1. About this policy
1.2 This privacy notice specifically applies to circumstances where you have accessed our website (https://www.bighand.com/) and/or any of our internal business tools (including relating to recruitment). Throughout this policy we refer to this as the “Website”.
2. About us
2.1 We are BigHand Limited, of 27 Union Street, London SE1 1SD. We provide productivity tools and solutions including workflow, dictation, business intelligence and pricing tools to our customers, who are organisations using those tools and solutions to support their own operations.
2.2 We are part of a group of companies, the BigHand group, which support our service provision to our customers. In this policy we refer to BigHand Limited as “we” and our group companies as “BigHand group members”.
3. What personal data we collect and why – General Website use
3.1 You do not have to provide any information to use the Website.
3.2 When using the Website, we collect your personal data under the following circumstances. When we collect this data, we rely upon your consent. This consent can be withdrawn by you at any time.Data descriptionCategories and examples of data providedWhy we collect this data
When you voluntarily complete the ‘Contact BigHand’ form(s).
Your first name, company, last name, work email, phone number, some details about your company and your message to us.
We will incidentally collect any other personal information you provide to us through such forms.
- For correspondence purposes (in order to answer your query, give you some additional information about our products and services and organise a free trial of our products if you request one).
- For internal administration purposes.
- To market BigHand products and services to you including by e-mail. For more information on marketing and your preferences, see section 6 below.
4. What personal data we collect and why – Recruitment
4.1 When you complete an application for a job, or otherwise engage with our recruitment process (via our Website or otherwise), we collect the following personal data:Data descriptionCategories and examples of data provided
Personal detailsYour name, gender, nationality, civil/marital status, date of birth, age, personal contact details (e.g. address, telephone or mobile number, e mail), national ID number, immigration and eligibility to work information, driving licence, languages spoken; emergency contact information, details of any disability and any reasonable adjustments required as a result.Recruitment and selection dataSkills and experience, qualifications, references, CV and application, interview and assessment data, vetting and verification information (e.g. results of credit reference check, financial sanction check and a basic disclosure criminal record check relating to unspent convictions were carried out and permitted by applicable law), right to work verification, information related to the outcome of your application, details of any offer made to you.Other personal dataAny other personal data which you choose to disclose to us during the recruitment exercise whether verbally or in written form (for example in work emails).
4.2 To the extent permitted by applicable laws, we will collect and process a limited amount of personal data within the above table that falls into special categories, sometimes called "sensitive personal data". This term means information relating to:
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- physical or mental health (including details of accommodations or adjustments);
- trade union membership;
- sex life or sexual orientation;
- biometric and genetic data [although we do not collect or expect to hold this type of data]; and
- criminal records and information regarding criminal offences or proceedings
4.3 Usually, we collect and record your personal data from you. You will provide this information directly to the individual the recruitment exercise or enter it into our systems (for example, through your participation in recruitment and selection processes, emails and instant messages you send or through verbal information which is recorded electronically or manually).
4.4 We also obtain some information from third parties: for example, references from a previous employer, medical reports from external professionals, information from recruitment consultants or where we employ a third party to carry out a background check (where permitted by applicable law). Some data may be obtained from publicly accessible sources.
4.5 If particular information is required by contract or statute this will be indicated at the time of collection. We will also let you know where there are consequences of you not providing the information requested. Failure to provide some information will mean that we cannot continue with the recruitment exercise as we will not have the personal data we believe to be necessary for the effective and efficient administration of the recruitment exercise. It should be noted however that it is not a condition or requirement of your recruitment to agree to any request for consent from us.
4.6 We also collect non-personal data derived from these data types. This data is not personal data and is used to ensure the security of our systems and infrastructure, and to develop and support our tools and solutions.
4.7 We collect this personal data on the basis that you have consented to give it to us. This also means that you are free to withdraw this consent at any time, and we will promptly stop processing your personal data received on this basis.
4.8 We have set out below the purposes we may use your personal data for and the legal basis we rely on in each case:
Purpose for processingThe lawful basis we rely onPurpose for processingThe lawful basis we rely on
Recruitment and selection
Considering your suitability to work for us in the role you have applied for, comparing you to other candidates and making recruitment decisions
Some of this processing is necessary for the compliance with legal obligations to which BigHand is subject including the requirement to make reasonable adjustments or accommodations where appropriate if you choose to disclose that you have a disability.
