Word360 Website Privacy Notice January 2023

Word360 Limited (“we”, “us” or “our”) is committed to protecting and respecting your privacy.

This Policy (together with our Terms and Conditions, Terms of Use, our Cookie Policy and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, on www.word360.co.uk, www.wordskii.com, www.ardathtech.com (our “Website”) will be processed by us.

“Personal data” (or personal information), means any information about an individual from which that person can be identified, either just from that information alone, or together with other information we hold.

We will be the data controller of your personal data which you provide to us or which is collected by us via our Website. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Privacy Policy (“Policy”). It is important that you read this Policy so that you are aware of how and why we are using such information and how we will treat it.

1. Why have a privacy policy?

Information that identifies or can be used to identify a living individual is known as “personal data”. All organisations processing personal data must do so fairly, lawfully and in accordance with applicable data protection laws. This includes the obligation for us to tell you how we will use your personal data. We treat all of our legal obligations seriously and take all steps necessary to ensure compliance when storing and processing your personal data

2. Website(s) Privacy Policy

2.1 Why do we collect personal data about you?

The Company will collect personal data about you in order to meet its obligations to provide a service, respond to an enquiry or fulfil a Client request. If you do not provide this information we will not be able to provide you with the information or respond to your enquiry.

“Personal data” (or personal information), means any information about an individual from which that person can be identified, either just from that information alone, or together with other information we hold.

2.2 What personal data do we collect about you and how?

We may collect the following information about you:

your contact details such as your name, company, job title, telephone number, email address and address.

We collect your personal data in a number of different ways, including the following:

if you interact with us via our Website, for example by filling in forms, or if you communicate with us by email, we will collect the personal data that you provide to us;

if you order any of our services, including if you create an account with us;

if you make payments or modify your account details;when you visit our websites (for example by cookies, your IP address and other browser- generated information). More information is provided in our Cookie Policy.


2.3 How do we use your personal data?

We will use this personal data for the purpose of: (i) providing you with any information or services which you request from us; (ii) dealing with your enquiry; or (iii) taking credit card payment services through our web portals.

In most cases, the provision of your personal data is voluntary. However, if you request information from us or make an enquiry, we will not be able to provide you with that information or to respond to your enquiry, without obtaining some basic information from you, such as your name and contact details. If you do not provide this information we will not be able to provide you with the information or respond to your enquiry.

If you order services from us via our Website, you will first be required to create an account, which will require you to provide your name and email address. We will not be able to provide you with our services without this information.

If you have provided any feedback to us, then we may use this feedback to improve our Website(s) and/or the services we provide.

It is in our legitimate interests to process your personal data in this way, as it is necessary to respond to your request or enquiry, to provide you with our services and to help improve our Website(s) and our services.

We may also use your personal data to provide you with information about our services which we think may be of interest to you. Unless it is our legitimate interests to use your personal data to provide you with this information, we will obtain your consent to do so.

You can request us to stop using your personal data for marketing purposes at any time, by contacting us using the details at the end of this Privacy Policy.

We will not carry out any solely automated decision-making using your personal data.

2.4 Who is your personal data shared with?

We will disclose this information to selected third parties who we have engaged to assist us with the provision of our Website(s) (s) and our services, including:

Our third party mail services HubSpot and MailChimp send promotional emails for us. Our integrated marketing platform Hubspot. Details regarding Hubspot’s privacy policy can be found below;

https://legal.hubspot.com/privacy-policy

Our analytics and search engine providers that assist us with the improvement and optimisation of our Website.

We will also share your data with the third parties set out below:

any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (set out in Appendix A.);

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or Terms of Use;

in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer; or

if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.

We will enter into agreements with such third parties to ensure that they respect the security of your data and use it only in accordance with data protection laws.


2.5 Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

2.6 Storage of your personal data

We will only keep your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this Policy, and for as long as we are required to keep it for legal purposes and legitimate business interests.

2.7 Safeguarding your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, such as ISO27001 (2013) Information Security Management System and the Cyber Essentials Plus scheme. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We require these third parties to treat your personal data in accordance with data protection laws law and to keep it confidential. We do not allow our third-party service providers to use your personal data for their own purposes.

