Data we collect and how we collect it
At Hectic People we collect data directly from individuals and we never purchase or acquire data outside of the public domain. We collect, process and store data of employees, prospective employees, supported clients, prospective supported clients and 3rd party suppliers.
We never collect sensitive or special category data other than to satisfy additional laws outside of data protection such as employment law or when you give it to us directly.
Here is a useful table:
Data | Supported Client | Prospective Supported Client | 3rd Party Suppliers |
Name | ✔️ | ✔️ | ✔️ |
Address | ✔️ | ✔️ | ✔️ |
✔️ | ✔️ | ✔️ | |
Phone number | ✔️ | ✔️ | ✔️ |
IP Address* | ✔️ |
Data we collect for employment purposes for Hectic People can be found within our employee contracts and full data protection policy. Data that we collect for employment purposes for a supported client or prospective supported client includes special category data listed above and information that you might include in a CV or covering letter.
Supported client = a client who Hectic People works with directly and has a contract for services with
Prospective supported brand = a client who could benefit from Hectic People’s services but who does not currently have a contract with Hectic People
3rd Parties = suppliers of goods or services to Hectic People
Employee = someone who works for Hectic People
Prospective employee = someone who has applied for or has been approached directly by Hectic People for a vacant job role or a role within one of our supported clients
Your Privacy Choices and Rights
Your choices
You can choose not to provide us with personal data. If you choose to do this, you can continue to use the Hectic People website and browse its pages, but we will not be able to continue a relationship without personal data.
You can block cookies by activating a setting on our cookie banner allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the Hectic People website and browse its pages.
You can opt out from marketing by clicking the unsubscribe option in any of our marketing communications.
Your rights
You can exercise your rights by sending us an email at hr@hectic-people.com
You have the right to access information we hold about you. This includes the right to ask us supplementary information about:
- the categories of data we’re processing
- the purposes of data processing
- the categories of third parties to whom the data may be disclosed
- how long the data will be stored (or the criteria used to determine that period)
- your other rights regarding our use of your data
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
You have the right to make us correct any inaccurate personal data about you.
You can object to us using your data for profiling you or making automated decisions about you
We will use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails or social media advertising to you based on your behaviour).
You have the right to port your data to another service. We will give you a copy of your data in CSV format so that you can provide it to another service.
If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
You have the right to be ‘forgotten’ by us. You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your use of Hectic People or any other law.
You have the right to lodge a complaint regarding our use of your data, please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.
These rights apply to all of the data categories listed in the ‘Data we collect and how we collect it’ section.
Security
We do everything we can to ensure the security of your data and work to the standards of well recognised cyber security and information security standards.
In today’s data driven and connected world the security of your data is more important than ever. We recognise this and have implemented the following security controls:
All passwords to platforms or systems containing personal data are generated via a password vault. Access to the vault is only permitted via multi factor authentication.
Access to any platform or system containing data is only granted to those who absolutely require it.
We deploy mobile device management to every single device that accesses any Hectic People system and we can remotely wipe that device at any time. All devices are regularly scanned for viruses and malware and patches are remotely deployed to applications regularly.
All staff are bound by confidentiality and will never disclose or share your data unless authorised to do so.
Hectic People’s data protection role
Hectic People is not currently a subprocessor of any 3rd party data and we process all data as either a controller, joint controller or processor.
Where is your data stored?
Like most companies Hectic People utilises 3rd parties to provide services to our brands and their consumers and to store data. A list of the 3rd parties who process personal data is listed below.
These 3rd parties will be based in the UK, EEA and in some cases outside of the both the UK and EEA.
Hectic People conducts thorough reviews of all of its 3rd parties, including data protection agreements, where possible to ensure that every possible safeguard is in place and that the data is secure. Should there be a possibility that data could be exposed to a high level of risk a Data Protection Impact Assessment will be completed and will be available upon request.
3rd parties
Hectic People works with a number of 3rd parties to offer our services, most of which do not process personal data in any way, below is a list of those who have access to or process personal data and a brief description of what they do.
3rd Party | Brief Description |
Hectic Numbers | Hectic People’s sister company who provide accounting services |
Hectic Europe | Hectic People’s sister company who provide operational support |
Google Analytics | Analytics based on your use of the Hectic People website |
Recruit CRM | CRM database tool |
Mail Chimp | The platform we send our marketing emails from |
WordPress | The platform our website is built upon |
Supported clients | Clients that we act on behalf of to provide recruitment for |
How long is your data stored?
Once per year we perform a full cleanse of data to ensure that we are only processing the data of those individuals who have an ongoing and active relationship with Hectic People.
As part of our Record of Processing Activities we have defined the length of time we store all of our data, should your data be due for deletion it will be erased during the yearly data cleanse.
To understand data retention in relation to your data please feel free to contact us at hr@hectic-people.com
Cookies
This site uses cookies, please see the cookie banner deployed on this website for more information.
You can update your cookie preferences via our cookie banner.
Breaches
Should a breach of your data occur that is likely to result in the harm to the rights and freedoms on an individual or group of individuals Hectic People will notify those involved within 72 hours along with the ICO, where applicable.
Additional information
Hectic People has not appointed a statutory Data Protection Officer as we are not required to by law, however, one of our founders is a Data Protection expert.
Hectic People maintains and updates a Record of Processing Activities (ROPA) in which we list the lawful basis for processing all of our data. Wherever Legitimate Interests is relied upon Hectic People has conducted an impact assessment which is available upon demand to those who’s data is included.
From January 1st 2021 the UK will no longer be part of the European Economic Area (EEA). As Hectic People does not trade in the EU we have not appointed an EU Representative to comply with Article 27 of the GDPR.
Bye for now
Still with us? Wow! Well done for reading this notice all the way through. We totally get that privacy and security can be confusing and often notices like this are full of jargon that is hard to understand.
If you would like to speak to a human in regard to your data please feel free to email us at hr@hectic-people.com and we will be happy to talk further.