Privacy Policy
Strive Higher (trading name for Strive Global Talent Ltd) are committed to protecting and respecting your privacy. This policy applies to the personal data we collect from you and the personal data which is passed to us by third parties. It also explains how personal data is shared and protected, what choices you have relating to your personal data and how you can contact us.
​
Who we are
Strive Global Talent Ltd trades as Strive Higher. We are a company registered in England and Wales (Companies House Registration Number: 12510167). Strive Higher may be the controller, joint controller or the processor of your personal data.
​
Who regulates the use of my personal information?
Strive Higher has a data protection registration with the Information Commissioners Office, the independent authority which oversees compliance with data protection laws. Our registration number is ZB8498585 and this registration sets out, in very general terms, the full range of purposes for which we use personal information.
Who do I contact with any questions?
If you have any questions about your personal data and Strive Higher that are not answered by this privacy policy, wish to make a complaint or exercise any of your rights, please contact Laura Wetherall.
If we are unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the UK Information Commissioners Office. Full details may be accessed on the complaints section of the Information Commissioner’s Office website.
What is personal data?
Under the Data Protection Act 2018 ('the Act') and General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') personal data is defined as 'any information relating to an identified or identifiable natural person ('data subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
​
Your data
This privacy policy sets out how Strive Higher processes your personal data if you fall into one of the following categories:
-
You engage with us in data-gathering exercises or events which feed into our work with our clients
-
Your personal data is shared with us by our clients as part of the data gathering and analysis which is relevant to the work we have been contracted to do. Where our client is the Data Controller, there may be lawful sharing of some data with us under permitted routes. In this case, the data will be treated in accordance with our policies.
Personal data means any information which relates to or identifies an individual. This includes information which may not explicitly identify you but would allow others to identify you if combined with information that is readily available elsewhere.
The type of personal information collected (either directly from you or from third parties) and used will depend on the objectives of the project. The personal data we collect will always be proportionate to achieving those objectives.
No personalised data will be retained beyond the closure of the project unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
In your case, we may collect the following personal data:
Name
Job title
Area of work
Location
Preferences and opinions
There may be occasions where we may process some information about you that is considered to be ‘sensitive’. This is classified as ‘special category’ personal data and would include categories such as data regarding your ethnicity, sexual orientation, gender identity, religious belief or heath. These types of personal information require additional protections. The following link provides more information about these special categories: Equality Act 2010 (legislation.gov.uk).
Access to, and the sharing of, this more sensitive personal data is controlled very carefully and you will be specifically informed about this in our privacy notice provided to you when you agree to be part of a data-gathering exercise.
Data protection laws require us to meet certain conditions before we are allowed to use your data in this way, including having a ‘legal basis’ for the processing. Where we process special category personal data or criminal convictions information, we are required to establish an additional legal basis for processing that data.
The General Data Protection Regime (GDPR) expects all data controllers to comply with the 7 basic principles of personal data The principles | ICO
We comply in the following ways:
Lawfulness, fairness and transparency:
We make sure you are aware of the reason for requesting and collecting your personal data. You should also receive some communication directly from our client to explain the reason for our request and how they have assured themselves that we will process your data in line with our GDPR obligations.
Purpose limitation:
In this case, your personal data has been collected for the specific, legitimate purpose of carrying out our contractual obligations to our client during the course of this project.
Data minimisation:
No personalised data will be retained beyond the closure of the project unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
Accuracy:
We will always seek to establish the data collected is accurate and updated as necessary.
Storage limitation:
When possible, we will ask our clients to anonymise any data they share with us.
On completion, we will agree with our client what information is retained by Strive Higher and by the client and will always ensure anonymisation where possible.
Integrity and confidentiality:
Your data will be processed in a way to ensure appropriate security of the personal data, including restricting access to the data and reducing risk of accidental loss or damage by adequate access controls.
In order to protect your rights when using your personal information for data gathering and to ensure that we meet the conditions set out in data protection law, we implement specific safeguards, including the following:
Policies and procedures that tell our staff how to collect and use your information safely;
Training which ensures our staff understand the importance of data protection and how to protect your data;
Security standards and technical measures that ensure your information is stored safely and securely;
Contracts with third parties have clauses setting out each party’s responsibilities for protecting your personal information;
We carry out data protection impact assessments on high-risk projects to ensure that your privacy, rights as an individual or freedoms are not affected; and
When we process special category personal data, this is subject to a further public interest test to make sure this particularly sensitive information is required to meet the project’s objectives.
We ask our team to de-identify information wherever possible through anonymisation or pseudonymisation. Information where you can be identified will, as such, be deleted at the close of a project unless needed for audit purposes or there are legal/regulatory obligations to retain the information for a set period. Once agreement is made to delete the data, it will be deleted in line with our data retention policy.
