Privacy Policy

DUO GLOBAL CONSULTING LTD – PRIVACY POLICY

The purpose of this notice

We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the EU General Data Protection Regulation, other relevant UK and EU legislation (together Data Protection Legislation), as well as marketing rules.

In this privacy notice we explain how we will process your personal information obtained through your use of this website and through other interactions with you (e.g. events). If wish to learn how we process personal data of job seekers’ obtained in connection with the provision of our recruitment services, please read our Job Candidate Privacy Notice below.

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data, and what data protection rights you have.

What does this notice cover:

Who we are
Personal data we collect
How we collect personal data
How and why we use personal data
How and why we use sensitive data
Who we share personal data with
International transfers
How long we keep personal data
Your rights
Keeping personal data secure
Complaints
How to contact us
Changes to this privacy notice

Who we are

When we say we, us or our in this privacy notice, we mean Duo Global Consulting Limited, a company incorporated and registered in England and Wales with company number 9099851, and whose registered office is at Duo Global Consulting, 28 Lime Street, Newcastle upon Tyne, NE1 2PL.

Personal data we collect

Personal data means information which relates to an identified or an identifiable individual. We may collect, use, store and transfer various types of personal data relating to your identity, contact details, profile, profession, usage of our website and website services, and our networking and professional interactions with you.

Types of personal data we may collect	Examples
Identity data	Name; title
Contact data	Address; email; telephone number
Profile data	Interests; preferences; feedback and survey responses
Professional data	Job title; name of business or organisation; professional credentials; professional contact details, behavioural patterns.
Usage data	Services you signed up to (e.g. our blogs); events you attended or expressed interests in.
Enquiries data	Details of enquiries submitted via our website or emailed to info@duoglobalconsulting.com
Technical data	internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Before you disclose to us the personal information of another person you must ensure that you have a lawful basis to do so. For information on when and how you can lawfully disclose personal data, please see the Information Commissioner’s Office Guide to the General Data Protection Regulation.

How we collect personal data

We collect most of this information from you direct. However, we may also collect information from other sources.

Type of source	Examples
Your use of our website	when you sign up to our mailing list; submit an online enquiry; subscribe to our blogs; complete a survey; or give us your feedback
Direct interactions with you	when you contact us first (e.g. by phone or email); when you sign up or attend our seminars or networking events; when you give us your business card; when you register interest in our services; when you sign up to our behavioural survey
From publicly accessible sources	your website; your professional profiles on social media platforms (e.g. LinkedIn, Instagram, Facebook, Twitter); professional networking groups and databases
Directly from a third party	another organisation or professional who told us that you would like to hear from us
Automated technologies or interactions	As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies Policy.

How and why we use personal data

Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example, because you have given us your permission, or for our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

Generally we do not rely on consent as a legal basis for processing your personal data other than:

to place cookies on your device (please see our Cookie Policy for further details);
if you are an individual, and we want to send you marketing emails which you did not previously subscribe to or otherwise request; or
if we want to share your details with a third party (e.g. because we think that their seminar or networking event might be of interest to you).

Where your consent is required, we will ask you for such consent separately and clearly. You have the right to withdraw consent to marketing at any time by emailing info@duoglobalconsulting.com Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, by emailing us at info@duoglobalconsulting.com or using the ‘unsubscribe’ link in our marketing emails, so you are still in control.

We rely on our own, and/or or a third party’s legitimate interests, when we process your data for the following purposes:

to send you our updates or other electronic marketing communications which you subscribed to, or otherwise requested;
if you contact us for any reason, to deal with your enquiry (including complaints);
to provide you with a service you, or your employer, requests;
to increase our business or promote our brand through behavioural advertising, and marketing communication by phone or post;
to improve our website and services;
to interact with you professionally (e.g. if you represent our client, supplier or business partner);
to conduct web analytics;
the establishment, exercise or defence of legal claims.

If you submit personal information for publication on our website or another location, we will publish and otherwise use that information in accordance with the permission which you grant to us.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at info@duoglobalconsulting.com If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or structure of our business.

Enquiries related to legal advice

If you contact us because you are looking for a job and require our help, any information submitted to us for that purpose will be used in accordance with our Job Candidate Privacy Notice following on from this notice.

We do not routinely collect any special categories of personal data about you (meaning information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health, and genetic and biometric data), nor do we collect any data relating to criminal convictions and offences.

Who we share personal data with

We may share your information with third parties for the purposes set out in this policy.

