related to data collected via cookies.
Additionally, we may process your data:
- for the compliance with our legal obligations, including those related to your employment;
- to protect your vital interests or vital interests of another natural person;
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
If we decide to change the purposes of processing specified above, we will inform you on such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes (unless additional purpose of processing is compatible with those listed above).
Please note that we do not sell your data or make any decision based solely on automated processing that may produce legal effects or similar significant effects.
4. How long do we store your data?
a. Retention period
Generally, we do not store your data if it is not necessary for our purposes described above. To be more precise, we store your data for such periods:
- data related to recruitment – DI stores data as long as it is needed for the stated purposes or as long as DI in good faith believes that it is needed for further cooperation. In any case, we do not store data for longer than 1 year following the last contact with you. If you were refused to cooperate with DI within the particular opportunity, we may store your data for 1 year thereafter, unless you object and we delete the data on your request. We may still store certain data after you object to processing or withdraw consent, or after the retention period is over. This would be only for the establishment, exercise or defence of legal claims, or if DI demonstrates other compelling legitimate grounds for the processing;
- data related to employment – during your employment in DI and as long as required by applicable law;
- data connected to your requests – during our communication with you and reasonable time thereafter to ensure that you are satisfied with our response and you have received all needed information;
- data collected through the automated collection – depends on the type of cookies used on the Website. A detailed description of such cookies and the terms of their data storage are indicated in Section 8.
b. Other processing
Please note that sometimes we may process your data for the period longer than indicated in this section. Such processing could be carried by us only for statistical purposes as it is provided for in Article 5 of the GDPR and subject to the appropriate safeguards in accordance with applicable data protection laws.
Statistical purposes mean any collection and processing of personal data necessary for statistical surveys or to produce statistical results. The statistical purpose implies that such statistical results do not include personal data, but only aggregate data. The statistical results may further be used for various purposes, for example, to assess our business development, understand the market demands and improve our Services.
In most cases, we will anonymize your data before starting processing it for statistical purposes. As a result, such data will no longer be considered personal and its use will not be governed by data protection laws.
This section applies to candidates for future engagement purposes whose personal data we collect from publicly available sources or directly from candidates.
In this section, we explain what types of personal data we gather from you as a candidate, how the personal data is used, with whom the personal data is shared, etc. The terms of transfer of data to third parties, the protection of your data and your rights are described in other Sections of this Policy.
a. Nature (categories) of personal data
For our recruitment purpose, we may gather, store and use the following personal data related to you: full name, birth date, desired position, phone number, e-mail, experience, current city or country, information on the skills, professional achievements and education, interests, photo, current place of work, other CV content that you share with us, as well as the results of the assessment of your application.
You usually voluntarily provide us with your data. If you decide not to provide us with some data, we might not be able to assess your application, and you might be excluded from the recruitment process.
We do not intentionally collect sensitive personal data (like data about health, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs etc. And, we ask you not to provide us with any excessive personal data, including sensitive data, in your CV, portfolio, or within letter.
b. Type of processing
We collect your personal data mentioned above from the following sources:
- Your LinkedIn account (including the extensions such as AmazingHiring which help to collect contact data from open sources like LinkedIn);
- JustjoinIT, a service for publishing of vacancies;
- Directly from you via e-mail as response to the vacancies placed on the Website or chatting on LinkedIn or during the calls and interviews with you. Please do not provide us with the excessive personal data in your CVs or communication.
We store and manage this data in Cleverstaff – Applicant Tracking System (ATS) integrated with LinkedIn.
We may also use Google Workspace for the data processing in a limited number of cases.
c. Legal basis of processing
We process your personal data on the following bases:
1) Legitimate interest – our business development, namely searching the candidate to enter into some type of the agreement (employment, civil services agreement), contacting such the candidate, and building the relationship for the cooperation with the candidate on contractual or non-contractual basis when it may be of interest to both parties.
Our legitimate interest applies in cases:
- when we collect data from open sources without your consent, including via integrations with LinkedIn of our ATS and through the extensions;
- when we store your data in our ATS for the future analysis on whether we could offer you any future opportunities of cooperation;
- when we actually use your data provided for one opportunity to contact you with other future opportunities (if you did not object to such storage and contacting).
2) Necessity to take steps at your request prior to entering into a contract with you: we may use this basis when we cannot obtain your freely given consent, but we are eager to conclude a contract with you upon your request. For instance, this could be when you directly ask us to consider your CV for a particular opportunity.
3) Consent: a freely given, specific, unambiguous consent you give us when we are asking for such consent and other grounds are not applicable. Where processing of your data is based on consent, we remind you that you can withdraw your consent at any time.
d. Purpose of processing
We process your data solely for the recruitment purposes:
- to communicate with you regarding the possible current or future cooperation with DI;
- to check if your application, academic, work and other qualifications fit to the requirements of the respective opportunity;
- setting up and conducting interviews;
- conducting evaluations and assessments;
- to conclude the employment or services agreement.