When we design and manage data-gathering exercises, Strive Higher will usually be a joint controller for the purposes of data protection law, which means that we will decide with our client how your personal information is created, collected, used, shared, stored and deleted (processed). We will do so in line with the objectives of the project, ensuring we collect only what is appropriate and necessary and we have informed you of what we are collecting.
At the outset of the project, we will agree with our client who will have access to your personal data. It will generally be restricted to the client’s team and our own project team.
Once the data has been processed, it will be anonymised or psuedonymised before sharing as part of the outcomes of a project.
If we are working with other organisations and information is shared with them, we will inform you in an information notice provided to you when you agree to participate in the data –gathering exercise. Information will be shared on a need to know basis, and will not be excessive. Appropriate safeguards will also be put in place to ensure the security of your information. If you have any further questions about such collaborations, please contact Laura Wetherall.
We also sometimes use products or services provided by third parties who carry out a task on our behalf. These third parties are known as data processors and when we use them we have contractual terms, policies and procedures to ensure that your personal data is protected. This does not always mean that they access your information. Strive Higher remains responsible for your personal information and should we use another organisations or contractors to process your information we will provide you with details about that relationship in the information provided to you when you agree to share your personal data with us.
You have certain individual rights under data protection law regarding the personal data we hold. The rights are as follows:
Right 1: A right to access personal data held by us about you (please see section entitled "How can I access my personal information" below).
Right 2: A right to require us to rectify any inaccurate personal data held by us about you.
Right 3: A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6).
Right 4: A right to restrict our processing of personal data held by us about you.
This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
Right 5: A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation.
Right 6: A right to object to our processing of personal data held by us about you.
Right 7: A right to withdraw your consent, where we are relying on it to use your personal data.
Right 8: A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.
If you want to ask something about your data or exercise any of your rights, you are welcome to contact Laura Wetherall. If you want details of current information we hold about you this is also where to send your request. There is normally no charge and we will respond within a month where practicable.
If you notify us that you wish to exercise any of the above rights and it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner’s Office (Make a complaint | ICO).
Please also note that we can only comply with a request to exercise your rights during the period for which we hold personal information about you. If that information has been irreversibly anonymised, it will no longer be possible for us to access your personal information.
You engage with us in data-gathering exercises or events which feed into our work with our clients.
Personal data means any information which relates to or identifies an individual. This includes information which may not explicitly identify you but would allow others to identify you if combined with information that is readily available elsewhere.
The type of personal information collected (either directly from you or from third parties) and used will depend on the objectives of the project. The personal data we collect will always be proportionate to achieving those objectives.
No personalised data will be retained beyond the closure of the project unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
In your case, we may collect the following personal data:
Name
Job title
Area of work
Location
Preferences and opinions
There may be occasions where we may process some information about you that is considered to be ‘sensitive’. This is classified as ‘special category’ personal data and would include categories such as data regarding your ethnicity, sexual orientation, gender identity, religious belief or heath. These types of personal information require additional protections. The following link provides more information about these special categories: Equality Act 2010 (legislation.gov.uk).
Access to, and the sharing of, this more sensitive personal data is controlled very carefully and you will be specifically informed about this in our privacy notice provided to you when you agree to be part of a data-gathering exercise.
Data protection laws require us to meet certain conditions before we are allowed to use your data in this way, including having a ‘legal basis’ for the processing. Where we process special category personal data or criminal convictions information, we are required to establish an additional legal basis for processing that data.
The General Data Protection Regime (GDPR) expects all data controllers to comply with the 7 basic principles of personal data The principles | ICO
We comply in the following ways:
Lawfulness, fairness and transparency:
We make sure the client is aware of their responsibilities of the controller of your personal data. You should receive some communication directly from our client to explain the reason for our request and how they have assured themselves that we will process your data in line with our GDPR obligations.
Purpose limitation:
In your case, your personal data has been shared for the specific, legitimate purpose of carrying out our contractual obligations to our client during the course of this project.
Data minimisation:
No personalised data will be retained beyond the closure of the project unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
Accuracy:
We will always seek to establish the data collected is accurate and updated as necessary.
Storage limitation:
When possible, we will ask our clients to anonymise any data they share with us.
On completion, we will agree with our client what information is retained by Strive Higher and by the client and will always ensure anonymisation where possible.
Integrity and confidentiality:
Your data will be processed in a way to ensure appropriate security of the personal data, including restricting access to the data and reducing risk of accidental loss or damage by adequate access controls.
