Privacy Policy
Summary Points
This summary is an overview of how Lupos Global process your personal data in accordance with GDPR and other data protection legislation. Our mission is to achieve compliant, simple and effective controls to satisfy GDPR, respect an individual’s right to privacy and without obstructing business as usual operations.
The full details of how we handle all your data interactions with Lupos Global are covered in the full Privacy Notice below.
Lupos complies with Data Protection Laws globally; however, the minimum standard that we apply is that found within the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This Regulation enhances privacy rights for individuals and provides a strict framework within which commercial organisations can legally operate.
Lupos will only process your personal data for the purposes of providing staffing solutions, recruitment and assignment support services. Whilst Lupos will not be seeking explicit consent from you for processing your data, we will not process any personal or sensitive data for any other purpose than defined within our Privacy Notice and, in line with the conditions defined by the GDPR.
As part of our primary responsibilities and fundamental to best business practice, we adopt the principles of Information Security Management and cyber security protocol associated with our IT infrastructure to ensure your personal data is secure and protected.
Under GDPR and subject to certain conditions, you have rights relating to processing of personal data.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
LUPOS GLOBAL PRIVACY NOTICE
This Privacy Notice describes the way in which any personal data held by Lupos Global (‘Lupos’) will be processed and sets out:
The rights you have in relation to your information, and how you can exercise those rights;
How we keep your personal data secure;
The types of personal data we collect about you, and how we collect and use it;
The legal grounds for how we use your data; and
The criteria used to determine how long your data is kept for.
This Privacy Notice applies to Lupos’ global operations.
Please read this Privacy Notice carefully to understand how Lupos will process your data.
Data Protection Laws
Lupos complies with Data Protection Laws globally; however, the minimum standard applied is that found within the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). The Regulation enhances privacy rights for individuals and provides a strict framework within which commercial organisations can legally operate.
Whilst the GDPR applies to processing (of personal or sensitive data) carried out by organisations operating within the EU, the regulations also apply to organisations outside the EU that offer services to individuals from the EU. For this reason, GDPR applies to all of Lupos’ global businesses.
Data Controller
Lupos Global Limited is the registered Data Controller for all companies in the Lupos group. For the purpose of data protection laws and processing activities, Lupos is registered with the Information Commissioners Office (ICO) in the UK.
For more information please see the key contacts section of this Privacy Notice for full details.
DEFINITIONS
For the purpose of this Privacy Notice the following definitions shall apply in respect of active, former and prospective individuals:
Candidates refer to individuals currently on assignment with, or using the payroll services of Lupos, and those who have registered or engaged with us or our advertising partners with regard to potential temporary and permanent opportunities or are prospective staff Employees of Lupos.
Clients refer to individuals that represent an organisation who has or is seeking to use the services offered by Lupos, and those who Lupos engage with for potential staffing solutions.
Employees refer to individuals working directly for Lupos Global Limited or its associated companies as a ‘staff’ member of the business.
External Providers includes suppliers and business partners who provide products or services to Lupos and regulatory bodies or similar and refers to the individuals representing these organisations.
Website Users refers to individuals accessing Lupos’ website.
Other Contacts refers to individuals named as next of kin, referees and similar.
WHO WE ARE & WHAT WE DO
Lupos is an award-winning workforce specialist supplying staffing solutions across the Aviation and Engineering sectors on a global basis. Our mission is to be the leading workforce partner to Candidates and Clients that value excellence in compliance, service and creativity.
As part of our global services, Lupos process a variety of information relating to data subjects in order to provide an effective and efficient service. As such, we are committed to maintaining the highest standard of ethics and integrity in the conduct of our business.