We only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details can be found in the Company’s Information Security Policy, Information Security Coordination, User Access Management policy, and Secure Development Policy.

2.8 Your Rights

Data protection laws provide you with the following rights, to:

request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;

request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);

request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and

request a copy of your personal data which you have provided to us in a structured, commonly used and machine-readable format or request us to transfer it to another controller.


You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Our Website(s) may, from time to time, contain links to and from other websites, which will have their own privacy policies for which we do not accept any responsibility or liability. Please check these policies before you submit any personal data to these websites.

3. Client Privacy Policy

3.1 Why do we collect personal data about you?

As part of our Client engagement process, the Company will collect and process personal data relating to the Client’s request. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

“Personal data” (or personal information), means any information about an individual from which that person can be identified, either just from that information alone, or together with other information we hold.

3.2 What personal data do we collect about you and how?

As part of our Client engagement process, the Company will collect a range of information about you. This could include:

your name, address and contact details, including email address and telephone number;

details of your role, job title, position in the Client organisation.

Personal data may be sourced through information you have posted on the Client’s website(s) or social media sites such as LinkedIn.

Data will be stored in a range of different places, including on the Company’s Client relationship management systems and on other IT systems (including email).

3.3 How do we use your personal data?

We will use this personal data for the purpose of: (i) providing you with any information or services which you request from us; (ii) dealing with your enquiry; or (iii) taking credit card payment services through our web portals.



In most cases, the provision of your personal data is voluntary. However, if you request information from us or make an enquiry, we will not be able to provide you with that information or to respond to your enquiry, without obtaining some basic information from you, such as your name and contact details. If you do not provide this information we will not be able to provide you with the information or respond to your enquiry.


If you order services from us via our Website(s), you will first be required to create an account, which will require you to provide your name and email address. We will not be able to provide you with our services without this information.

If you have provided any feedback to us, then we may use this feedback to improve our Website(s) and/or the services we provide.

It is in our legitimate interests to process your personal data in this way, as it is necessary to respond to your request or enquiry, to provide you with our services and to help improve our Website and our services.

We may also use your personal data to provide you with information about our services which we think may be of interest to you. Unless it is our legitimate interests to use your personal data to provide you with this information, we will obtain your consent to do so.

You can request that we stop using your personal data for marketing purposes at any time, by contacting us using the details at the end of this Privacy Policy.

3.4 Who is your personal data shared with?

Your information may be shared internally for the purposes of a Client engagement exercise. This includes members of the Sales and Marketing team:

any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (set out in Appendix A.);

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or Terms of Use;

in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer; or

if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.

our auditors who ensure we maintain our ISO standards.

We will share your personal data with other entities in our group as part of our regular reporting activities on Company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

3.5 Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

3.6 Storage of your personal data

We will only keep your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this Policy, and for as long as we are required to keep it for legal purposes and legitimate business interests.

3.7 Safeguarding your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, such as ISO27001 (2013) Information Security Management System and the Cyber Essentials Plus scheme. Although we will do our best to protect your


personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We require these third parties to treat your personal data in accordance with data protection laws law and to keep it confidential. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details can be found in the Company’s Information Security Policy, Information Security Coordination, User Access Management policy, and Secure Development Policy.

3.8 Your Rights

Data protection laws provide you with the following rights, to:

request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;

request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);

request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and

request a copy of your personal data which you have provided to us in a structured, commonly used and machine-readable format or request us to transfer it to another controller.

You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Our Website(s) may, from time to time, contain links to and from other websites, which will have their own privacy policies for which we do not accept any responsibility or liability. Please check these policies before you submit any personal data to these websites.

4. Job Applicants

(This paragraph does not apply to Linguists, please refer to paragraph 5)


4.1 Why do we collect personal data about you?

The Company will collect personal data about you in order to progress the Recruitment process.

“Personal data” (or personal information), means any information about an individual from which that person can be identified, either just from that information alone, or together with other information we hold.

4.2 What personal data do we collect about you and how?

As part of our recruitment process, the Company will collect and process personal data relating to job applicants. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

As part of our recruitment process the Company will collect a range of information about you. This includes:

your name, address and contact details, including email address and telephone number;

details of your qualifications, skills, experience and employment history;

information about your current level of remuneration, including benefit entitlements;

whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process; and

information to verify your identification and entitlement to work in the UK.