In order to protect your rights when using your personal information for data gathering and to ensure that we meet the conditions set out in data protection law, we implement specific safeguards, including the following:
Policies and procedures that tell our team how to collect and use your information safely
Training which ensures our staff understand the importance of data protection and how to protect your data
Security standards and technical measures that ensure your information is stored safely and securely
Contracts with third parties have clauses setting out each party’s responsibilities for protecting your personal information
We carry out data protection impact assessments on high-risk projects to ensure that your privacy, rights as an individual or freedoms are not affected and
When we process special category personal data, this is subject to a further public interest test to make sure this particularly sensitive information is required to meet the project’s objectives
We ask our team to de-identify information wherever possible through anonymisation or pseudonymisation. Information where you can be identified will, as such, be deleted at the close of a project unless needed for audit purposes or there are legal/regulatory obligations to retain the information for a set period. Once agreement is made to delete the data, it will be deleted in line with our data retention policy.
When we design and manage data-gathering exercises, Strive Higher will usually be a joint controller for the purposes of data protection law, which means that we will decide with our client how your personal information is created, collected, used, shared, stored and deleted (processed). We will do so in line with the objectives of the project, ensuring we collect only what is appropriate and necessary and we have informed you of what we are collecting.
At the outset of the project, we will agree with our client who will have access to your personal data. It will generally be restricted to the client’s team and our own project team.
Once the data has been processed, it will be anonymised or psuedonymised before sharing as part of the outcomes of a project.
If we are working with other organisations and information is shared with them, we will inform you in an information notice provided to you when you agree to participate in the data –gathering exercise. Information will be shared on a need to know basis and will not be excessive. Appropriate safeguards will also be put in place to ensure the security of your information. If you have any further questions about such collaborations, please contact Laura Wetherall.
We also sometimes use products or services provided by third parties who carry out a task on our behalf. These third parties are known as data processors and when we use them we have contractual terms, policies and procedures to ensure that your personal data is protected. This does not always mean that they access your information. Strive Higher remains responsible for your personal information and should we use another organisations or contractors to process your information we will provide you with details about that relationship in the information provided to you when you agree to share your personal data with us.
You have certain individual rights under data protection law regarding the personal data we hold. The rights are as follows:
Right 1: A right to access personal data held by us about you (please see section entitled "How can I access my personal information" below).
Right 2: A right to require us to rectify any inaccurate personal data held by us about you.
Right 3: A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6).
Right 4: A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
Right 5: A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation.
Right 6: A right to object to our processing of personal data held by us about you.
Right 7: A right to withdraw your consent, where we are relying on it to use your personal data.
Right 8: A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.
If you want to ask something about your data or exercise any of your rights, you are welcome to contact Laura Wetherall. If you want details of current information we hold about you this is also where to send your request. There is normally no charge and we will respond within a month where practicable.
If you notify us that you wish to exercise any of the above rights and it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner’s Office (Make a complaint | ICO).
Please also note that we can only comply with a request to exercise your rights during the period for which we hold personal information about you. If that information has been irreversibly anonymised, it will no longer be possible for us to access your personal information.
Your personal data is shared with us by our clients as part of the data-gathering and analysis which is relevant to the work we have been contracted to do
Personal data means any information which relates to or identifies an individual. This includes information which may not explicitly identify you but would allow others to identify you if combined with information that is readily available elsewhere.
The type of personal information collected (either directly from you or from third parties) will be collected solely for business purposes to guide us on how we can best support our clients or, if you are happy to share your contact details with us, to offer our visitors regular updates.
No personalised data will be retained beyond the timelines set out in our Data Retention Policy unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
In your case, we may collect the following personal data:
IP address
Location
Or if you sign up to receive updates:
Name
Role
Employer
Email address
Interests
The General Data Protection Regime (GDPR) expects all data controllers to comply with the 7 basic principles of personal data The principles | ICO
We comply in the following ways:
Lawfulness, fairness and transparency:
We make sure you are aware of the reason for requesting and collecting your personal data. You will find more information in our Cookies Policy.
Purpose limitation:
In your case, any personal data gathered as a result of you visiting our website has been collected for the specific, legitimate purpose to meet our business interests.
Data minimisation:
No personalised data will be retained beyond the closure of the project unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
Accuracy:
We will always seek to establish the data collected is accurate and updated as necessary.
Storage limitation:
The data we collect via our website will be held for no longer than 14 months. See our Cookies Policy for further information.
Integrity and confidentiality:
Your data will be processed in a way to ensure appropriate security of the personal data, including restricting access to the data and reducing risk of accidental loss or damage by adequate access controls.
In order to protect your rights when using your personal information for data gathering and to ensure that we meet the conditions set out in data protection law, we implement specific safeguards, including the following:
Policies and procedures that tell our staff how to collect and use your information safely;
Training which ensures our staff understand the importance of data protection and how to protect your data;
Security standards and technical measures that ensure your information is stored safely and securely;
Contracts with third parties have clauses setting out each party’s responsibilities for protecting your personal information;
When we process special category personal data, this is subject to a further public interest test to make sure this particularly sensitive information is required to meet the project’s objectives.