Lupos’ processing of personal data is conducted for the purpose of promoting, providing, evaluating and reporting on the following services:
Core services:
Contract Recruitment
Permanent Recruitment
Managed Services
Mobility Services
Assignment Support Services:
Accommodation Services
Compliance Services
Health Matters
Mobilisation & Repatriation
In Country Orientation
Payroll Services
Safety and Security
Travel Services
Visa & Work Permits
INFORMATION LUPOS COLLECTS
In order for us to undertake our business in manner that not only meets your expectations but applies controlled, satisfactory and compliant services to all interested parties, there is a need to process accurate personal data. The type of data collected and level of detail is dependent on the services and relationship you have with us.
Data Subjects
The personal data collected by Lupos concerns the following categories of data subjects in relation to Lupos’ core services and assignment support services:
Candidates;
Clients;
Employees;
External Providers;
Website Users; and
Other Contacts.
Personal data
The personal data used by Lupos during the course of our services includes identification, nationality and eligibility to work status, date of birth, education, job role, employment history, skills and preferences, payroll information, financial data such as social security numbers, tax and benefit data, and full contact details.
Next of kin or relative’s details are processed for the purpose of insurance, medical insurance cover or emergency contact reasons.
Sensitive data
In accordance with any specialist assignments, or where defined by local laws, data of a sensitive personal nature may be processed by Lupos or their authorised External Providers. In such instances, and where it is legally required or where you have entered into a contract with Lupos, the sensitive data processed may incorporate information relating to your:
Physical or mental health conditions, including medical reports or results of any assessments such as drug and alcohol screening;
Racial or ethnic origin;
Results of criminal record checks; and
Financial background checks.
In all instances, processing of sensitive data is undertaken under strict conditions and in accordance with local laws. Notification of such processing will be made to you and, if required, your formal consent obtained.
PROCESSING ACTIVITIES
Lupos use your personal data to provide our services, maintain our records, and meet our obligations as a staffing solutions partner. In addition, data from you or generated during the course of our relationship is also used for the purpose of reporting, monitoring and evaluation of services.
Whilst Lupos will not be seeking explicit consent from you for processing your data, we will not process any personal or sensitive data for any other purpose than defined by this Privacy Notice and, in line with the conditions defined by the GDPR, we shall ensure the conditions for processing fall into one of more of the following categories:
Contract Performance;
Legal Obligation;
Vital Interest;
Public Interest; and more specifically,
Legitimate Interest.
For specific information relating to how LUPOS use personal data, refer to the separate sections linked to each data subject.
Reporting
In line with our legal obligations and to ensure we meet our duty of care from a safety or security perspective, our company reporting may be linked to individuals. This type of reporting is carried out under strict conditions to prevent unauthorised access and ensure personal data is only accessed by authorised Lupos individuals and External Providers.
Reporting functions used by us include:
Event Registers maintained for purposes such as incidents, near misses or hazards;
Compliance Reporting linked to contract performance or expected business conduct; and
Evaluation of services such as customer or employee surveys.
Lupos Newsletters & Bulletins
For Lupos customers who receive the Lupos Global Newsletter or Lupos Safety & Compliance Bulletins as part of their assignment, our systems will track read rates, preferred topics and delivery receipts. This type of monitoring allows Lupos to offer you information that is of interest and benefit to you, provide you with safety related information relevant to your assignment and to sustain the security and quality of emails.
Monitoring Activity
Outside of legal obligations, Lupos do not currently undertake practices that result in final decisions purely based on automated processing of data; all such decisions, finalised outcomes or performance results are subject to human interaction and conclusion.
If changes occur to any processing activities conducted by Lupos using your personal data, this Privacy Notice will be updated accordingly.
CANDIDATE DATA
We understand that a career move is an important considered decision for you and therefore it is essential to ensure that the right information is captured, at the right time, to offer you introductions to the right job opportunities.
The type of data and methods of collection varies for Candidates and really depends upon whether you are seeking permanent employment, contract services or if you are applying for a role working directly with Lupos. No matter what you are looking for, your personal data will be processed by Lupos in a respected and secure manner.
Information you give to us.
