Our contact details
twentysix head office is located at Royal house, 28 Sovereign street, Leeds, LS1 4BA. Telephone 0113 3202626. Our registered address is 90 Tottenham Court Road, London, W1T 4TJ. Our web address is twentysixdigital.com and our general email is firstname.lastname@example.org.
Data Protection Framework
The Data Protection principles
The Data Protection Legislation regulates the use of personal information generally. This means everyone must comply with seven data protection principles which say that personal data and its processing needs to be:
- Fair, lawful and transparent;
- For specified, explicit and legitimate purposes (purpose limitation);
- Adequate, relevant and limited to what is necessary (data minimisation);
- Accurate and, where necessary, kept up to date (accuracy);
- Not kept longer than necessary (storage limitation);
- Processed using appropriate security (integrity and confidentiality); and
Data Protection Officer
Our Data Protection Officers is Rob Jobbins. You can contact him at email@example.com or via our postal address: twentysix, Royal house, 28 Sovereign Street, Leeds, LS1 4BA.
WHAT TYPE OF INFORMATION DO WE HAVE?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, passport number/driving license or similar identification (including photographic), marital status, title, date of birth and gender and also information regarding who you are to us (such as a client, employee or a member of the public) and sometimes (for conflict and professional reasons) how/whether you are related to another client or person;
- Contact Data includes billing or home address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of services or anything else you have purchased from or through us.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences in relation to our newsletter and our agreed methods for contacting you generally.
- Staff Data: next of kin, bank details and GP’s address; your current (and occasionally) previous home addresses; CV, if you are a job candidate. We may also require background checks to be carried out by the Disclosure and Barring Service. We also capture details from internal key passes for security purposes only.
- CCTV images: we monitor our premises both internal and external on and around our premises for the purpose of providing security and investigating any crimes or serious complaints relating to our business or anyone visiting our premises.
Some information is defined in the Data Protection Legislation as falling under a special category of personal data. This is information about you which relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, genetic and biometric data processing, health data, data about sex life or sexual orientation. We will not usually ask you to provide this information and we ask that you do not send us any such sensitive personal data. If you do, we may delete it immediately just to be safe. You should always check with us before you send us any of this kind of data.
We do not normally collect any information about criminal convictions and offences, except for specific job roles where the law (or regulations affecting our clients) require background checks to be carried out. We will only process this type of data with your explicit consent if required as part of any application, and we will notify you if this is required for your role.
HOW DO WE GET THE INFORMATION AND WHY DO WE HAVE IT?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have visited our website
- You are a client
- You are a business contact or someone we come across at networking events, or we have worked collaboratively with;
- You have made an enquiry or information request to us under the Data Protection Legislation
- You subscribe to our newsletters or other publications.
- You have applied for a job.
- Anyone who sends us anything which constitutes personal data for any reason.
Collecting your data through our website
We collect email addresses through our website, which are used for the exclusive purposes of sharing marketing information about twentysix to those that choose to sign up. The data collected will be stored until you choose to opt out or unsubscribe to further communications, this will be possible through any email we send you or through contacting our Data Protection Officer.
You may also decide to send us your personal information using links or contact forms on this website, if you are seeking more information, enquiring about employment, seeking services or for other similar purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are either providing this data for us to process on the basis of our mutual legitimate interests in processing your request or, where you send us anything that could be considered to be a “special category of data” then you acknowledge that you are taking an affirmative action by providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us. We reserve the right to delete any special category data and ask you to resend it to us where we feel that it is not appropriate to process it without your further consent to another purpose.
twentysix may access and use your personal data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, or (d) maintain the operations and security of the website and services we provide to you. We will not use your personal information for any other purposes, for example for the communication of marketing materials, unless we have your specific consent that permits us to do so, or where we are able to send you marketing of our own products based on our legitimate interest in letting you know about other products and services offered by twentysix that we think are relevant or related to services we have already provided to you, or that you have enquired about.
Children’s Personal Data
twentysix, and any services available from our website, are not directed to people under the age of 16. If you learn that a child under the age of 16 has provided us with their personal information without having parental consent, please contact the Company’s Data Protection Officer immediately so that we can take appropriate action. We reserve the right to delete any such data where we suspect it relates to anyone under the age of 16.
Clients and former clients
We collect personal information about all our clients or prospective clients because we need this information in order to be able to progress with their work and fulfil our contractual requirements.
The types of data we will collect, for example, clients name, email address, mobile telephone number.
Purpose and lawful basis for processing
The lawful basis we rely on for processing this data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a legal contract or to take steps at your request, before entering a contract.