Please see our Data Retention Policy for information relating to the information we gather from our website.
We ask our team to de-identify information wherever possible through anonymisation or pseudonymisation. Information where you can be identified will, as such, be deleted at the close of a project unless needed for audit purposes or there are legal/regulatory obligations to retain the information for a set period. Once agreement is made to delete the data, it will be deleted in line with our data retention policy.
Our website builder and Google Analytics are both the controllers of the data gathered through their platforms and Strive Higher are data processors in this instance. Please refer to their Privacy Policies for further information:
We also sometimes use products or services provided by third parties who carry out a task on our behalf. These third parties are known as data processors and when we use them we have contractual terms, policies and procedures to ensure that your personal data is protected. This does not always mean that they access your information. Strive Higher remains responsible for your personal information and should we use another organisations or contractors to process your information we will provide you with details about that relationship in the information provided to you when you agree to share your personal data with us.
There may be occasions where we are asked to share information with law enforcement agencies. These requests fall under the lawful basis of Article 6 of the UK GDPR.
You have certain individual rights under data protection law regarding the personal data we hold. The rights are as follows:
Right 1: A right to access personal data held by us about you (please see section entitled "How can I access my personal information" below).
Right 2: A right to require us to rectify any inaccurate personal data held by us about you.
Right 3: A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6).
Right 4: A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
Right 5: A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation.
Right 6: A right to object to our processing of personal data held by us about you.
Right 7: A right to withdraw your consent, where we are relying on it to use your personal data.
Right 8: A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.
If you want to ask something about your data or exercise any of your rights, you are welcome to contact Laura Wetherall. If you want details of current information we hold about you this is also where to send your request. We will respond within a month where practicable.
If you notify us that you wish to exercise any of the above rights and it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner’s Office (Make a complaint | ICO).
Please also note that we can only comply with a request to exercise your rights during the period for which we hold personal information about you. If that information has been irreversibly anonymised, it will no longer be possible for us to access your personal information.
Visitors to our website
Personal data means any information which relates to or identifies an individual. This includes information which may not explicitly identify you but would allow others to identify you if combined with information that is readily available elsewhere.
The type of personal information collected directly from you will depend on the objectives of the survey which will be shared with you when we invite you to take part. Any personal data we collect will always be proportionate to achieving those objectives and where possible we will remove, psuedonymise or anonymise this personal data as soon as possible.
If we intend to share the outcomes of the survey with our network, we will make this clear when inviting you to take part in the survey and will clearly outline what data will be shared and to which audiences so you can choose whether or not to take part.
No personalised data will be retained beyond the closure of the survey unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
In most surveys we carry out, we may collect the following personal data:
Name
Job title
Area of work
Location
Preferences and opinions
There may be occasions where we may process some information about you that is considered to be ‘sensitive’. This is classified as ‘special category’ personal data and would include categories such as data regarding your ethnicity, sexual orientation, gender identity, religious belief or heath. These types of personal information require additional protections. The following link provides more information about these special categories: Equality Act 2010 (legislation.gov.uk)
Access to, and the sharing of, this more sensitive personal data is controlled very carefully and you will be specifically informed about this in our privacy policy provided to you when you agree to be part of a data-gathering exercise.
Data protection laws require us to meet certain conditions before we are allowed to use your data in this way, including having a ‘legal basis’ for the processing. Where we process special category personal data or criminal convictions information, we are required to establish an additional legal basis for processing that data.
The General Data Protection Regime (GDPR) expects all data controllers to comply with the 7 basic principles of personal data The principles | ICO
We comply in the following ways:
Lawfulness, fairness and transparency:
We make sure you are aware of the reason why we are collecting this data and what we intend to do with it.
Purpose limitation:
Your personal data has been shared for the specific, legitimate purpose of our business interest in sharing knowledge across the sector.
Data minimisation:
We will always request the minimum amount of personal data needed to meet the objectives of the survey.
Accuracy:
We will always seek to establish the data collected is accurate and updated as necessary.
Storage limitation:
We will aim to anonymise the data gathered through the survey as soon as possible and will deleted any personal data gathered in this way as soon we have carried out our analysis. Further information will be available in the timeline provided in the privacy notice issued with your invitation to take part in the survey.
Integrity and confidentiality:
Your data will be processed in a way to ensure appropriate security of the personal data, including restricting access to the data and reducing risk of accidental loss or damage by adequate access controls.
