Privacy Policy

This Privacy Policy describes how Workspace 1 collects, processes and retains the personal data of its Clients, Suppliers, Colleagues and Employees.

Workspace 1 is committed to protecting and respecting your privacy. Under the GDPR, Workspace 1 is the “Controller” and has obligations, responsibilities and liabilities associated with managing your personal data.

ABOUT US

Workspace 1 Productions Ltd, Phoenix Square, 4 Midland Street, Leicester LE1 1TG, United Kingdom.

Company No. 07505228

ICO Registration Reference: ZA283705

Email: hello@workspace1.co.uk

Telephone: (+44) 0116 242 2888

1. HOW AND WHY WE COLLECT YOUR PERSONAL DATA
2. WHAT PERSONAL DATA WE HOLD
3. HOW WE USE YOUR PERSONAL DATA
4. HOW LONG AND WHERE WE RETAIN YOUR PERSONAL DATA
5. WHICH SERVICE PROVIDERS WE USE
6. HOW WE ENSURE THAT YOUR PERSONAL DATA IS STORED SECURELY
7. YOUR RIGHTS AS A DATA SUBJECT
8. TRANSFERRING PERSONAL DATA OUTSIDE THE EU
9. AMENDING THIS PRIVACY POLICY

1. HOW AND WHY WE COLLECT YOUR PERSONAL DATA

Client & Suppliers
• You or your colleague provides it to us because we are engaged in business activities together.

Colleagues
• You provide it to us through professional networking events or activities and have stated that you wish to be contacted in relation to future events or activities.

Employees & Candidates
• You provide it to us because you are employed by Workspace 1 or wish to be considered for employment.

2. WHAT PERSONAL DATA WE HOLD

Clients, Suppliers & Colleagues
• Identification data (name)
• Contact data (work address, work phone number, work email address)
• Employment data (position within your company)
• Communications data (emails, messages sent to us)

Employees & Candidates
• Identification data (name, date of birth, picture)
• Contact data (as listed on your CV: home address, personal email address, mobile phone number, next of kin)
• Employment data (E.g. previous employment records, date of employment with Workspace 1, appraisals)
• Financial data (E.g. salary, taxation, pension, benefits)
• Communications data (emails, messages sent to us)

3. HOW WE USE YOUR PERSONAL DATA

Clients & Suppliers
• To maintain communication with you during our business engagement.
• To keep appropriate records associated with that engagement.

Colleagues
• To inform you of future networking events or activities (only in the case that you have opted in to receiving communication from us).

Employees
• To keep appropriate records associated with your employment including HR management and payroll.
• To contact you or next of kin in case of an emergency.

Candidates
• To evaluate your suitability for employment with Workspace 1 (skills and experience as stated on your CV).

4. HOW LONG AND WHERE WE RETAIN YOUR PERSONAL DATA

Clients & Suppliers
• We retain project records and associated client and supplier information including correspondence, in secure archives.
• We also use carefully vetted service providers and studio management software (details in section 5).
• In accordance with UK accounting and taxation laws, these records are kept for at least five years after the January 31 submission deadline for the previous tax year.

Colleagues
• We retain name and contact information (with a copy of the consent to retain) in a secure archive for up to 1 year. After this time, it is deleted.
• We also use some third-party software to retain your information (details in section 5).
• We do not retain any data that we have not obtained consent to retain.

Employees
• We retain employee data, in secure archives.
• We also use carefully vetted service providers and HR software to manage records (details in section 5).
• In accordance with UK employment and taxation laws, these records are kept for at least five years.

Candidates
• We retain CVs (with a copy of the consent to retain) in a secure archive for up to 1 year, after which time, they are deleted. If we have not obtained consent to retain, CVs are deleted.

5. WHICH SERVICE PROVIDERS WE USE

We use carefully selected service providers (data processors) in processing and retaining Workspace 1 data, some of which may include your personal data.We research and document each service provider’s own compliance with the GDPR. We ensure that they are fully aware of their obligations, responsibilities and liabilities. The service provider list is available on request (please refer to the Contact Section 10 for details about how to reach us).