We may also share your personal data with providers of cloud-based software we use and with providers of other IT and system administration and maintenance services. We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure that they can only use your personal data to provide services to us and to you.

We may disclose your personal data to certain third parties if specifically requested or agreed with you. For example, if you ask us to introduce you to a third party (e.g. an employer, or a professional adviser).

We may disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

International transfers

We may transfer your personal data to a destination outside of the United Kingdom. Transfers of data outside the European Union are subject to special rules under the Data Protection Legislation. You can find information in this regard at the European Commission’s website.

We use cloud-based platforms and tools for the purpose of our marketing activities. The providers of these tools are based either in the European Union or the US. Those who are based in the US subscribe to the EU-US Privacy Shield framework. Transfers of personal data under the Privacy Shield framework are deemed by the European Commission to provide an appropriate level of protection.

If you want further information on the specific mechanism used by us when transferring your personal data out of the EU please contact us by using the contact methods set out in the How to contact us section of this policy.

How long we keep personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. If you subscribe to our updates, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications.

If you enquire or purchase our business-to-business services, we will keep your personal data for marketing purposes for two years from when we last heard from you, unless you opt-out from receiving marketing communications.

If you are a job candidate, we will keep your data collected in connection with the provision of our recruitment services to you as described in our Job Candidate Privacy Notice below.

If you use our behavioural mapping platform, we retain your behavioural profile and data relating to that for as long as necessary to fulfil the purposes we collected it for. Each organisation we work with who uses this service with their own team, or for recruitment or customer service purposes, will have their own privacy and data processing policies so please revert to those for more detail.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your rights

You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances (e.g. the right of access, rectification and erasure). You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).

Under certain circumstances, you have the following data protection rights:

Your right	Explanation
Access	This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Rectification	The right to require us to correct any inaccuracies in your personal data.
Erasure (to be forgotten)	The right to require us to delete your personal data in certain situations.
Restriction of processing	The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).
Data portability	The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.
To object	The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).
Not to be subject to automated individual decision-making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you would like to exercise any of those rights, please contact us using the contact details provided in the How to contact us section of this policy. Please let us know what right you want to exercise and the information to which your request relates.

For further information on when and how you can lawfully disclose personal data, please see the Information Commissioner’s Office Guide to the General Data Protection Regulation.

Keeping personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Complaints

We hope that our Data Protection Lead can resolve any query or concern you may raise about our use of your information. You may contact our Data Protection Lead by using the contact methods set out in the How to contact us section of this policy.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted at https://ico.org.uk/concerns or by telephone on: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

How to contact us

If you have any questions about this privacy notice, (including any requests to exercise your legal rights) please contact our Data Protection Lead by either:

email at info@duoglobalconsulting.com; or
post to Duo Global Consulting, 28 Lime Street, Newcastle upon Tyne, NE1 2PL.

Changes to this privacy policy

This privacy policy was published on 23 May 2018 and last updated on 20 January 2023.

We may change this privacy notice from time to time, when we do we will publish the new version of the policy on our website.

DUO GLOBAL CONSULTING LTD – JOB CANDIDATE PRIVACY POLICY

Introduction and the purpose of this privacy notice

We are committed to safeguarding your privacy. Our use of your personal data is subject to the European Union General Data Protection Regulation and other relevant UK and EU legislation (together Data Protection Legislation).

In this privacy notice we explain how we will process your personal information in connection with your use of our recruitment services and related purposes. It also explains your data protection rights. It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data.

Contents

Who we are
Personal data we collect
How we collect personal data
How and why we use personal data
Who we share personal data with
International transfers
How long we keep personal data
Your rights
Keeping personal data secure
Complaints
How to contact us
Changes to this privacy notice

Who we are

For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you. If we share your personal information with a prospective employer, they will hold your personal information as a data controller for their own purposes and will be responsible for such use and for providing you with their privacy notice.

Personal data we collect

Personal data means information which relates to an identified or an identifiable individual.

We may collect, store and use the following categories of information about you:

you name, title, address, email address and telephone number;
your education history and qualifications;
your employment and work experience information;
your curriculum vitae and any information it contains;
your application forms and any information they contain;
your professional profile information;
details of your extracurricular interests and achievements;
information you provide to us when we communicate with you (for example, copies of email correspondence); and
our screening and assessment notes.

We do not routinely collect or use any special categories of data (that is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) or data related to criminal convictions and offences.