In order to protect your rights when using your personal information for data-gathering and to ensure that we meet the conditions set out in data protection law, we implement specific safeguards, including the following:
Policies and procedures that tell our team how to collect and use your information safely
Training which ensures our staff understand the importance of data protection and how to protect your data
Security standards and technical measures that ensure your information is stored safely and securely
Contracts with third parties have clauses setting out each party’s responsibilities for protecting your personal information
We carry out data protection impact assessments on high-risk projects to ensure that your privacy, rights as an individual or freedoms are not affected and
When we process special category personal data, this is subject to a further public interest test to make sure this particularly sensitive information is required to meet the project’s objectives
We ask our team to de-identify information wherever possible through anonymisation or pseudonymisation. Information where you can be identified will, as such, be deleted at the close of a project unless needed for audit purposes or there are legal/regulatory obligations to retain the information for a set period. Once agreement is made to delete the data, it will be deleted in line with our data retention policy.
When we design and manage data-gathering exercises, Strive Higher will usually be a controller for the purposes of data protection law, which means that we will decide how your personal information is created, collected, used, shared, stored and deleted (processed). We will do so in line with the objectives of the survey, ensuring we collect only what is appropriate and necessary and we have informed you of what we are collecting.
When you are invited to take part in the survey, we will share who will have access to your personal data and the analysis of the anonymised data.
Once the data has been processed, it will be anonymised or psuedonymised before sharing with a wider audience.
If we are working with other organisations and information is shared with them, we will inform you in a privacy notice provided to you when you agree to participate in the data –gathering exercise. Information will be shared on a need to know basis, and will not be excessive. Appropriate safeguards will also be put in place to ensure the security of your information. If you have any further questions about such collaborations, please contact Laura Wetherall.
We also sometimes use products or services provided by third parties who carry out a task on our behalf. These third parties are known as data processors and when we use them we have contractual terms, policies and procedures to ensure that your personal data is protected. This does not always mean that they access your information. Strive Higher remains responsible for your personal information and should we use another organisations or contractors to process your information we will provide you with details about that relationship in the information provided to you when you agree to share your personal data with us.
There may be occasions where we are asked to share information with law enforcement agencies. These requests fall under the lawful basis of Article 6 of the UK GDPR.
You have certain individual rights under data protection law regarding the personal data we hold. The rights are as follows:
Right 1: A right to access personal data held by us about you (please see section entitled "How can I access my personal information" below).
Right 2: A right to require us to rectify any inaccurate personal data held by us about you.
Right 3: A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6).
Right 4: A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
Right 5: A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation.
Right 6: A right to object to our processing of personal data held by us about you.
Right 7: A right to withdraw your consent, where we are relying on it to use your personal data.
Right 8: A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.
If you want to ask something about your data or exercise any of your rights, you are welcome to contact Laura Wetherall. If you want details of current information we hold about you this is also where to send your request. We will respond within a month where practicable.
If you notify us that you wish to exercise any of the above rights and it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner’s Office (Make a complaint | ICO).
Please also note that we can only comply with a request to exercise your rights during the period for which we hold personal information about you. If that information has been irreversibly anonymised, it will no longer be possible for us to access your personal information.
You respond to one of our surveys
Personal data means any information which relates to or identifies an individual. This includes information which may not explicitly identify you but would allow others to identify you if combined with information that is readily available elsewhere.
The type of personal data collected directly from you will depend on what you choose to share as part of our interaction, or if attending one of our events, the personal data you have shared as part of the booking process. We may also store data we have gathered via publicly available sources e.g. your employer’s website, your own website, LinkedIn profiles, media.
No personalised data will be retained beyond the lifecycle of the event unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
If we intend to share any information provided in the booking process, we will make this clear at the outset and will clearly outline what data will be shared and to whom so you can you choose whether to opt out.
In most surveys we carry out, we may collect the following personal data:
Name
Job title
Area of work
Location
Preferences, opinions and potential leads
There may be occasions where we may process some information about you that is considered to be ‘sensitive’. This is classified as ‘special category’ personal data and would include categories such as data regarding your ethnicity, sexual orientation, gender identity, religious belief or heath. These types of personal information require additional protections. The following link provides more information about these special categories: Equality Act 2010 (legislation.gov.uk)
Access to, and the sharing of, this more sensitive personal data is controlled very carefully and you will be specifically informed about this in our privacy policy provided to you when you agree to be part of a data-gathering exercise.
Data protection laws require us to meet certain conditions before we are allowed to use your data in this way, including having a ‘legal basis’ for the processing. Where we process special category personal data or criminal convictions information, we are required to establish an additional legal basis for processing that data.
The General Data Protection Regime (GDPR) expects all data controllers to comply with the 7 basic principles of personal data The principles | ICO
We comply in the following ways:
Lawfulness, fairness and transparency:
We make sure you are aware of the reason why we are collecting this data and what we intend to do with it.
Purpose limitation:
Your personal data has been shared for the specific, legitimate purpose of our business interest.
Data minimisation:
We will always request the minimum amount of personal data needed.
Accuracy:
We will always seek to establish the data collected is accurate and updated as necessary.