The Company may collect this information in a variety of ways. For example, data might be contained in application forms, CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

If you are offered employment following the recruitment process, we will require further personal data from you, details of which are contained in our Employee Data Privacy Notice.

Personal data may be sourced through information you have posted on job boards or social media sites such as LinkedIn where you have stated that you currently seeking employment.

The Company may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. The Company will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.

4.3 How do we use your personal data?

The Company needs to process data to take steps at your request prior to entering into a contract with you. It may also need to process your data to enter into a contract with you.

In some cases, the Company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.

The Company has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the Company to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. The Company may also need to process data from job applicants to respond to and defend against legal claims.


The Company may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. It may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. The Company processes such information to carry out its obligations and exercise specific rights in relation to employment.

For some roles, the Company is obliged to seek information about criminal convictions and offences. Where the Company seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.

If your application is unsuccessful, the Company may keep your personal data on file in case there are future employment opportunities for which you may be suited. The Company will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.

4.4 Who is your personal data shared with?

Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with the vacancy and IT staff if access to the data is necessary for the performance of their roles.

We will also share your data with the third parties set out below:

any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (set out in Appendix A.);

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or Terms of Use;

in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer; or

if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.

our auditors who ensure we maintain our ISO standards.

We will share your personal data with other entities in our group as part of our regular reporting activities on Company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

The Company will not share your data with any other third parties, unless your application for employment is successful and it makes you an offer of employment. The Company will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks. These are in addition to the other organisations as set out in our Employee Privacy Notice.

In addition, should you require any reasonable adjustments to your role it may be necessary to contact an external provider for supporting in understanding your condition and obtaining any specialist equipment. No third party will be contacted without your consent. Third parties may include Occupational Heath, Access to Work etc.

The Company will not transfer your data outside the European Economic Area.

4.5 Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is


compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4.6 Storage of your personal data

If your application for employment is unsuccessful, the Company will hold your data on file for 3 months after the end of the relevant recruitment process. If you agree to allow the Company to keep your personal data on file, the Company will hold your data on file for a further 3 months for consideration for future employment opportunities. At the end of that period, or if you withdraw your consent prior to that date, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

4.7 Safeguarding your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, such as ISO27001 (2013) Information Security Management System and the Cyber Essentials Plus scheme. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We require these third parties to treat your personal data in accordance with data protection laws law and to keep it confidential. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details can be found in the Company’s Information Security Policy, Information Security Coordination, User Access Management policy, and Secure Development Policy.

4.8 Your Rights

As a data subject, you have a number of rights. You can:

request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us


to establish its accuracy or the reason for processing it.

request the transfer of your personal data to another party.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.

4.9 What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the Company during the recruitment process. However, if you do not provide the information, the Company may not be able to process your application properly or at all.

4.10 Automated decision-making

Recruitment processes are not based solely on automated decision-making.

5. Freelance Linguists

(This does not apply to employees of Word360)

5.1 Why do we collect personal data about you?

The Company will collect personal data about you in order to progress the Linguist engagement process.

“Personal data” (or personal information), means any information about an individual from which that person can be identified, either just from that information alone, or together with other information we hold.

5.2 What personal data do we collect about you and how?

As part of our linguist engagement process, the Company will collect and process personal data where it is necessary. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

As part of our linguist engagement process the Company will collect a range of information about you. This could include (and is not limited to):

your name, address and contact details, including email address and telephone number;

details of your qualifications, rates of pay, specialisms, languages, gender, university graduation dates, experience and employment history;

information to verify your identity and entitlement to work in the country of residence;

your photograph so that we can provide you with an ID pack.

The Company may collect this information in a variety of ways. For example, data might be contained in application forms, CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

Personal data may be sourced through information you have posted on job boards or social media sites such as LinkedIn where you have stated that you are currently available for work.