How we collect personal data

We collect information from the following sources:

directly from you;
from employers we work with; or
from publically accessible sources (e.g. LinkedIn, job sites).

How and why we use personal data

Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example, because you have given us your permission, or for our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use your personal data for and our reasons for doing so:

What we use your personal data for	Our reasons
To provide recruitment services to you (including keeping you informed of suitable opportunities; matching your skills and experience to specific opportunities; assessing your skills, qualifications and suitability for the work or role; conducting pre-employment screenings, where applicable; putting your candidature forward to employers and assisting you with progress through their recruitment process to shortlist for an interview).	For our legitimate interests and those of our client We will ask for your consent before we share your information with a potential employer
To provide recruitment services to our clients (employers we work with).	For our legitimate interests or those of our client
Administration reasons (including updating and enhancing our records).	For our legitimate interests
To manage our relationship with you (including providing you with feedback, responding to your enquiries and complaints, notifying you of changes to our privacy notices).	For our legitimate interests
Operational reasons, such as improving efficiency, training and quality control	For our legitimate interests
To improve our service offerings	For our legitimate interests or those of third parties
For the establishment, exercise or defence of legal claims	For our legitimate interests or those of third parties

Where your consent is required, we will ask you for such consent separately from this privacy policy. If you give us your permission to use your data for a certain purpose and change your mind, you can ask us to stop using your data for that purpose at any time.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the contact details provided in paragraph 11 of this notice. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Who we share personal data with

We may share your information with the following third parties for the purposes set out in this privacy notice:
employers we work with (acting as data controllers) based in the UK or US;
professional advisers (acting as data controllers) including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services; or
service providers (acting as data processors) which we use to enable us to operate our business, including providers of our IT systems (based in the UK or US).

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal or regulatory obligations.

International transfers

To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA), e.g.:

with your and our service providers located outside the EEA;
if you are based outside the EEA; or
if the employer you wish to be introduced to is based outside the EEA.

These transfers are subject to special rules under the Data Protection Legislation. You can find further information in this regard at the European Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu.

The European Commission considers transfers of personal data to the US under the EU-US Privacy Shield framework to be providing an adequate level of protection for personal data. The US-based providers of software which we use to operate our business subscribe to the EU-US Privacy Shield.

If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA please contact us using the contact details provided in paragraph 11 of this privacy notice.

How long we keep personal data

We will not keep your data for any longer than necessary for the purposes set out in this policy. Different retention periods apply depending on the specific circumstances, as explained below.

If we receive your data from our client, or obtain it from a publically available source, we will retain your data for the period necessary to establish whether you are interested in our services.

If you confirm that you wish to be informed by us of job opportunities, we will retain your data for 24 months from our last communication with you, unless you notify us earlier that you no longer wish to be contacted by us.

If we introduce you to a potential employer, and you are successful, we will retain your data for 12 months so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted our services in a fair and transparent way.

If we introduce you to a potential employer, and you are unsuccessful, we will retain your data:

for 12 months so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted our services in a fair and transparent way; or
we may retain your data for longer with your consent as explained in paragraph 7(3) above.

Your rights

You have the following rights, which you can exercise free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request):

Your right	Explanation
Access	This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Rectification	The right to require us to correct any inaccuracies in your personal data.
Erasure (to be forgotten)	The right to require us to delete your personal data in certain situations.
Restriction of processing	The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).
Data portability	The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.
To object	The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).
Not to be subject to automated individual decision-making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

For further information on when and how you can lawfully disclose personal data, please see the ICO’s Guide to the General Data Protection Regulation available on the ICO’s website (ico.org.uk).

If you would like to exercise any of those rights, please contact us using the contact details provided in paragraph 11 of this privacy notice. Please let us know what right you want to exercise and the information to which your request relates. Please note that we may ask you to provide us with certain information to enable us to verify your identity, and/or request a proof of your identity and address (e.g. a copy of your driving licence or a recent utility bill).

Keeping personal data secure

Complaints

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or by telephone on: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

How to contact us

If you have any questions about this privacy notice, (including any requests to exercise your legal rights) please contact our Data Protection Lead by either:

email at info@duoglobalconsulting.com; or
post to Duo Global Consulting, 28 Lime Street, Newcastle upon Tyne, NE1 2PL.

Changes to this privacy notice

This privacy notice was published on 23/05/2018 and last updated on 20/01/2023.

We may change this privacy notice from time to time, when we do we will publish the new version of the policy on our website.