Storage limitation:
We will store your personal data for the duration of our working relationship with you and for 1 year beyond our last interaction with you. Further information will be available in the timeline provided in the privacy notice issued with your booking application.
Integrity and confidentiality:
Your data will be processed in a way to ensure appropriate security of the personal data, including restricting access to the data and reducing risk of accidental loss or damage by adequate access controls.
In order to protect your rights when using your personal information for data-gathering and to ensure that we meet the conditions set out in data protection law, we implement specific safeguards, including the following:
Policies and procedures that tell our team how to collect and use your information safely
Training which ensures our staff understand the importance of data protection and how to protect your data
Security standards and technical measures that ensure your information is stored safely and securely
Contracts with third parties have clauses setting out each party’s responsibilities for protecting your personal information
We carry out data protection impact assessments on high-risk projects to ensure that your privacy, rights as an individual or freedoms are not affected and
When we process special category personal data, this is subject to a further public interest test to make sure this particularly sensitive information is required to meet the project’s objectives
We ask our team to de-identify information wherever possible through anonymisation or pseudonymisation. Information where you can be identified will, as such, be deleted at the close of a project unless needed for audit purposes or there are legal/regulatory obligations to retain the information for a set period. Once agreement is made to delete the data, it will be deleted in line with our data retention policy.
When we design and manage data-gathering exercises, Strive Higher will usually be a controller for the purposes of data protection law, which means that we will decide how your personal information is created, collected, used, shared, stored and deleted (processed). We will do so in line with the objectives of the survey, ensuring we collect only what is appropriate and necessary and we have informed you of what we are collecting.
When you are invited to take part in the survey, we will share who will have access to your personal data and the analysis of the anonymised data.
Once the data has been processed, it will be anonymised or psuedonymised before sharing with a wider audience.
If we are working with other organisations and information is shared with them, we will inform you in a privacy notice provided to you when you agree to participate in the data –gathering exercise. Information will be shared on a need to know basis, and will not be excessive. Appropriate safeguards will also be put in place to ensure the security of your information. If you have any further questions about such collaborations, please contact Laura Wetherall.
We also sometimes use products or services provided by third parties who carry out a task on our behalf. These third parties are known as data processors and when we use them we have contractual terms, policies and procedures to ensure that your personal data is protected. This does not always mean that they access your information. Strive Higher remains responsible for your personal information and should we use another organisations or contractors to process your information we will provide you with details about that relationship in the information provided to you when you agree to share your personal data with us.
There may be occasions where we are asked to share information with law enforcement agencies. These requests fall under the lawful basis of Article 6 of the UK GDPR.
You have certain individual rights under data protection law regarding the personal data we hold. The rights are as follows:
Right 1: A right to access personal data held by us about you (please see section entitled "How can I access my personal information" below).
Right 2: A right to require us to rectify any inaccurate personal data held by us about you.
Right 3: A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6).
Right 4: A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
Right 5: A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation.
Right 6: A right to object to our processing of personal data held by us about you.
Right 7: A right to withdraw your consent, where we are relying on it to use your personal data.
Right 8: A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.
If you want to ask something about your data or exercise any of your rights, you are welcome to contact Laura Wetherall. If you want details of current information we hold about you this is also where to send your request. There is normally no charge and we will respond within a month where practicable.
If you notify us that you wish to exercise any of the above rights and it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner’s Office (Make a complaint | ICO).
Please also note that we can only comply with a request to exercise your rights during the period for which we hold personal information about you. If that information has been irreversibly anonymised, it will no longer be possible for us to access your personal information.
You meet us at an event
Personal data means any information which relates to or identifies an individual. This includes information which may not explicitly identify you but would allow others to identify you if combined with information that is readily available elsewhere.
The type of personal information collected (either directly from you or from third parties) and used will vary but largely rely on our obligations to hold certain data to meet our regulatory and legal obligations e.g for HMRC for tax purposes. We will also use your personal data to fulfil our contractual obligations e.g. your bank details to pay you. The personal data we collect will always be proportionate to our need and obligations.
No personalised data will be retained beyond the closure of our contract unless required for audit purposes. Where personal data needs to be maintained, this will be in an anonymised form wherever possible.
In your case, we may collect the following personal data:
Name
Job title
Area of work
Postal address
Email address
Telephone number
Company registration number
VAT number
Bank details
Preferences and opinions
There may be occasions where we may process some information about you that is considered to be ‘sensitive’. This is classified as ‘special category’ personal data and would include categories such as data regarding your ethnicity, sexual orientation, gender identity, religious belief or heath. These types of personal information require additional protections. The following link provides more information about these special categories: Equality Act 2010 (legislation.gov.uk)
Access to, and the sharing of, this more sensitive personal data is controlled very carefully and you will be specifically informed about this in our privacy policy provided to you when you agree to be part of a data-gathering exercise.
