Who is the data controller? Rhino Pro Ltd, Lockgates House, 6 Rushmills Northampton NN4 7YB is the "controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
Our Data Protection Officer is Gemma Alleyne Lockgates House, 6 Rushmills Northampton NN4 7YB. As Data Protection Officer, they are responsible for informing and advising us about our data protection law obligations and monitoring our compliance with these obligations. They also act as your first point of contact if you have any questions or concerns about data protection.
Our legal basis for processing data: We hold and use your personal data for business administration purpose. This will include the management of our relationship with you, administration of your remuneration; performance of day-to-day business activities. Most commonly we rely on one or more of the following legal grounds when we process your personal data:
- Where we need it to perform the contract we have entered into with you (performance of the contract). This may include, for example, ensuring that we pay you correctly.
- Where we need to comply with legal obligation (legal obligation). Typically, this may include statutory or other legal requirement to share the information e.g. to operate Attachment or Deductions of Earnings orders and to report and repay to the relevant authorities.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental right do not override those interests (legitimate interest). This may include for example, providing you with information and updates about our service (office open hours etc.)
What information we collect about you and the purpose of its use: We collect information required to pay you for the work you complete for Rhino Pro Ltd and to comply with our statutory obligations.
When we collect this information: We collect this information via telephone conversations, by email, text message, WhatsApp messenger, forms and online submission forms.
If you give us someone else’s personal data. Sometimes, you might provide us with another person’s personal data – e.g. details of your emergency contact or next of kin. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data
How we store personal data: We hold the majority of personal data electronically and this system is securely backed up to protect your data as best we can from cyber-attacks and online hackers. Where personal data is provided hard copy, we may retain it in this form in secure cabinets.
Who do we share your personal data with? We will only share your personal data with third parties where we have an appropriate legal ground under data protection law which permits us to do so. Commonly, this could include situations where we are legally obliged to provide the information (e.g. to HMRC for tax purposes), to comply with our contractual duties or where it is necessary in our legitimate interest (e.g. to obtain legal or other professional advice from appointed accountants, tax advisors, lawyers, insurers, IT service providers and software providers.
Our Website. If you interact with our website at www.rhinoproltd.co.uk, we may process information relating to your usage of the website. However, unless you are submitting information through our website as an Operative, the information which we process is anonymised and not therefore personal data within the meaning of the Data Protection Legislation.
Automated Decision Making. Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. All decisions which are made in the course of our business processes involve human intervention. We do not therefore expect to make any decisions about you using automated means.
Data Security. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Manager. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Length of data retention: We will retain your data for up to 7 years after our professional relationship has terminated, data held electronically may be retained longer if required.
Rights of access, correction, erasure, and restriction
- Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
- Your rights in connection with personal information. Under certain circumstances, you have the right to:
- Request access to your personal information (a Subject Access Request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not usually have to pay a fee to access your personal information but we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or you have objected to the processing and there is no overriding legitimate interest for continuing the processing.
- Object to processing of your personal information where we are relying on a legitimate interest and you object on "grounds relating to your particular situation.”
- Request the restriction of processing of your personal information. This enables you to ask us to block or suppress the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it or if you have also objected to the processing as above.
- Request the transfer of your personal information to another party when the processing is based on consent and carried out by automated means. This right is not applicable to any data processing carried out by Rhino Pro Ltd. If you want to exercise any of the above rights, please contact the Data Protection Manager in writing. We will consider your request and confirm the actions that we have taken in response to such request. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.
If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom. Their details are: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AFTel: 0303 123 1113 (local rate) or 01625 545 745 Email: firstname.lastname@example.org