Who we are
Designs On Ltd. (hereafter “DOL”) are committed to protecting and respecting your privacy.
This sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (hereafter “DPA”) and General Data Protection Regulation (hereafter “GDPR”), the data controller is Designs On Ltd. of The Moat, Northampton Road, Weston-on-the-Green, Oxfordshire, OX25 3QL. Tel. no. 01865 742211. Company registration no. 3294745. Our nominated representatives are Richard Rosser and Lorna Waterfield.
DOL operates under the following names and websites:
“Business In Oxford” www.businessinoxford.com
“Oxfordshire Voice” www.oxvoice.co.uk
“In Oxford” www.inoxford.com
“The In Oxford Group” www.theiogroup.net
What personal data we collect, how we collect it and what we do with it
What: Cookies, IP address, operating system, browser type and browsing location (City / Town level only), time spent browsing our websites and which pages / resources were accessed.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Why: System administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
What: Contact information (e-mail address, full name, job title, business name, telephone number).
How: By filling in forms on the websites listed above, such as registering a new user account, subscribing to our newsletters, posting content on our websites, registering to attend events, or using a contact form to get in touch with DOL. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Why: So that we may keep a record of your contact information in case we need to contact you. If you subscribed to a newsletter, this information feeds into our CRM software so that you can receive the newsletters you have chosen. You may unsubscribe from our newsletter service at any time. Survey responses are for research purposes only in order to improve our own services and are not shared with any third parties unless explicitly stated.
What: Correspondence (e-mails, SMS messages, voicemails).
How: If you contacted us via e-mail or SMS, we may keep a record of that correspondence for up to 12 months. Calls are NOT recorded but if you choose to leave us a voicemail we may keep it on file for up to 12 months.
Why: For communication and reference purposes only. Your correspondence with us will not be shared with any third parties.
What: Purchase / order information including invoice address and items purchased.
How: By completing a PayPal or Stripe transaction on any of the websites above, or by placing an order over the phone or by email, your invoicing address and contact information will be requested and your order details stored.
Why: In order to fulfil your order and ensure billing and delivery is successful. If you are an existing customer, we may contact you with information about goods and services provided by DOL similar to those which were the subject of a previous sale to you.
Security of your information and where it is stored
All information you provide to us is stored on secure remote servers as listed below. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your passwords with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
If you upload images to our websites, you should avoid uploading images with embedded location data (EXIF GPS) included as visitors to the website could download and extract any location data from images on the website.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Who we share your data with
We do not disclose personal information about identifiable individuals to any third parties without your explicit written consent, unless we are under a duty to disclose or share your personal data in order to comply with any legal obligation for the purposes of fraud protection or criminal investigation.
We may however provide advertisers with non-identifiable aggregate information about our users (for example, we may inform them that 500 visitors have clicked on their advertisement on any given day).
We may disclose your personal information to any member of our own group, which means our subsidiaries, our ultimate holding company (DOL) and its subsidiaries, as defined above and in section 736 of the UK Companies Act 1985.
How long we retain your data
If you leave a comment on any of our websites, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our websites, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Website administrators can also see and edit that information.
E-mail and SMS correspondence is stored for 12 months.
If you have an account on any of our websites or a written contract with us you can request to receive a file of the personal data we hold about you as listed above, including any data you have provided to us.
You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Data collected in the UK is held in accordance with the Data Protection Act. All reasonable precautions are taken to prevent unauthorised access to this information. This safeguard may require you to provide additional forms of identity should you wish to obtain information about your account details.
B4 is committed to the principles inherent in the GDPR (General Data Protection Regulation) and particularly to the concepts of privacy by design, the right to be forgotten, consent and a risk-based approach. In addition, we aim to ensure:
- transparency with regard to the use of data
- that any processing is lawful, fair, transparent and necessary for a specific purpose
- that data is accurate, kept up to date and removed when no longer necessary
- that data is kept safely and securely.
Our Data Protection Officer (DPO)/appointed data protection person is Lorna Waterfield.
They will support us to promote awareness of the GDPR throughout the organisation and to oversee the organisation’s commitment to best practice. They will inform and advise staff and the organisation and monitor its compliance.
A key requirement of the GDPR is that applicants are informed about the processing of personal data at B4, and this must be formalised in an information notice (‘privacy’ or ‘fair processing’).
Where B4 recruitment campaigns link to other websites, we are not responsible for the privacy practices or the content of those sites.
Collection of Personal Information
Your data will be held securely and in accordance with the Data Protection Act 1998 (DPA), the EU Data Protection Directive 95/46/EC, the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to Processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner.
B4 processes personal data and sensitive personal data (as described in the Data Protection Act 1998 (DPA), the EU Data Protection Directive 95/46/EC, the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),) to support the recruitment process to vacancies that can be found on the B4 website.
Personal data is data that relates to an identifiable living person (‘data subject’).
We are processing this information at your request prior to you potentially entering into a contract of employment.