6. Granting Access to Third Parties
We do not sell your personal data to third parties. However, to provide qualitative services and support various functions of our Services, we may hire people, work with service providers, partner companies, and organisations. For these reasons, some of your personal data may be transferred to these persons.
In all cases, we comply with the requirements of data protection legislation and make every effort to ensure that data processing is secure at all stages. Our subcontractors and any other third parties will provide the same or equal protection of user data as stated in this Policy.
To achieve the purposes of data processing, we may provide your data to the following persons:
A. Our group companies, employees and independent contractors
We may pass on your data to our DI group companies, including their employees or verified independent contractors (like private entrepreneurs). For example, we may transfer your personal data like CV or those related to your employment to DI group of companies, including those located outside EU or UK (e.g. in Ukraine), for the purposes of your employment as well as processing of your personal data in recruitment process for a position in the respective DI company.
We always enter into non-disclosure and confidentiality agreements with those employees and independent contractors who have access to your data to ensure their data protection. In case of the independent contractors who are private entrepreneurs, we also sign the data processing agreements with them, where applicable.
B. Third-party services providers
The Company engages a number of trusted third-party service providers in order to support different features of our Services and ensure its overall functioning. We also use third-party services to organise our work in the most efficient way and provide our clients with the best customer service.
Therefore, we may grant the following third-party service providers (and their subcontractors) with a limited access to your personal data:
Most of the services listed above are designed for analytics and recruitment purposes.
If you are interested in more details about how these third-party services process personal data, please refer to their privacy policies available on their websites. However, we want to reassure you that due to their residency of headquarters or affiliates companies they all are subject to the best worldwide standards of data protection. We care about your data security and choose only reliable partners.
As regards the engagement of the above-mentioned service providers, we take all necessary steps to ensure compliance with the applicable data protection laws such as the GDPR. In particular, we make sure that your personal data is being protected and used only within the purposes specified in this Policy. This is achieved by using only certified services and products, signing agreements on protection of personal data with contractors and partners, as well as taking technical measures to ensure the information is protected when stored, used and while being processed and transferred.
When we transfer data to processors, we always conclude the data processing agreements with the contractors who are processors of your personal data. The processors could be from outside of the EU or UK (e.g. in Ukraine), in which case we apply appropriate safeguards, namely conclude standard contractual clauses with them. You may obtain a copy of such appropriate safeguard via contact details provided in Section 11.
Since the UK and EU are the countries to which the data could be transferred on the basis of an adequacy decision, no additional safeguards are necessary in case of transfer of data from EU to UK and vice versa.
We may disclose your personal data to ensure compliance with the law. In other words, we may disclose information necessary for an investigation or trial at the official request of public authorities. If we are forced to disclose your information, we will notify you immediately and provide a copy of the request unless prohibited by law.
7. Your Data Processing Rights
To exercise your rights listed below, you can send a request to the Company to email@example.com. In order to properly protect your data, the Company may take additional measures to identify you when processing your request. We will provide you with a response to your request no later than 1 month from the date of its receipt, except as provided by law.
Thereby, you have the right to:
1. Know about the sources of collection, the location of their personal data, the purpose of their processing, the location of the owner or controller of personal data. Receive information on the conditions for granting access to personal data, in particular information on third parties to whom your personal data is transferred.
The Company respects the rights of personal data subjects and provides all necessary information in an accessible and understandable format. The Policy was created to ensure this right. Please be aware that we never sell your personal data.
2. Access to your personal data and the right to receive an answer as to whether your personal data is processed, as well as to receive the content of such personal data.
You can at any time receive confirmation from us whether we are processing your personal data and receive a full copy of this data. In this case, you have the right to receive your personal data in a structured, commonly used and machine-readable format, as well as the right to transfer this data to another owner (controller) at its discretion.
3. Obtain a copy of the personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance where the processing is carried out by automated means.
Under the GDPR, you may exercise this right in terms of your personal data that is processed on the basis of consent or the performance of the contract, if the data is collected directly from you and not created by the Company.
4. Submit a reasoned request to us objecting to the processing of your personal data.
If the review of such a request reveals that the Company cannot demonstrate a valid legal basis for the processing of data that overrides your interests, rights, and freedoms, we will stop processing it and inform you about it. If the request is not satisfied, we will provide you with a reasoned response to the refusal.
Also, please let us know if we process your data on the basis of our legitimate interest and you do not want us to transfer your personal data to recruiters as the independent contractors, or to data storage and management services. If you object in the same form in which you have received the link to this Policy, we will not transfer your data to anybody and will immediately remove it from our database.
5. Make a reasoned request to change or destroy their personal data if such data are processed illegally or are inaccurate, as well as in other cases provided by law.