6. HOW WE ENSURE THAT YOUR PERSONAL DATA IS STORED SECURELY

Workspace 1 takes a “privacy by design” approach to data management. Our Information Security Policy comprises technical and organisational security measures to protect our data from loss, damage, theft or compromise. These security measures include:

Physical Operational Practices
• Key fobs are required to access our building, floor and office.
• Key fob issue is limited and a register of key holders is maintained at all times.
• The office is locked and alarmed when unattended.
• Physical paper records, equipment and archives are stored within locked cabinets.
• Paper records are shredded when no longer required.

Digital Operational Practices
• All hardware, software, removable media and equipment is documented in an asset list.
• The asset list is regularly reviewed and updated.
• Removable media (eg hard drives; USB) is password protected and its access is restricted to authorised staff only.
• All software is regularly updated with the latest security patches.
• Workspace 1 has a timed, back-up, archive and deletion procedure.
• Back-ups and archives are kept in secure offsite and onsite locations with redundancy.
• Data restoration is checked regularly to check its technical integrity.
• User accounts are assigned to provide the limited access to information.
• Each user is assigned their own username and password.
• Passwords are supplied to the user securely and stored using an encrypted tool.
• Passwords are required to be complex in nature, changed a maximum of every 4 months and not written down.
• Passwords are disabled when staff or contractors conclude their employment.
• Hardware or software is assigned to staff or contractors is returned when their employment concludes.
• Anti-malware and boundary firewalls are in place to prevent malware infections and data breaches.
• Antivirus software is kept up-to-date and computers are regularly scanned to detect potential threats.

Security Training
• Workspace 1 carries out regular information security training for all of staff (including contracted and temporary employees)
• Training is designed to ensure that all staff are educated about common threats; and can fulfil their security responsibilities.

Monitoring & Incident Management
• An Information Security Lead has been appointed to monitor and implement the security policy on a day to day basis.
• Workspace 1 logs and monitors user and system activity to in order to identify, report, manage, and resolve any personal data breaches.
• In the event of a breach, the Information Security Lead is informed and will effectively investigate the cause of a breach and take measures to reduce future risks.
• The ICO and affected individuals are also informed where necessary.
• Workspace 1 is registered with the ICO, Registration reference: ZA283705

7. YOUR RIGHTS AS A DATA SUBJECT

As a data subject you have the following rights:

Right to be informed including privacy policy: Individuals know that we are collecting their data, why we are processing it and who we are sharing it with. This privacy information is published on our website and within all forms or letters we send to individuals

Right of access: Individuals may request access to their personal data

Right to rectification and data equality: The business ensures that the personal data remains accurate and up to date

Right to erasure including retention and disposal: Individuals may request secure disposal of personal data

Right to restrict processing: Individuals may request restricted processing of their personal data

Right to data portability: Individuals may transfer their personal data from one IT environment to another in a safe and secure way.

Right to object: Individuals may object to the processing of their personal data.

Should you believe that your rights have been violated, you have the right to lodge a complaint with the data protection authority or the court. In order to exercise your rights, please contact us at the contact details below.

8. TRANSFERRING PERSONAL DATA OUTSIDE THE EU

If you are located in the EU, please note that we or our data processors may transfer and store your personal data outside the EU, E.g. the US.

We only do this where we have a lawful basis to do so, including to a recipient who is in a country which provides an adequate level of protection for personal data; or to a recipient under an instrument which covers the EU requirements for transfer of personal data outside the EU. For example, in the US, if the recipient company is certified under the Privacy Shield.

9. AMENDING THIS PRIVACY POLICY

Should our personal data processing practices change, or should there be a need to amend the Privacy Policy under the applicable data protection regulations, other applicable legal acts, case-law or guidelines issued by competent authorities, we are entitled to unilaterally amend this Privacy Policy at any time. In such case, we will notify you by email reasonably prior to the amendments entering into force.

10. CONTACT

In case you have any question regarding the processing of your personal data by us or you would like to exercise your rights as a data subject, please contact us by email: hello@workspace1.co.uk