Data protection laws require us to meet certain conditions before we are allowed to use your data in this way, including having a ‘legal basis’ for the processing. Where we process special category personal data or criminal convictions information, we are required to establish an additional legal basis for processing that data.
The General Data Protection Regime (GDPR) expects all data controllers to comply with the 7 basic principles of personal data The principles | ICO
We comply in the following ways:
Lawfulness, fairness and transparency:
We make sure you are aware of the reason for requesting and collecting your personal data.
Purpose limitation:
In your case, your personal data has been collected for the specific, legitimate purpose of carrying out our contractual obligations to you and our legal obligations to organisations such as HMRC.
Data minimisation:
We will collect only the minimum amount of personal data required.
Accuracy:
It’s important that the information we hold about you is accurate and up-to-date. If you think something’s out-of-date, incorrect or inappropriate please tell us. This includes your bank account, address, telephone number(s) etc.
Storage limitation:
When possible, we will store your information in only one place e.g. your bank details only in Xero (our accounting software) to avoid duplication of records.
Integrity and confidentiality:
Your data will be processed in a way to ensure appropriate security of the personal data, including restricting access to the data and reducing risk of accidental loss or damage by adequate access controls. We will advise you promptly if we become aware of any significant breach of security involving your personal data whether from within our own system or one of our service providers e.g. HMRC, Xero.
As a data controller, we are accountable for the personal data we process and always do so in a fair, lawful and transparent manner. We process information both manually and electronically but it is always for a specific, legitimate purpose. We keep it only for as long as necessary to fulfil that purpose. We retain it securely and confidentially throughout. When its purpose is fulfilled, we securely destroy or erase it according to our Data Retention Policy.
To protect your rights when using your personal information and to ensure that we meet the conditions set out in data protection law, we use specific safeguards, including the following:
Policies and procedures that tell our staff how to collect and use your information safely
Training which ensures our staff understand the importance of data protection and how to protect your data
Security standards and technical measures that ensure your information is stored safely and securely
Contracts with third parties have clauses setting out each party’s responsibilities for protecting your personal information and
When we process special category personal data, this is subject to a further public interest test to make sure this particularly sensitive information is required to meet the project’s objectives.
Your personal data will be kept for the duration required by HMRC and any other organisations to whom we have legal obligations. At the end of this period, we will delete it in line with the guidance set out in our Data Retention Policy.
As a contractor, Strive Higher will usually be a controller for the purposes of data protection law, which means that we will decide how your personal information is created, collected, used, shared, stored and deleted (processed). We will do so in line with our legal obligations, ensuring we collect only what is appropriate and necessary and we have informed you of what we are collecting.
Sometimes we share your information with third parties e.g. HMRC, our professional advisors etc. On other occasions we may receive information about you from a third party e.g. your chosen referees, a criminal record check etc.
If we ever needed to process your personal data outside of the UK and/or European Economic Area, you expect a similar degree of protection in respect of your personal information.
There may be occasions where we are asked to share information with law enforcement agencies. These requests fall under the lawful basis of Article 6 of the UK GDPR.
You have certain individual rights under data protection law regarding the personal data we hold. The rights are as follows:
Right 1: A right to access personal data held by us about you (please see section entitled "How can I access my personal information" below).
Right 2: A right to require us to rectify any inaccurate personal data held by us about you.
Right 3: A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6).
Right 4: A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
Right 5: A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation.
Right 6: A right to object to our processing of personal data held by us about you.
Right 7: A right to withdraw your consent, where we are relying on it to use your personal data.
Right 8: A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.
If you want to ask something about your data or exercise any of your rights, you are welcome to contact Laura Wetherall. If you want details of current information we hold about you this is also where to send your request. There is normally no charge and we will respond within a month where practicable.
If it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner’s Office (Make a complaint | ICO).
Please also note that we can only comply with a request to exercise your rights during the period for which we hold personal information about you. If that information has been irreversibly anonymised or deleted, it will no longer be possible for us to access your personal information.
Our suppliers
Personal data means any information which relates to or identifies an individual. This includes information which may not explicitly identify you but would allow others to identify you if combined with information that is readily available elsewhere.
The type of personal information collected (either directly from you or from third parties) and used will vary but largely rely on our obligations to hold certain data for HR purposes e.g for HMRC for tax purposes or to pension schemes for our contributions to your pension. We will also use your personal data to fulfil our contractual obligations e.g. your bank details to pay you. We routinely process other information e.g. recording your holiday, sickness, and other types of leave. The personal data we collect will always be proportionate to our need and obligations.
No personalised data will be retained beyond the closure of our contract with you unless required for audit purposes. Where personal data needs to be maintained, this will continue to be stored securely either within our Microsoft accounts or other software such as Xero.