In particular, in the event of any inaccuracies in your data processed by the Company, you have the right to contact us with a request to make appropriate changes to their personal data. You may also request that your data be destroyed if you believe that the Company no longer needs it for the purposes for which it was collected.
6. Complain about the processing of your personal data to the supervisory authorities or to the court and apply legal remedies in case of violation of the legislation on personal data protection.
You have the right to lodge a complaint with a supervisory authority if you think DI violates your rights. This could be done, for instance, to the UK Information Commissioner’s Office or the Polish Personal Data Protection Office (where our Representative is), or your national data protection agency.
7. Make reservations about the restriction of the right to process your personal data while giving consent. Withdraw consent to the processing of personal data.
You can make reservations about restriction of the right to process your data or withdraw your consent to the processing of your personal data at any time, but only in case the legal basis for the processing was the consent. In this case, we must stop processing, i.e., destroy or delete your personal data and notify you on the results.
There may be exceptions to this right. For example, if the law requires the Company to retain this data, or when it is necessary for protection in litigation, or when the Company has other grounds for processing, etc.
8. Know the mechanism of automatic processing of personal data and the right to protection against an automated decision that has legal consequences for you.
This provision is intended to protect the data subject from decisions made by the algorithm without human involvement or control. For example, if a computer program decides on the basis of certain collected information who needs help and who does not. To protect you against such a decision, if we implement one, we will explain the subject of the rules and logic of decision-making by the algorithm, as well as the ability to require a review of the decision by a person. However, as of now, the use of the Services does not provide any solely automated solutions that would have legal consequences for you.
8. About Cookies and Their Usage
Our analytics cookies may also collect information about your browser type and settings, device type and settings, operating system and mobile network. This information is used to distinguish you from other visitors of our Website, but it cannot be used to identify you as a named individual.
b. What data do we automatically collect via the Website and which cookies do we use for that?
We may install to your browser the following type of cookies provided by Google Analytics:
|Type||Name||Description and purpose||Storage and retention period|
|Analytical cookies||__utmc||The cookie is set by Google Analytics and is deleted when the user closes the browser. It is used to enable interoperability with urchin.js, which is an older version of Google Analytics and is used in conjunction with the __utmb cookie to determine new sessions/visits.||session|
|Analytical cookies||_utmz||Google Analytics sets this cookie to store the traffic source or campaign by which the visitor reached the Website.||6 months|
|Analytical cookies||__utmt||Google Analytics sets this cookie to inhibit request rate.||10 minutes|
|Analytical cookies||__utmv||The __utmv cookie gets set on the person’s computer, so that Google Analytics knows how to classify that visitor.
It is a persisteant cookie. It is used for segmentation, data experimentation, and the __utmv works hand in hand with the __utmz cookie to improve cookie targeting capabilities.
c. How does the Company deal with data collected through the cookies?
The cookies usage message for the Website was the first message that you were likely to see when you visited our Services. In cases when we install cookies that are strictly required for the functioning of the Website in general and some of its features in particular, we do not ask you for a consent to install them.
Data that we collect with the cookies, where it is personal data, are processed in accordance with this Policy. For instance, our employees and subcontractors may be able to access this data. Moreover, your data may be processed on our behalf by the third-party service providers mentioned above.
d. Can you regulate your choices as to the automated collection of data?
Yes, by your choices on our banner, as well as by choosing the appropriate settings of your browser.
The following links might be useful for you to choose the best option of your browser and OS:
For the users of Internet Explorer
For the users of Firefox
For the users of Chrome
For the users of Safari web and iOS.
For the users of Android.
9. Security of Personal Data
We take appropriate security measures to protect your personal data from accidental loss or destruction, from unlawful processing or access to it.
Confidentiality. All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties. Also, any access by authorised personnel is logged.
We use verified contractors that might have access to the data as specified in this Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely.
Isolation. Access to personal data is restricted to individually authorised personnel. Authorised personnel are granted a minimum access on a need-to-have basis.
Securing credentials and access tokens. Firewall is installed on all servers, which prohibits access from all computers on the network except the corporate network. Tracking Data Transfer is ensured through a comprehensive solution based on the analysis of the system server logs and their current state.
Logging. To register and track all access to data and requests for receiving or changing data, a system for collecting and monitoring all system logs at different levels of the application is used.
Internal Policies and Procedures. All the employees and the contractors are obliged to obey the internal security policy with respect to the processing of personal data. Such policy provides for organisation, physical, and technical security measures, and, for such purpose, takes into account the nature, scope, context and purposes of the processing, as well as the risks posed to the rights and freedoms of data subjects.
Disclaimer. While taking necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violation of your rights as a data subject, we would inform you and the respective data protection authorities as to the accidents without undue delay. We will also do our best to minimise any such risks.
11. Contact Information
Address for written correspondence: 2 Bell Court, Leapale lane, GU1 4LY