As a candidate of Lupos, you have the opportunity to provide information in various ways and in different formats to suit your needs and preferences. Typically, this would involve you submitting your CV or personal data to Lupos by way of:
Registration through the Lupos website;
Applying for a role through Lupos’ website or other site that utilises our job advertising partner;
Contacting us through our website;
Submitting a CV or application direct to Lupos or a nominated Consultant; or
Submitting compliance criteria as part of Lupos’ on-boarding process.
Data collected by the above means includes your personal data and, where present on CVs or included to a Candidates online profile, may include other categories of data.
In summary, the level of detail you provide or is present on your CV when submitted by one of the above methods is classified as being given freely for the purpose of identifying suitable positions on a contract or permanent basis with Lupos. Data will be retained within the respective system and made available within Lupos for recruitment purposes.
By submitting your data to Lupos for this purpose, you acknowledge the methods in which Lupos process your data in accordance with this Privacy Notice.
Information from other sources
Along with submission of personal data directly, Lupos collect and use data obtained from other sources available to us in our capacity as a staffing business. These sources may include:
Clients or Candidates as part of a referral or placement scheme;
Employment references;
Search of online job boards such as Linked-In or other industry job sites; and from
External Providers undertaking screening, background checks or insurance services.
Candidate Recruitment Services
Lupos will use your personal data to contact you to discuss a potential role and to promote your skills and expertise in line with your requirements. We will also use it to help confirm your suitability for the role, for example by confirming your eligibility to work status, obtaining references or checking qualifications that are specific to the position you are interested in.
A record of discussions and details of your CV will be retained on Lupos’ global database.
Your CV details will be shared with our Clients as part of our search and selection process, or for internal positions, shared with the local Hiring Manager. CVs are formatted before submission to ensure no sensitive data is contained and that personal data is kept to a minimum so the CV is focused on your skills and expertise.
If you are unsuccessful we will keep your application on file along with some limited personal data (such as contact details, work preferences and CV details) and may contact you with regards to future vacancies.
If you are successful in securing a position with Lupos you will enter into the On-Boarding stages which involve processing activities relating to Lupos’ assignment support services.
At this point, if you have not already done so, you may be asked to formally register through our website registration portal and also submit or validate further information about yourself, your skills, and employment history. Subject to local laws and where required to fulfil your contractual obligations, you may also be asked to confirm nationality along with other personal data.
On-Boarding New Candidates
On-Boarding involves ensuring Lupos, the Client and you, are compliant in terms of local laws, HSSE needs or Client onsite rules and requirements. It is important that the transition to your chosen role is undertaken smoothly with all associated documentation validated in a timely and effective manner.
This means that additional information will be requested from you.
Some of this may be personal data and some may lead to the processing of sensitive data - the type and nature all depends upon the legal and Client stipulated requirements of the role you have accepted.
In summary, the personal or sensitive data that Lupos processes and reasons for processing when a candidate is on-boarded encompass:
Employment or academic history including certification or results from background and reference checks for the purpose of candidate screening, CV validation and compliance to role or industry standards.
Financial details for the purpose of processing payments for contract services.
Health / Medical status including results from medicals, drug and alcohol testing or medical declarations for the purpose of medical and/or insurance cover, or to comply with on-site HSSE rules, relevant laws, duty of care obligations or other industry rules.
Nationality, identification and personal preferences for the purpose of on-boarding Candidates, visa applications and/or eligibility to work status. This type of data is also processed to comply with equality and diversity laws, or where a specialist role with one of our Clients requires that such conditions are declared.
Background screening including financial checks, criminal record checks, drug & alcohol screening or fingerprint roll, for the purpose of compliance to relevant laws, HSSE rules, Client or industry standards and Lupos’ duty of care obligations.
Travel profiles for the purpose of on-boarding Candidates, rotation and/or hotel arrangements where applicable to your assignment; includes profiles linked to travel preparations / preferences.