Some of this processing is necessary for takings steps at your request to enter into a contract with you.
Additional processing is necessary for the purpose of the legitimate interests pursued by us.
BigHand has a legitimate interest in fully assessing applicants to ensure that only suitable and appropriate candidates are selected, to compare candidates and make a fair decision on the most appropriate candidate for the position.
BigHand aims to recruit the best person for each vacancy through fair, systematic, effective recruitment and selection procedures. This will contribute towards BigHand continuing to meet its business objectives, maintain its reputation and attract high calibre employees.
Pre-employment verification and screening
Appropriate pre-employment screening including, where relevant and appropriate, identity check, right to work verification, reference check, credit check, financial sanction check, criminal record checks (if and to the extent permitted by applicable laws), relevant employment history, relevant regulatory status and relevant professional and educational qualifications.
Some of this processing is necessary for the compliance with legal obligations to which we are subject including establishment of the right to work in the country in which you are employed.
Screening which is not legally required is necessary for the purpose of the legitimate interests pursued by us.
BigHand has a legitimate interest in ensuring that candidates for employment or engagement do not pose an unacceptable risk to the business or its customers and considers the verification carried out necessary to prevent crime and other unlawful acts and to protect the business customers from fraud, dishonesty, or incompetence.
Offers of employment and on-boarding
Making job offers, providing contracts of employment or engagement and preparing to commence your employment or engagement where you accept an offer from us
Some of this processing is necessary for the compliance with legal obligations to which we are subject including the requirement to issue written particulars or terms of employment and the requirement not to unlawfully discriminate in the terms of any offer to you.
Additional processing is necessary to take steps to enter into the contract between you and BigHand and to perform that contract because we will need information to make an appropriate offer to you and administer your employment contract if you join us.
The remainder of the processing is necessary for the purpose of the legitimate interests pursued by us.
BigHand has a legitimate interest in ensuring the effective engagement of staff on appropriate terms and conditions of employment and that there is a smooth transition into employment for successful candidates and that information supplied in the recruitment process which is relevant to ongoing employment is maintained. This will contribute towards us continuing to meet our business objectives, maintain its reputation and attract high calibre employees.
Future job opportunities
To contact you if you are not successful in your initial application should another potentially suitable vacancy arises during the six months following completion of the recruitment process for the role you originally applied for
This processing is necessary for the purpose of the legitimate interests pursued by us.
BigHand has a legitimate interest in maintaining an appropriate pool of talent who have shown an interest in working for us and who are potentially suitable candidates for employment. This will potentially benefit both initially unsuccessful candidates and us. It will contribute towards BigHand continuing to meet its business objectives, maintain its reputation and attract high calibre employees.
Recruitment feedback and complaints
To deal with any query, challenge or request for feedback received in relation to our recruitment decisions
This processing is necessary for the compliance with legal obligations to which we are subject including ensuring that BigHand can demonstrate its compliance with data protection laws and anti-discrimination laws.
Beyond legal compliance processing is necessary for the purpose of the legitimate interests pursued us.
BigHand has a legitimate interest in being able to provide feedback to candidates and to be able to defend any challenge or claim made in connection with our recruitment decision. This will assist us to avoid the risk of financial exposure or costs incurred through challenges to recruitment decisions and to maintain its reputation.
Complaints, claims and litigation
To enforce our legal rights and obligations, and for any purposes in connection with any complaint or legal claim made by, against or otherwise involving you
This processing is necessary for the purpose of the legitimate interests pursued by us.
BigHand has a legitimate interest in protecting its organisation from breaches of legal obligations owed to it and defending itself against litigation. This is needed to ensure that our legal rights and interests are protected appropriately, to protect our reputation and to protect us from other damage or loss.
This is important to protect our business and ensure its continued success and growth. This supports BigHand’s immediate and long-term business goals and outcomes.
Legal or regulatory disclosures
To comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country;
This processing is necessary for the compliance with legal obligations to which we are subject where there is a legal obligation to disclose information or a court or other legal order to provide information is place.
Where not legally required, processing is necessary for the purpose of the legitimate interests pursued by us.
BigHand has a legitimate interest in co-operating with relevant authorities, government bodies or regulators for the provision of information where appropriate. We wish to maintain our reputation as a good corporate citizen and to act ethically and appropriately in all the countries in which we do business.