The Company may also collect personal data about you from third parties, in order that


background checks can be undertaken. Background checks (such as copies of DBS checks), identity verification information (such as copies of a passport and passport number, expiration date and country of residence, driving licence or identity card), proof of address and references. The background and identify verification checks we carry out (unless subject to specific Client requirements, as explained below), may entail the Baseline Personnel Security Standard (BPSS) checks (see https://www.gov.uk/government/publications/government-baseline-personnel-security-standard for more details). The Company carries out these checks as it works regularly with government bodies who require them to be carried out and it is contractually obliged to do so.

5.3 How do we use your personal data?

The Company will collect and process your personal data where it is necessary:

to allow us to enter into and/or perform our terms of engagement with you;

to pursue legitimate interests of our own, or of third parties, such as our Clients, provided your interests and fundamental rights do not override those interests;

to fulfil our legal obligations; and/or

with your consent.

We need this information in order to engage you as a Linguist and without it we will not be able to add you to our list of approved Linguists. In some cases we may also carry out (where required by our Clients or otherwise necessary) enhanced security clearance checks which we will use to assess your suitability before engaging you as a Linguist and to engage you to carry out work assignments for our Clients. If such checks are required, we will inform you that we intend to carry out these checks on you. If you do not meet the requirement of the enhanced security clearance checks, then you may not be able to be engaged as a Linguist for certain Clients, but this will not affect your suitability for any potential future engagements with other Clients.

5.4 Who is your personal data shared with?

Your information may be shared internally for the purposes of the engagement exercise.

We will also share your data with the third parties set out below:

any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (set out in Appendix A.);

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or Terms of Use;

a training company which we consider may be able to assist you in obtaining a qualification and/or to provide you with courses which we consider may be of interest to you;

in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer; or

if we or substantially all of our assets are acquired by a third party, in which case personal/data held by us will be one of the transferred assets.

our auditors who ensure we maintain our ISO standards.

our clients or prospective clients.

We will share your personal data with other entities in our group as part of our regular reporting activities on Company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

The Company will not share your data with any other third parties, unless your application is


successful. The Company will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks. These are in addition to the other organisations as set out in our Service Agreements. The Company will not transfer your data outside the European Economic Area.

5.5 Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

5.6 Storage of your personal data

If your application to become a freelance Linguist is unsuccessful, the Company will hold your data on file for 3 months from the relevant engagement process. If you agree to allow the Company to keep your personal data on file, the Company will hold your data on file for a further period for consideration for future engagement opportunities. At the end of that period, or if you withdraw your consent prior to that date, your data is deleted or destroyed.

If your application to become a freelance Linguist is successful, personal data gathered during the engagement process will be transferred to your file and retained during your time as an authorised Linguist.

We will retain your data for so long as your agreement with us remains in force. At the end of that period, your data will be deleted or destroyed.

Data will be stored in a range of different places, including on your application record, in Linguist management systems and on other IT systems (including email).

5.7 Safeguarding your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, such as ISO27001 (2013) Information Security Management System and the Cyber Essentials Plus scheme. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We require these third parties to treat your personal data in accordance with data protection laws law and to keep it confidential. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details can be found in the Company’s Information Security Policy, Information Security Coordination, User Access Management policy, and Secure Development Policy.

5.8 Your Rights

As a data subject, you have a number of rights. You can:


Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal data to another party.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.

5.9 What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the Company during the engagement process. However, if you do not provide the information, the Company may not be able to process your application properly or at all.

6. Agencies

6.1 Why do we collect personal data about you?

The Company will collect personal data about you or those providing services on your behalf in order to progress with the Agency engagement process.

Unless expressly stated otherwise elsewhere in this policy, “you” or “your” includes your employees, agents and sub-contractors and, in the case of a company, your directors, shareholders, officers, employees, managers, members, partners, principals and associated or affiliated companies; if you are not a company then your individuals or entities in similar positions.

“Personal data” (or personal information), means any information about an individual from which that person can be identified, either just from that information alone, or together with other information we hold.

6.2 What personal data do we collect about you and how?

As part of our Agency engagement process, the Company will collect and process personal data where it is necessary. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

As part of our Agency engagement process the Company will collect a range of information about you. This could include (and is not limited to):

your name, address and contact details, including email address and telephone number;

details of your qualifications, rates of pay, specialisms, languages, gender, university graduation dates, experience and employment history;


information to verify your identity and entitlement to work in the country of residence;

your photograph so that we can provide you with an ID pack.