Dependant data for the purpose of providing accurate insurance provision to you and (where applicable) your family, and in the event of an emergency situation. This type of data may include personal data relating to your partner and/or dependents*.
Other Personal Data for the purpose of communications, arranging assignment support services with internal or external parties and to clarify terms associated with your assignment contract or permanent placement.
* Data relating to person(s) under the age of 16 is processed under special and strictly controlled circumstances and shall only be processed by submission and declaration from you. This data relates to name, date of birth and nationality, and shall only apply for the purpose of specialist insurance, medical or relocations.
CLIENT DATA
Working with a talent pool of global Candidates it is important that Lupos fully understand your requirements and proficiently match these with the right candidate in terms of specification and expertise. To allow this, the relationship between you, your organisation and Lupos needs to be strong and understanding of the overall objective clear.
This is why retaining up to date Client contact information is important for both continued business and future developments.
Information you give to us
The level of information Lupos holds on Client contacts is limited in terms of personal data and is usually made available through one of the following ways:
Provided by your organisation when entering into contract with Lupos;
Submitted to Lupos when seeking staffing solutions or at special events or campaigns; or
Available to Lupos through previous placement as a Candidate.
Information from other sources
Along with submission of personal data directly, Lupos collect and use data obtained from other sources available to us. These sources may include:
Clients or Candidates as part of a referral or placement scheme;
Employment references;
Supplied by Candidates on your projects and site locations;
Researched from publically available newsletters, publications or similar media; and
Obtained as a business development lead or potential Client from online job boards such as Linked-In or other industry job sites.
The personal data held about you, as a Client contact of Lupos would typically cover your contact details (business location and email details, name, and position) and communications made with us during the course of our relationship.
All other information does not amount to personal or sensitive data; LUPOS nevertheless processes such information in a confidential manner.
Client Staffing Solutions
We will use your data to contact you to discuss potential business, your organisations staffing needs and to establish the type of Candidates suitable for you to fulfil your requirements.
If you are designated as the Account Manager in relation to services provided by Lupos, your contact details will be used for the purpose of:
Entering into and agreeing contractual terms;
Arranging Assignment Support Services for Candidates placed with your organisation;
Invoicing for the contractually agreed services; and
Performing our contractual obligations.
More specifically, your contact data processed by Lupos during the course of the Client / Lupos relationship is used for the purpose of Communications, including but not limited to:
Financial transactions; used for processing invoices and associated orders.
Provision of services as set out in the contract between us, marketing emails outlining available Lupos services and evaluating these services from your perspective.
Commercial and Legal reasons associated with the business relationship such as contractual requirements, legal aspects arising from the services provided to you, and as confirmation of assignment start and end periods.
System notes containing a record of discussions and/or agreements between you and Lupos will be retained centrally on Lupos’ database.
Potential Clients
Where Lupos have obtained your data from other sources, such as a recruitment job site or Linked-In, your contact details will be retained for the purpose of providing staffing solutions as a potential lead or Client. Processing is undertaken by the means and purposes defined above.
If you don’t want Lupos to contact you for this purpose please let us know.
Contact the Lupos’ Data Protection Advisory Team
EMPLOYEE DATA
As a direct staff Employee of Lupos, you’ll be a part of global company. The start of your career with Lupos involves us getting to know you and you getting to know the business, this involves sharing information to allow us to operate our business effectively and ensure that our relationship gets off to a good start.
Employee On-Boarding
A majority of the personal data Lupos need from you will be present on your CV; however as a business we would want to expand on this to ensure we meet our statutory obligations and offer you the opportunity to validate this data through our internal systems.
Further information collected from you will include:
Contact information for communication purposes, legal, employment and business reference. Next of kin contact information for the purpose of emergency.
Nationality, identification and personal preferences for the purpose of engagement, confirming eligibility status and where applicable for the purpose of managing travel and/or hotel arrangements, visa applications and any relocations. In some instances your data will be processed to comply with local laws relating to equality and diversity requirements in a specific jurisdiction.