4.9 The special categories of personal data that we process are set out above. Where we process special categories of data it will be justified by a condition set out 4.8 above and also by one of the following additional conditions:
4.9.1 The processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, to the extent permissible under applicable laws;
4.9.2 The processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, to the extent permitted by applicable laws;
4.9.3 The processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent (for example in exceptional emergency situations, such as a medical emergency);
4.9.4 The processing is necessary for purposes authorised by applicable law.
4.9.5 The processing is necessary for the establishment, exercise, or defence of legal claims; or
4.9.6 In exceptional circumstances the processing is carried out subject to your explicit consent.
4.10 Personal data relating to criminal convictions and offences will only be processed where authorised by applicable laws.
5. Do we share personal data with anyone else?
5.1 We only share personal data with other organisations where necessary.
5.2 These organisations are:
- Third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back-office systems.
- Professional advisors such as lawyers or insurance brokers. if, in the future, we sell or transfer some or all our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets.
- BigHand group members providing us or our customers with services, tools, or solutions.
- We may also share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates, or advertisers
6. Do we transfer personal data overseas?
6.1 We, or service providers or processors working for us, may transfer personal data outside the UK.
6.2 BigHand operates on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the UK or EU that are subject to different standards of data protection. BigHand will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
- we ensure transfers within the BigHand group will be covered by an agreement entered into by members of the BigHand group (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within the BigHand group;
- where we transfer your personal information outside the BigHand group or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
6.3 You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.
7. Our use of data for marketing
7.1 We only use personal data for marketing our services by electronic communications methods where you have given us your consent.
7.2 If you have consented to receive marketing, you may opt out later. You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other BigHand group members. We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.
7.3 If you no longer wish to be contacted for marketing purposes, please email us at firstname.lastname@example.org.
8. How we keep personal data secure
8.1 We have achieved ISO27001 standards (the global information security standard) for our information security and organisational security standards and practices.
8.2 We regularly review, test and assess our information and organisational security measures, and we ensure that:
- Our team is trained and experienced in personal data processing.
- Physical security measures are applied to our facilities.
- Our systems and infrastructure are protected by network and other technical security measures.
- Access to personal data is recorded and controlled.
- Our systems and practices are audited and reviewed.
9. Profiling and automated decision making
9.1 We do not use personal data to profile or enable automated decision making about individuals.
9.2 We carry out a small amount of profiling from time to time related to assessment of performance and potential as part of our appraisal process or other career development programmes. This is used for development and may be considered for promotion or succession planning but is not used as the sole basis for any decision.
10. How long do we keep personal data?
10.1 We only keep personal data for as long as necessary for the purposes for which we use it as set out in this policy.
10.2 We are required to keep certain information for certain periods of time in order to comply with legal and regulatory obligations. We minimise the amount of data we retain, and de-identify it to protect individuals being identified.
10.3 You can ask us about the specific periods for which we retain personal data by contacting us as described in How to contact us below.
11. Your rights in relation to personal data
You may have the following legal rights in relation to our use of personal data.
11.1 Not all of these rights apply in every circumstance, and we may not always be able to comply with a request to exercise your rights (for example, if we are subject to a legal obligation). In some cases, if you exercise your rights, we may be unable to continue to provide access to our tools and solutions to you. You have the following rights:
- To receive a copy of personal information we are processing about you.
- To prevent processing of your personal data, in some circumstances.
- To erasure of your personal data, in some circumstances.
- To prevent processing for purposes of direct marketing.
- To seek correction of inaccurate personal data we hold.
- To complain to the Information Commissioner about our processing of personal data.
- To have personal data provided to them in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller.
- To object to certain processing activities, including profiling that is occurring without consent.
- Not to be subject to significant decisions taken solely by automated process.
11.2 You can exercise these rights by contacting us as described in How to contact us below. We may ask for proof of your identify if you do this (by means of a copy of your passport, driving licence, birth certificate or recent utility bill, for example).
11.3 As stated above, you have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
11.4 We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
13. How to contact us
By email at email@example.com or write to us at: BigHand limited, 27 Union Street, London SE1 1SD, United Kingdom.
Registered office: 27 Union Street, London, SE1 1SD, United Kingdom.
Registered in England & Wales with company registration number 03128724
VAT number: 888 4178 62
Data Protection Manager: Joseph Birkby