Special Categories of personal data we may process include:
- Information about your health, including any medical condition, health and sickness records
- Information about criminal convictions and offences
Additional information that is considered sensitive is:
The commission or alleged commission of an offence, or proceedings or sentence relating to offences or alleged offences.
We and any recruitment company we engage may be required to do this by employment law relating to access your capacity to work, to monitor that equality law is being met through the recruitment process and to comply with any safeguarding laws relating to the role you are applying for.
How we collect your personal data
We generally collect data through an employment agency or through our own application process. We may sometimes collect additional information from third parties including former employers.
How we use your personal data?
By using our recruitment process or engaging with a recruitment agency we commission, you agree that we may collect, hold, process and use your information (including personal information) for the purpose of progressing your application and:
- personalising your recruitment experience with us to improve the services provided to you;
- informing you about the latest changes / updates to our recruitment campaigns;
- providing an applicant experience service and support;
- communicating (and personalising such communication) with you;
- conducting market research in terms of understanding your usage of our recruitment campaigns and how our website or that of our third-party providers (if applicable) can improve to assist users; and/or;
- carrying out technical and statistical analysis to measure the performance of our services.
Sharing your information
The data you submit to B4 or our third-party provider as part of your job application may be downloaded and transferred to us or a third party system to complete the recruitment process.
If you apply for a job then we will have access to your application and any other material you submit in support of the application for example, your accompanying CV. B4 or our third party providers may copy and hold some or all of this data locally in their own systems to facilitate their administration of the recruitment exercise.
B4 or our third-party providers, have an obligation to inform you how we are processing your application before you apply, this includes but is not limited to:
- updating information about our campaigns
- withdrawing a campaign or application with an explanation of why
- providing details in the campaign of how we will use Equality and Diversity data and why
- how we will handle any safeguarding concerns
- ensuring that any off-line applications are aware of our privacy notices
We will not sell or share your information for marketing purposes.
We reserve the right to disclose your personal information to comply with applicable laws and government or regulatory bodies’ lawful requests for information.
Job applications and adverts are retained by B4 or third-party providers for up to 6 months after the closing date, depending on the relevant advert’s or recruitment’s closing date, and then deleted. If you need to access an application form and accompanying CV/attachments or an advert and attachments relating to the vacancy, we recommend you make a copy and retain it within 6 months of the advertisement’s closing date as this is the minimum period we will retain the data.
How do we ensure your personal data is secure?
We take your privacy and protection of data very seriously. Consequently, we have put in place appropriate security measures to prevent unauthorised use of your personal data. Details of the measures which are in place can be obtained from Lorna Waterfield. We will notify you and any applicable regulator of any suspected unauthorised use of your personal data.
What rights do you have in respect of how we use your personal data?
Subject to legal limitations you have the right to:
- Request access to your data: You can ask us to provide a copy of the personal data we hold about you.
- Request corrections to be made to your data: If you think that your personal data is incomplete, inaccurate you can ask us to correct it.
- Request erasure of your data: If you consider there is no lawful basis for us to continue processing your data you can ask for that data to be deleted or removed.
- Object to the processing of your data: If our lawful basis for processing your data relates to a legitimate business interest (or third-party interest) you can raise an objection to that interest. You can also object to us using your information for direct marketing purposes.
- Request that processing restrictions be put in place: If you believe that your information is being processed without a lawful reason or that the information is incorrect you can request that a freeze/restricting is placed on the processing of the information until your concerns are addressed.
- Request a transfer of your personal data: You can ask us to transfer your personal data to a third party.
If you wish to exercise any of the above rights, please contact Lorna Waterfield on email@example.com
Will I have to pay a fee?
You will not be expected to pay a fee to obtain your personal data, using our SAR (Subject Access Request) process, unless we consider that your request for access to data is unfounded or excessive. In these circumstances we may charge you a reasonable fee or refuse to comply with your request.
Right to withdraw your consent
If we have asked for your written consent to obtain information, you have the right to withdraw your consent at any time. To withdraw your consent please contact Lorna Waterfield on firstname.lastname@example.org. Once we receive your notice of withdrawal we will cease processing your data unless we have any other lawful basis on which to continue processing that data.
Important information about this privacy notice
We reserve the right to amend or update this privacy notice at any time. We will provide you with a new notice when we make any updates.
Our data protection policy is available on request from Lorna Waterfield on email@example.com and a copy has been made available to all staff and to contractors and suppliers associated with this organisation. It forms part of the induction training of all new staff and follow-up sessions will be put in place if the legislation changes or further guidance is available.
We aim to ensure that our information pertaining to GDPR compliance is concise, transparent, intelligible and easily accessible, should there be any concern that this is not the case, individuals should contact our Data Protection Officer (DPO)/appointed data protection person is Lorna Waterfield – firstname.lastname@example.org
How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our Data protection Officer on Lorna Waterfield on email@example.com
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
Produced May 2018
Reviewed October 2019