In your case, we may collect the following personal data:
Name
Job title
Area of work
Home address and other contact details
Emergency contact details
Date of birth
National Insurance number
Bank details
Preferences and opinions
There may be occasions where we may process some information about you that is considered to be ‘sensitive’. This is classified as ‘special category’ personal data and would include categories such as data regarding your ethnicity, sexual orientation, gender identity, religious belief or heath. These types of personal information require additional protections. The following link provides more information about these special categories: Equality Act 2010 (legislation.gov.uk)
Access to, and the sharing of, this more sensitive personal data is controlled very carefully and you will be specifically informed about this in our privacy policy provided to you when you agree to be part of a data-gathering exercise.
Data protection laws require us to meet certain conditions before we are allowed to use your data in this way, including having a ‘legal basis’ for the processing. Where we process special category personal data or criminal convictions information, we are required to establish an additional legal basis for processing that data.
The General Data Protection Regime (GDPR) expects all data controllers to comply with the 7 basic principles of personal data The principles | ICO
We comply in the following ways:
Lawfulness, fairness and transparency:
We make sure you are aware of the reason for requesting and collecting your personal data.
Purpose limitation:
In your case, your personal data has been collected for the specific, legitimate purpose of carrying out our contractual obligations to you and our legal obligations to organisations such as HMRC.
Data minimisation:
We will collect only the minimum amount of personal data required.
Accuracy:
It’s important that the information we hold about you is accurate and up-to-date. If you think something’s out-of-date, incorrect or inappropriate please tell us. This includes your bank account, home address, telephone number(s) etc. We also need to know who to contact on your behalf in an emergency.
Storage limitation:
When possible, we will store your in only one place e.g. your bank details only in Xero (our accounting software) to avoid duplication of records.
Integrity and confidentiality:
Your data will be processed in a way to ensure appropriate security of the personal data, including restricting access to the data and reducing risk of accidental loss or damage by adequate access controls. We will advise you promptly if we become aware of any significant breach of security involving your personal data whether from within our own system or one of our service providers e.g. HMRC, Xero, Nest.
As a data controller, we are accountable for the personal data we process and always do so in a fair, lawful and transparent manner. We process information both manually and electronically but it is always for a specific, legitimate purpose. We keep it only for as long as necessary to fulfil that purpose. We retain it securely and confidentially
throughout. When its purpose is fulfilled, we securely destroy or erase it according to our Data Retention Policy.
To protect your rights when using your personal information and to ensure that we meet the conditions set out in data protection law, we use specific safeguards, including the following:
Policies and procedures that tell our staff how to collect and use your information safely;
Training which ensures our staff understand the importance of data protection and how to protect your data;
Security standards and technical measures that ensure your information is stored safely and securely;
Contracts with third parties have clauses setting out each party’s responsibilities for protecting your personal information;
We carry out data protection impact assessments on high-risk projects to ensure that your privacy, rights as an individual or freedoms are not affected; and
When we process special category personal data, this is subject to a further public interest test to make sure this particularly sensitive information is required to meet the project’s objectives.
Your personal data will be kept for the duration required by HMRC and any other organisations to whom we have legal obligations. At the end of this period, we will delete it in line with the guidance set out in our Data Retention Policy.
As an employer/contractor, Strive Higher will usually be a controller for the purposes of data protection law, which means that we will decide how your personal information is created, collected, used, shared, stored and deleted (processed). We will do so in line with our legal obligations, ensuring we collect only what is appropriate and necessary and we have informed you of what we are collecting.
Sometimes we share your information with third parties e.g. HMRC, pension and benefit providers, our professional advisors etc. On other occasions we may receive information about you from a third party e.g. your chosen referee for a job application, a criminal record check etc.
If we ever needed to process your personal data outside of the UK and/or European Economic Area, you expect a similar degree of protection in respect of your personal information.
There may be occasions where we are asked to share information with law enforcement agencies. These requests fall under the lawful basis of Article 6 of the UK GDPR.
You have certain individual rights under data protection law regarding the personal data we hold. The rights are as follows:
Right 1: A right to access personal data held by us about you (please see section entitled "How can I access my personal information" below).
Right 2: A right to require us to rectify any inaccurate personal data held by us about you.
Right 3: A right to require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6).
Right 4: A right to restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
Right 5: A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation.
Right 6: A right to object to our processing of personal data held by us about you.
Right 7: A right to withdraw your consent, where we are relying on it to use your personal data.
Right 8: A right to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.
If you want to ask something about your data or exercise any of your rights, you are welcome to contact Laura Wetherall. If you want details of current information we hold about you this is also where to send your request. There is normally no charge and we will respond within a month where practicable.
If it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner’s Office (Make a complaint | ICO).
Please also note that we can only comply with a request to exercise your rights during the period for which we hold personal information about you. If that information has been irreversibly anonymised or deleted, it will no longer be possible for us to access your personal information.
Our team