Employment or Academic history including certification or results from background and reference checks for the purpose of CV or competency validation, compliance to a specific role or industry standards.
Financial details for the purpose of processing payments, expenses, benefits and/or pension arrangements and to meet our legal obligations in relation to the employment contract.
Health / Medical status including results from medicals and health declarations in line with your position, your working location within Lupos and our duty of care obligations.
Dependant data for the purpose of providing accurate insurance provision to you and where applicable your family), to process any applicable or chosen benefits and to comply with legal requirements. This type of data may include personal data relating to your partner and/or dependents *.
* Data relating to person(s) under the age of 16 is processed under special and strictly controlled circumstances and only by submission and declaration from you. This data relates to name, date of birth and nationality for the purpose of specialist insurance, medical or relocations.
Should you not provide the required data, we may be unable in some circumstances to comply with our legal or employer obligations and we will tell you about the implications of that decision.
Other Processing Activities
During the course of your employment with Lupos your personal data and data generated about your time with us may be used for commercial, legal or performance reasons.
Amongst the reasons identified above this may include:
Attendance tracking involving holiday leave, sickness absence or other out of office absences such as home working and external office visits. Data generated in this manner is used for legal purposes associated with your absences or may be used towards an evaluation on your overall performance.
Training & Competency records are maintained about you to maintain Skills & Competency levels associated with your role, and where pertinent to record activity relating to legal compliance associated with business conduct.
Health status & incidents are recorded centrally in line with local laws and Lupos’ commitment to your safety and wellbeing during employment. Reporting is undertaken against this data for the same purpose and records may extend to include systems notes and doctor’s records. In event of incidents your personal data (name and address) may be shared to comply with local HSE laws.
Performance appraisals will be carried out with you as an employee of Lupos with records maintained on performance, success areas and future development.
Transactional data relating to financial activities such as payments, deductions or benefits, and reporting linked to payments to ensure financial legal obligations are achieved.
Photographs of a physical or digital format as submitted by you or taken during a social or business environment.
Travel arrangements and profiles linked to your business travel preferences.
Special Categories of Data
Where there is a need to process any sensitive data about you, we shall ensure this is undertaken under strict conditions and in accordance with local laws; further, notification of processing will be made to you and if required, your formal consent obtained.
Performance Criteria & Monitoring
Internal systems are used across the business to allow monitoring and measurement associated with Key Performance Indicators or performance values for management reporting. These are linked to your role and responsibilities or agreed within your annual appraisal. This type of monitoring may be used to evaluate:
Pay rises or promotions;
Business Conduct;
Training & Development needs;
Lupos business performance;
Disciplinary, dismissals or complaints; or
Legal obligations such as tax or benefit returns.
Where system calculations are used for monitoring and performance purposes, no final decision is taken that may result in a detrimental decision based on the system results; rather the relevant Manager (or their nominee) reviews details, as applicable for discussion.
Lupos Systems & Devices
As an employee of Lupos you will be equipped with a suitable level of process equipment for business purposes, including email, network drives and in some instances a mobile device. Monitoring usage is undertaken in line with business policy and laws relating to security of information, cybersecurity and expected conduct behaviours.
Stockholder (Beneficial Ownership)
This group of individuals relate to anyone who has debt and/or equity instruments pertaining to Lupos and would arise from current or former Employees of the business.
If you are a stockholder, we will not collect any additional data from you other than details relating to the debt and/or equity involved which are linked to your personal data and next of kin details where appropriate.
In terms of stockholder data, details shall only be processed as part of any required transactional activity and if required to allow us to contact you to establish any entitlements.
EXTERNAL PROVIDERS
Lupos aims to establish mutually beneficial relationships with our External Providers and would therefore expect them and their representatives to be committed to the highest level of ethical standards and conduct throughout their organisation, and to process any personal data in line with legal and contractual requirements.