The Company may collect this information in a variety of ways. For example, data might be contained in application forms, CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

Personal data may be sourced through information you have posted on job boards or social media sites such as LinkedIn where you have stated that you are currently available for work.

The Company may also collect personal data about you from third parties, in order that background checks can be undertaken. Background checks (such as copies of DBS checks), identity verification information (such as copies of a passport and passport number, expiration date and country of residence, driving licence or identity card), proof of address and references. The background and identify verification checks we carry out (unless subject to specific Client requirements, as explained below), may entail the Baseline Personnel Security Standard (BPSS) checks (see https://www.gov.uk/government/publications/government-baseline-personnel-security-standard for more details). The Company carries out these checks as it works regularly with government bodies who require them to be carried out and it is contractually obliged to do so.

6.3 How do we use your personal data?

The Company will collect and process your personal data where it is necessary:

to allow us to enter into and/or perform our terms of engagement with you;

to pursue legitimate interests of our own, or of third parties, such as our Clients, provided your interests and fundamental rights do not override those interests;

to fulfil our legal obligations; and/or

with your consent.

We need this information in order to engage you as an Agency and without it we will not be able to add you to our list of approved Agencies. In some cases we may also carry out (where required by our Clients or otherwise necessary) enhanced security clearance checks which we will use to assess your suitability before engaging you as an Agency and to engage you to carry out work assignments for our Clients. If such checks are required, we will inform you that we intend to carry out these checks on you. If you do not meet the requirement of the enhanced security clearance checks, then you may not be able to be engaged as an Agency for certain Clients, but this will not affect your suitability for any potential future engagements with other Clients.

6.4 Who is your personal data shared with?

Your information may be shared internally for the purposes of the engagement exercise.

We will also share your data with the third parties set out below:

any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (set out in Appendix A.);

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or Terms of Use;

a training company which we consider may be able to assist you in obtaining a qualification and/or to provide you with courses which we consider may be of interest to you;

in the event that we sell or buy any business or assets, in which case we may


disclose your personal data to the prospective seller or buyer; or

if we or substantially all of our assets are acquired by a third party, in which case personal/data held by us will be one of the transferred assets.

our auditors who ensure we maintain our ISO standards.

our clients or prospective clients.

We will share your personal data with other entities in our group as part of our regular reporting activities on Company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

The Company will not share your data with any other third parties, unless your application is successful. The Company will then share your data to obtain references for you, background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks. These are in addition to the other organisations as set out in our Service Agreements. The Company will not transfer your data outside the European Economic Area.

6.5 Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

6.6 Storage of your personal data

If your application to become an Agency is unsuccessful, the Company will hold your data on file for 3 months from the relevant engagement process. If you agree to allow the Company to keep your personal data on file, the Company will hold your data on file for a further period for consideration for future engagement opportunities. At the end of that period, or if you withdraw your consent prior to that date, your data is deleted or destroyed.

If your application to become an Agency is successful, personal data gathered during the engagement process will be transferred to your file and retained during your time as an authorised Agency.

We will retain your data for so long as your agreement with us remains in force. At the end of that period, your data will be deleted or destroyed.

Data will be stored in a range of different places, including on your application record, in Agency management systems and on other IT systems (including email).

6.7 Safeguarding your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, such as ISO27001 (2013) Information Security Management System and the Cyber Essentials Plus scheme. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We require these third parties to treat your personal data in accordance with data protection laws law and to keep it confidential. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.


The Company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details can be found in the Company’s Information Security Policy, Information Security Coordination, User Access Management policy, and Secure Development Policy.

6.8 Your Rights

As a data subject, you have a number of rights. You can:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal data to another party.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.

6.9 What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the Company during the engagement process. However, if you do not provide the information, the Company may not be able to process your application properly or at all.

7. Contacting Us

If you have any queries, comments or requests regarding this Policy or you would like to exercise any of your rights set out above, you can contact us in the following ways:

by email to Word360 Data Protection Officer – DPO@Word360.co.uk

by telephone at 0121 5541981

by post at Word360, 6 The Cloisters, 12 George Road Edgbaston. B15 1NP