Privacy Policy | Growthlabs

Purpose
Growthlabs Consultants Ltd (Company Registration Number 10528988) is committed to protecting the privacy of your data, being transparent about how we collect and use personal data, and meeting our data protection obligations as outlined in the Data Protection Act 2018, UK GDPR, and EU GDPR. This privacy policy explains what information we may collect about you, how we may use it, and the steps we take to ensure that it is kept secure. This policy also explains your rights in respect of your personal data. This policy applies to all clients, suppliers and job applicants.

Our website may contain links to third-party websites. We are only responsible for the privacy and security of our own digital platforms. We recommend that you check the privacy and security policies, and procedures, of any website you visit.

About Us

This privacy policy applies to any personal information which you give to us (“personal data”) via the Growthlabs website located at www.growth-labs.co.uk, and via phone, mail, email, in person, and any other channel in which personal data is provided to us by you. Growthlabs Consultants Ltd (“we”, “us”, “Growthlabs”) takes the privacy of all its customers and website users (“you”) seriously and takes care with customer and user personal data.
What information do we collect?
When using the site, you may use our services, including, but not limited to, webforms and live chat, where you may be asked to enter personal data such as your name, address, e-mail address and telephone number.

We also collect the following data:

•IP Address
• Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement
• Geolocation data

When applying to a position at Growthlabs, we may collect data including, but not limited to:

•Your name, address and contact details, including email address and telephone number
• Details of your qualifications, skills, experience and employment history
• Information about your current level of remuneration, including benefit entitlements
• Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process
• Information about your entitlement to work in the UK
• Equal opportunities for monitoring information

We may collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, and information from criminal records checks. We will inform you we are doing so.

Your personal data will be stored in CRM systems, HR management systems and other IT systems (including email and DataScope).

How we use the information you provide

We will use any personal data relating to you in accordance with current Data Protection legislation. We will use your personal data in order to provide our services and products to you. This may involve us sending you information about us, including, but not limited to, promotional and/or marketing material about our products, services and offerings.

We may also create an individual profile for you so that we can inform you of services, products, or other information that may be of interest to you.

We may use your personal data to analyse customer/user behaviour and characteristics in order to measure interest in, and use of, the various areas of the site with a view to improving and/or altering the site.

We may provide only aggregated (and therefore anonymous) data to third parties for this purpose (if applicable). In order to assist us in processing your personal data, we may engage with third party companies who provide us with services that can assist us in doing so. Where your data is processed in this manner, we will provide additional Data Protection notices accordingly.

We have a legitimate interest in processing personal data during any recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to, and defend, against legal claims.

Where we processes special categories of data, such as gender, ethnic origin, sexual orientation, health, religion or belief, this is done for the purposes of equal opportunities monitoring with the explicit consent of job applicants, which can be withdrawn at any time.

If your application is unsuccessful, we will keep your personal data on file in case there are future employment opportunities for which you may be suited. You are free to withdraw your consent to us retaining your data at any time.

Who we share your information with

We may provide personal data to the following third parties:

• Service Providers: Third-party organisations that assist us in providing services to clients or are otherwise involved in delivering these services.

• IT Service Providers: Third parties that provide IT services, data processing, or functionality, including email, and cloud storage solutions.

• Auditors and Advisers: Professional advisers and auditors, as required by law or in the management and operation of our business.

• Legal Authorities: Where required to comply with legal obligations, such as law enforcement requests or other statutory requirements.

• Jobseekers: your personal data will be shared internally only for the purposes of a recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, and IT staff, if access to the data is necessary for the performance of their roles.

We will not share your data with third parties unless your employment application is successful and we make you an offer of employment. We may then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks, and the Disclosure and Barring Service to obtain necessary criminal records checks, if applicable.

International Data Transfers
Some external third parties may be located outside the European Economic Area (EEA) or the United Kingdom, which means their processing of personal data may involve a transfer of data to countries with potentially lower levels of data protection.

Where such transfers occur, we will ensure that:
• Appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other mechanisms recognised under the UK GDPR and EU GDPR, are in place to protect personal data.
• Any transfer is conducted in compliance with applicable data protection laws and follows best practices to maintain the security and confidentiality of personal data.

We do not share personal data with third parties unless:
•Required by law.
• Necessary to perform our contractual obligations.
• You have provided explicit consent.

By implementing these measures, we ensure that personal data is handled securely, transparently, and in full compliance with Data Protection regulations.

Your Rights
Under the General Data Protection Regulation (UK GDPR) and the European Data Protection Regulation (GPPR), you have a number of ‘rights’ to ensure that your personal information is being managed appropriately. For example, you have the right to prevent marketing information being sent directly to you. If you prefer not to receive marketing information from us (or any other organisation to which we may disclose your personal data), you can opt out of further marketing by emailing us at hello@growth-labs.co.uk or by writing to us at Growthlabs, Finzels Reach, Counterslip, Bristol, BS1 6BX.

Under both the UK GDPR and EU GDPR, you have several rights concerning your personal data, specifically:
• To be informed (how we use your data).
• Of access (to your information).
•To rectification (of any errors on the information we hold on you)
•To erasure (of information we hold)
•To restrict processing (of the information we hold to a specific purpose)
• To object (to the ongoing processing of information)
•To data portability (obtain your personal data in a machine-readable format)
• To lodge a complaint (make a complaint to the ICO and/or National Data Protection Regulator)
• To withdraw consent (withdraw consent to the processing of your data)
• To be aware of any processing where automated decision-making and profiling (using your information) takes place.

Automated decision making
We do not use automated decision-making.

How long we retain your personal data

The personal information you provide to us will be kept for 3 years and only for as long as necessary to fulfill the purposes for which the information was collected or as required by law.

How do we protect your data?

We take the security of personal data very seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, loss, or misuse, in line with the Data Protection Act 2018, the EU GDPR, and the UK GDPR.

Access to personal data is restricted to employees, third-party clients, or suppliers who have a legitimate business need to know. These parties will only process personal data in accordance with our instructions and are bound by confidentiality obligations.

In the event of a suspected data security breach, we have established procedures to identify, manage, and mitigate risks. Where required by the UK GDPR, the EU GDPR, or the Data Protection Act 2018, we will notify you and any relevant regulatory authorities, such as the Information Commissioner’s Office (ICO), without undue delay and within the timeframe set by law.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide this information, we may not be able to process your application properly, or at all.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences if you choose not to provide such information.

How to contact us or make a complaint

If you have any questions about this Privacy Policy or would like to make a complaint about how your personal data is handled you should, in the first instance, contact us at hello@growth-labs.co.uk or alternatively write to our Data Protection Officer, Jordan Bridge, at Growthlabs, Finzels Reach, Counterslip, Bristol, BS1 6BX.

You also have the right to complain to The Information Commissioner’s Office (UK) at www.ico.org.uk or your National Data Protection Regulator (EU) about our data processing activities.

Monitoring and Review
This policy will be reviewed annually.