The personal data collected and used by Lupos relating to External Providers is generally associated with the background screening and the requirements of our contractual relationship.
Information Collected About You
The level of information Lupos holds on you as an external provider representative is limited and can be made available to us through one of the following ways:
Submitted from you personally during the course of your business marketing strategy for services and/or products;
Provided by you or your organisation when entering into a contract for services;
Submitted to Lupos in our search for a preferred supplier or business partner;
Referred to Lupos by a third party as part of a referral or assignment;
Obtained from a public source during our search for an external provider including credit or financial checks; or
Through our business and ethic due-diligence conducted to ensure compliance to legal or commercial obligations, and ethical standards.
Processing Activities
The personal data involved is typically your contact name associated with your corporate details. Such data is used to enable an effective business relationship between all parties and would therefore cover the data types and processing activities linked to:
Communications - encompassing your name along with corporate details of contact number and email address, and your professional position within the organisation.
Financial transactions used for processing invoices and associated orders and ensuring payment for services and/or products is made in a timely manner.
Commercial and Legal information for reasons associated with our business relationship such as contractual requirements, legal aspects arising from the services and/or products provided by your organisation, and as confirmation of the services entered into or products required.
Declarations of compliance retained as part of our supplier due-diligence process and expected business conduct standards.
Your name may also be linked to evaluations, HSE or data impact assessments and other performance criteria used in performance of services for Lupos’ External Providers of services and/or products. This type of evaluation may define your name as the business representative for your organisation.
WEBSITE USERS
Your data is collected by Lupos when you visit our website; this data is collected through Cookies in order to monitor our website usage and efficiency. There are different types of cookies available to organisations; the ones used by Lupos are fully explained in our Cookie Policy.
In summary these are:
Performance cookies: Used to collect information about how the website is used. These Cookies do not collect data on the individual visitor.
Functionality cookies: Used to customise your visit and provide you with access to the services you select. These Cookies do not track your browsing activity on other websites.
Advertising & Remarketing cookies: Used to collect anonymous data about interests and demographics of users to the website and improve experiences overall. These Cookies do not identify you or give Lupos access to your computer or mobile device.
You can update your preferences direct on our website.
To find out more about cookies and how to manage and delete them, visit www.allaboutcookies.org.
SHARING DATA
As you can imagine, a global business providing global opportunities to our Candidates and Clients, means we have a central database with each Lupos office around the world having access to the information. Any personal data provided to us will be stored within our global database systems and used for the purpose of providing our core services and/or assignment support services.
Only authorised Lupos employees have access to the personal data within our global database systems.
Sharing Your Data
As part of our service provision, information is shared with External Providers for the purpose of performing our contractual commitments to you, including but not limited to payments, insurances, emergencies, travel arrangements or for other commercial or legal obligations relating to the contract performance.
If you have requested us to help you find a position with one of our Clients, we may pass your Personal Data to our Client(s) in order to provide you with that service. We will attempt to contact you first to get your permission to pass your information on, but if we have been unable to reach you we may, where we consider it to be the type of role you have advised us that you are seeking and is in your best interests, still pass on your information.
If you do not want us to send your information to any of our Clients without your prior specific permission (even when we are unable to contact you and we believe that it serves your best interests) you should contact Lupos’ Data Protection Advisory Team.
In the event you enter into a contract with Lupos or one of our Clients, Lupos may pass your personal data to our Client or External Providers so they can provide services relating to your contract, or for Lupos staff Employees, in relation to our obligations as an employer.
The circumstances in which Lupos would share you data are in relation the services provided by:
Insurance brokers;
Emergency service providers;
Audit, Legal & Financial partners;
Approved travel partners; and
Payroll providers.
Lupos only use External Providers that meet our high expectations in terms of service and ethical standards including confidentiality and information security, and for the purposes of processing personal data, retain control as the appointed Data Controller.
It will be evident from the information provided as part of your contract with Lupos what services from External Providers we may utilise.