Visitors to the office
We meet visitors at our office, including:
- External training providers;
- Job applicants;
- Suppliers and tradespeople;
- Stakeholders and partners
If your visit is planned, we’ll send your name and visit information to reception before your visit so they can welcome you. Everyone is given a generic visitor badge or pass. You must wear your badge/pass throughout your visit. We also ask all visitors to sign in and out at reception.
Closed-circuit television (CCTV) operates inside and outside the building for security purposes. Whilst we monitor the live feed to let people into/out of the building, the recorded information is accessible only to limited personnel and is periodically deleted.
Purpose and lawful basis for processing
The purpose for processing this information is for security and safety reasons. The lawful basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests, contract, legal compliance and vital interests. We have a legal and contractual duty to protect our employees from harm and we have a legitimate interest in making sure people aren’t kept waiting outside.
We have Wi-Fi on site for the use of visitors. We’ll provide you with the address and password. We record the device address and will automatically allocate you an IP address whilst on site.
We don’t ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service.
Purpose and lawful basis for processing
The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The lawful basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests and your legitimate interest in receiving free Wifi when you request to be connected to it.
People who work for us
We collect information about people who work for us as we need to do this to run our business. We also have legal obligations to adhere to such as maintaining insurance cover or ensuring the security and reliability of our staff.
Purpose and lawful basis for processing
We process our employee data in accordance with the law, our internal policies and individual contracts of employment.
The lawful bases we rely on for processing this data are Contract, Legitimate Interests, Legal Compliance, Consent (sometimes) and Vital Interests. See OUR LEGAL BASIS FOR PROCESSING YOUR DATA below for more information.
Applying for a job
Purpose and lawful basis for processing
Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.
The lawful bases we rely on for processing your personal data are Contract, Legitimate Interests, Legal Compliance, Consent (sometimes) and Vital Interests. See OUR LEGAL BASIS FOR PROCESSING YOUR DATA below for more information. If you provide us with any information about reasonable adjustments you require under the Equality Act 2010, the lawful basis we rely on for processing this information is Legal Compliance and, in some circumstances, this may be with your express consent.
The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes is with your express Consent.
We process information about applicant criminal convictions and offences for certain job roles. We will always get your consent for this type of information, unless you are a current employee and it is required to comply with our legal or contractual obligations (or those of our clients). We will always inform you before we request these types of checks.
What will we do with the information you give us?
We’ll use all the information you provide during the recruitment process to progress your application with a view to considering your suitability for, and potentially offering you, an employment contract with us and, where required, to fulfil our legal or regulatory requirements.
We will not share any of the information you provide with any third parties for marketing purposes.
We’ll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process based on our legitimate interest in developing and improving our future recruitment campaigns.
What if I don’t provide the requested information?
We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary. The information we ask for is used to assess your suitability for employment or for us to comply with our legal obligations. You don’t have to provide what we ask for, but it may affect your application if you don’t. For example, if we asked you to complete a background check and you refused this, we may not be able to fulfil our contracts for services with our clients and therefore we may not be able to consider you for a role.
We ask you for your personal details including name and contact details. We’ll also ask you about previous experience, education, referees and for answers to questions relevant to the role. Our recruitment team will have access to all this information, and they may share it with relevant department heads, managers or other limited employees where appropriate and required to assess your suitability for a particular role.
You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make that type of information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics.
We may ask you to participate in assessment tests and to complete tests; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by us.
If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we would proactively contact you should any further suitable vacancies arise.
If we make a conditional offer of employment, we’ll ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.
You must therefore provide:
- proof of your identity – you will be asked to attend our office with original documents; we’ll take copies;
- proof of your qualifications – you will be asked to attend our office with original documents; we’ll take copies;
- a criminal records declaration to declare any unspent convictions;
- your email address, which will be used to contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, which will verify your declaration of unspent convictions (certain job roles only);
- We’ll contact your referees, using the details you provide in your application, directly to obtain references;
- We’ll also ask you to complete a questionnaire about your health to establish your fitness to work; and
- We’ll also ask you about any reasonable adjustments you may require under the Equality Act 2010. This information will be shared with relevant staff to ensure these are in place for when you start your employment.
If we make a final offer, we’ll also ask you for the following:
- Bank details – to process salary payments
- Emergency contact details – so we know who to contact in case you have an emergency at work.
Subscribers to our e-newsletter
Purpose and lawful basis for processing
Our purpose for collecting the information is so we can provide you with a service and let you know about upcoming events.