Transfer of Personal Data
GDPR restricts transfer of personal data to countries that are outside the EEA and/or are not a member state of the EU unless specific conditions are met, including security of such data. As a global business, Lupos has locations across the world and relationships with global Client groups including those in countries outside of the European Economic Area (“EEA”). Countries outside of the EEA may not have data protection laws which are as stringent as those in the EU and in other countries which are part of the EEA, however Lupos has controls in place to ensure your personal data and privacy are protected when information is transferred to other countries by means of access and/or use for provision of services.
These controls include:
Ensuring that data processing agreements are in place;
Stipulating security of data and transfer practices as part of the services;
Implementation of relevant data protection laws and obligations;
Data protection agreements in line with EU Model Clauses;
Central management of IT infrastructure and user application; and
Audit and review protocol linked to business processes.
Should you have any specific queries about these controls and the protection of your personal data, please contact the Data Protection Advisory Team.
Third Party Transfers
Lupos does not sell personal data.
We will only give your personal data to third parties where there is a legitimate or legal ground to do so associated with our services or associated with the relationship you have with us as previously defined in this Privacy Notice.
Disclosing Data for Other Reasons
In certain circumstances personal data may be disclosed to assist in the prevention and detection of crime and for law enforcement purposes without the consent of the individual concerned. Under these circumstances Lupos will use reasonable endeavours to check the request is legitimate before disclosing requested data and in all cases shall first seek authorisation through Lupos’ Data Protection Advisory Team and/or relevant Directors of the business.
If Lupos is involved in any transactional process regarding its ownership your personal data may be disclosed subject to strict confidentiality obligations and anonymisation where possible.
MARKETING
Where you have previously engaged with Lupos, such as providing your details for the purpose of our services, or have entered into a contract with us, Lupos will contact you. This will be to make you aware of other opportunities available to you across our global business or our global talent pool. These instances are referred to as a ‘soft opt-in’ option where we adopt the understanding that you are happy to receive contact from us unless or until you specifically state otherwise.
Lupos may use your personal data to contact you via post, phone and/or email. There are various reasons why we may contact you in relation to your relationship with us and the services you have shown interest in.
Our marketing contact shall only be undertaken for legitimate reasons relating, but not limited to:
The services we provide;
In relation to your employment or contract offer with LUPOS;
Communication of newsletters, industry news or safety bulletins on local environmental issues;
In relation to local events, holidays or festivals; and
To understand your perceptions of our services from a business or legal aspect.
Of course, you are in control.
If you visit or register through our website, you will be asked to confirm your preferences relating to job alerts, Cookies and to gain information about our services. Likewise, if you have not previously engaged with Lupos about our services, it is important that you review what choices you have and if, and how you want to be contacted by us.
If you don’t want to receive marketing contact from Lupos you can let us know at any time.
SECURITY MEASURES
Your personal data is important to you and important to Lupos; in fact it is vital to the success of our business relationship. We shall therefore ensure that when processing information on your behalf your personal data is treated with respect and that every effort is made to ensure that the confidentiality, integrity and availability of data held on our systems, within data centres and as part of our service provision to you, is fully protected.
As part of our primary responsibilities and fundamental to best business practice, we adopt the principles of Information Security Management to comply with all applicable laws, regulations and contractual obligations across our business, and cyber security protocol associated with our IT infrastructure.
In brief the measures taken by Lupos to ensure your personal data is secure and protected encompass:
Physical Security and Compliance;
Network Security;
Access & Restriction Controls;
Security Policies & Employee Awareness;
Vulnerability Management and Testing;
Encryption;
Improvement & Development;
Logging and Auditing;
Removable Media & Disposal;
Asset Management;
Incident Management; and
Business Continuity Management.
Full details of our Security Statement are avaialble on request.
RETENTION OF DATA
We will only retain your personal data for as long as we need to in line with our legitimate interests and will make every effort to keep this data up to date and accurate. Accordingly, our data management practices encompass retention of personal data, storage requirements and accuracy.
Keeping Your Data Accurate
Lupos will keep in touch with you regularly and check that the personal data we have about you is correct. Additionally, we have the following facilities available to you, so you can manage your data:
Our website has the facility for you to manage your data by creating your own profile and providing up to date information;
Our consultancy teams will keep in touch with you, so you can let us know of changes;
We will provide contact points to allow you to let us know of changes to your personal data; and
As part of our on-boarding processes, we will check your details are correct.
How long we keep your information
Personal data will only be kept for as long as Lupos has a genuine business need for it or are required to keep it by law, whichever is longer.
Any documents we hold which contain personal data about you are retained in line with our document management practices.
We segregate data depending upon the purpose of processing and the type of data processed, as this will determine the retention periods. The criteria we use to determine the retention period includes:
The nature of the personal data;
Our legal obligations;
Purpose of your engagement with Lupos;
Whether a contract has been performed and/or cannot be performed anymore;
Whether you have exercised your right to erasure;
Whether your data is no longer considered to be up to date; and
In line with our staffing expertise and knowledge of the industry by country, sector and job role.
Personal data we no longer need to keep is archived, destroyed or deleted securely.
Transactional data relating to our services and contractual obligations will be retained for an extended period in line with legal or business requirements.
YOUR RIGHTS & CHOICES
Lupos respect the information that you share with us and understand it is your right to know how this data is processed and exercise your right to ask us to stop processing it.
You can exercise your right to accept or prevent processing for marketing purposes by unsubscribing to any materials received. You can also exercise your rights associated with data processing at any time by contacting Lupos’ Data Protection Advisory team.
If we intend to use or share your data for any other purpose than what is defined under this Privacy Notice we will let you know, and where necessary, we will obtain your consent.
Individuals’ Rights
Under GDPR and subject to certain conditions, you have the following rights relating to personal data:
The Right to Rectification;
The Right to Access;
The Right to Erasure;
The Right to Restrict Processing;
The Right to Object; and
The Right to Data Portability.
Accessing Your Data
You can access details of the personal data processed by Lupos by submitting a ‘Subject Access Request’ by contacting Lupos’ Data Protection Advisory Team directly, who will then make provisions for you to complete the necessary application.
Once the application is received and acknowledged, Lupos will work to provide you access to your personal data within the defined timescales.
If you want to understand more about your Rights under GDPR, visit the ICO website.
YOUR KEY CONTACTS
Lupos have a dedicated team in place to answer any queries you may have relating to how we use your personal data. This Data Protection Advisory Team will oversee compliance and governance of our data protection obligations.
If you do require any additional information, have any queries relating to this Privacy Notice or wish to make a complaint please contact Lupos’ Data Protection Advisory Team:
By email: nick.stocker@luposglobal.com
By phone: +44 208 0660 321; or
By post: Lupos Global, 2nd Floor Afon House, Worthing Road, Horsham, RH12 1TL
Supervisory Authority
Lupos are registered as a Data Controller with the Information Commissioners Office; with Afon House, UK being the primary location for any data processing activities, cross-border processing controls and for central registration as the Data Controller for Lupos Global Limited.
For this purpose, the Information Commissioners Office (ICO) is appointed as the Lead Supervisory Authority for Lupos, across all businesses and subsidiaries.
Lupos’ registration details are available for public view on the ICO’s website.
(Registration A8369318)
Complaints
If you wish to make a complaint you can do this through direct channels by contacting the Data Protection Advisory Team. If not resolved to your satisfaction, you can directly contact at any time the Information Commissions Officer (ICO) as the Lead Supervisory Authority for Lupos.
ICO Helpline on: 0303 123 1113 (UK) or +44 1625 545 700.
CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our Privacy Notice or the defined processing activities will be posted to our website.
You are encouraged to visit our website frequently to see any updates or changes.
This Privacy Notice was last updated in May 2018.