The lawful basis we usually rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR. We need your name and email address. We use your email address to send you our E-newsletter. We may also send you marketing about our own products and services that we genuinely believe that you might be interested in under the lawful basis of legitimate interests. We will never send you marketing that is unrelated, or which relates to third party products and services unless you have given us your express consent.
We only use your details to provide the newsletter to you and to measure your engagement with it so that we can improve our services. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter.
You will receive a confirmation email once you have submitted your details which will also contain instructions on how to unsubscribe or withdraw your consent wherever appropriate.
What are your rights?
We rely on your consent to process the personal data you provide to us for marketing purposes. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time. If at any point you want to withdraw your consent, please email us or call us 0113 320 2020. If you do that, we’ll update our records ASAP to reflect your wishes.
Do we use any data processors?
Yes – we use Force24 to deliver our email newsletters (see below for their details)
HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, social media networking (such as LinkedIn) or otherwise. This includes personal data you provide when you:
- Apply for our products or services
- Email us directly for any reason;
- Meet us in person or speak with us over the phone;
- Provide/exchange business cards or connect with us on social media;
- Input your details on our websites
- Subscribe to our service or publications;
- Request marketing to be sent to you;
- Enter a competition, promotion or survey;
- Give us feedback or contact us; or
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies (as described above), server logs and other similar technologies.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
Technical Data from the following parties:
- analytics providers such as Google based outside the EU;
- advertising and social media networks such as LinkedIn Ireland Unlimited Company based inside the EU and the LinkedIn Corporation based in the USA; and
- search information providers based inside the EU.
Identity and Contact Data from publicly available sources such as Companies House, Land Registry and the Electoral Register based inside the EU.
OUR LEGAL BASIS FOR PROCESSING YOUR DATA
We will only use your personal data when the law allows us to. Most commonly, we will use the following different legal bases for processing your personal:
- Consent, for example when we require your consent for the optional cookies we use;
- Legitimate Interests, which allows us to process personal data when it’s necessary based on legitimate interests which might be our interests, your interests, or those of one of our clients or of the general public. For example, we have a legitimate interest in maintaining the integrity of our IT systems and the continuity of our business.
- Contract. This might be taking steps in order to enter into a contract with you or to carry out any rights and obligations we agree under contract with you, or that you have agreed with a third party that both we and you have a contract with. For example, we might process your data on behalf of one of our clients who you have a contract with.
- Legal compliance. We are subject to various laws and regulations and we may need to process data in order to comply with those laws. For example, we might need to report fraud, or we may need to provide CCTV footage if a crime is committed.
- Vital Interests. Where there is a life or death situation or we feel that someone’s vital interests (such as their health or wellbeing) are at serious risk then we may process data on this basis for the purpose of protecting that person where that person is unable to give consent.
HOW WE STORE YOUR DATA
We will always handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. twentysix is ISO 27001 accredited and more information can be requested from the Company’s Data Protection Officer. This includes technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our applications, supporting computer systems and premises.
KEEPING YOUR DATA UP TO DATE
This is both your responsibility and ours. It helps us to keep your personal data up to date if you:
- Check that any personal data you provide to us is accurate and up to date when you give it to us.
- Tell us if anything changes e.g. a change of address as soon as possible after changing it
- Check that any information we send you is accurate: if we get something wrong, please tell us straight away so that we can correct it.
WHEN DO WE DELETE YOUR DATA?
We will keep your personal data only for as long as is necessary to ensure we can fulfil our business requirements and to comply with our regulatory requirements and will then securely destroy that data in line with our Disposal and Destruction Policy under ISO27001.
If you would like to know how long we will keep a specific piece of data about you, then just contact us.
YOUR DATA PROTECTION RIGHTS
What are your rights?
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing
If we are processing your personal data for our legitimate interests as stated above, you have the right to object to our further processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it. Where you have given consent, you are free to withdraw that consent at any time. Any request you make will not affect the lawfulness of the processing that took place prior to that request.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated.
You are not required to pay any charge for exercising your rights. We have one month to respond to you. If we do not address your request or fail to provide you with a valid reason why we have been unable to do so, you have the right to contact the Information Commissioner’s Office to make a compliant. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
THIRD PARTY PROCESSING
From time to time twentysix may share data collected from you with the following data processors acting under our instructions and for whom we will remain directly responsible to you:
MSQ Partners, based in the United Kingdom, ICO registration number ZA156809, for the purposes of marketing group services.
Force24, based in United Kingdom, ICO registration number Z2563684 for the purposes of marketing group services.
The Data Protection Officer
28 Sovereign Street,
Or, we’d prefer it if you sent us an email, to save paper:
firstname.lastname@example.org or write to ICO, Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF. Tel: 0303 123 1113.