Privacy Notice

This Privacy Notice applies to the data for which Bridgit Technologies Ltd, trading as Bridgit, processes as a Data Controller. Please refer to our Data Processing Agreement for information on how we process data as a Data Processor.

For more information on how we manage, process and keep secure the information as Data Processor on behalf of our Clients, please refer to our Data Processing Agreement.

Table of Contents

• Who are we?
• Contacts
• Data we process as Data Controller
• Your Rights
• Transferring your information outside of the United Kingdom
• Changes to our Privacy Notice
• Marketing Communications
• Website & Cookies
• Cookies
• Social Media
• External Links
• Recruitment & Staff Data
• How we collect your information
• What information we collect
• How we use your information
• Legal basis for processing
• Data retention
• Who we share your data with

Who are we?

We are Bridgit Technologies Ltd, trading as Bridgit, and for the purposes of UK Data Protection Law we are registered with the ICO under registration number ZA768618.

In this Notice, ‘Bridgit’, ‘we’, ‘us’, or ‘our’ refers to: Bridgit Technologies Ltd (company number 11639162) with a registered address at 97 Charlotte Street, London, United Kingdom, W1T 4QA.

This Privacy Notice explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others. Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.

Contacts

If you have any questions regarding our Privacy Notice and our use of your personal data or would like to exercise any of your rights, please get in touch via the following:

• Address: 97 Charlotte Street, London, W1T 4QA, United Kingdom
• Phone: 0208 064 1259
• Email: hello@hibridgit.com

If you are unhappy with the way we process your data, please get in touch using one of the contact methods above. You can also make a complaint to the Information Commissioner’s Office (ICO), which regulates the use of information in the UK:

• Phone: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Website: www.ico.org.uk/concerns

Data we process as Data Controller

This Privacy Notice applies to the following categories of personal data processing activities where Bridgit acts as a Data Controller:

• Marketing Communications
• Website & Cookies
• Recruitment & Staff Data

Your Rights

Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. If you would like to exercise your rights, please get in contact using any of the details listed above. Here is a summary of the rights we think apply:

• Right to be Informed: You have the right to be informed as to how we use your data and under what lawful basis we carry out any processing. This Privacy Notice sets this information out, however if you would like further information, please get in touch.
• Right of Erasure (Right to be Forgotten): You may ask us to delete some or all of the information we hold about you. Sometimes, where we have a legal obligation, we cannot erase your personal data.
• Right to Object: You have the right to object to processing where we are using your personal information such as where it is based on legitimate interests or for direct marketing.
• Inaccurate Personal Information Corrected: Inaccurate or incomplete information we hold about you can be corrected. If your information is out of date or you’re unsure of its accuracy, please get in touch. We are working on ways to make it easier to review and correct this information and will carry out an annual accuracy check.
• Right of Restriction: You have the right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we are not lawfully allowed to use it.
• Right to Access: You have a right to request access to a copy of your personal information that we hold about you, including what data we use, why we use it, who we share it with, how long we keep it, and whether it's been used for automated decision-making. Requests are free of charge, and proof of identity is required.
• Automated Decision Making: This occurs when an electronic system uses personal information to make decisions without human involvement. You have the right to question outcomes of decisions that significantly impact you. We currently do not use automated decision making.
• Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you.
• Right to Withdraw Consent: Where you’ve provided consent to our use of your data, you can withdraw it at any time, and we will stop processing your data.

If you are the data subject of information we process as a Data Processor and want to exercise your rights, we advise you to contact the Data Controller directly.

Transferring your information outside of the United Kingdom

Where personal data is stored outside of the UK and the EEA, safeguards to protect personal data may include but are not limited to: the UK Addendum used with the EU Standard Contractual Clauses (SCCs), or the UK International Data Transfer Agreement (IDTA). Such safeguards will be subject to Transfer Risk Assessments (TRAs).

Changes to our Privacy Notice

This privacy notice is kept under regular review. If we make any significant changes to the way in which we process your information, we’ll make the required changes to this Privacy Notice and will notify you so that you can raise any concerns or objections with us. When making less impactful changes, we’ll update this notice and post a summary of the changes on our website.

This privacy notice was last updated in February 2024.

Marketing Communications

Your contact details may be used to provide you with information about our services via:

• Post
  We may use your Consent or our Legitimate Interest to send you marketing communications by post. If you prefer not to hear from us this way, please get in touch by using any of the contact details listed at the top of this notice.
• Phone
  If you have provided us with your telephone number or email address, we may contact you by phone with marketing communication under our legitimate interest (unless you are enrolled to TPS or you told us not to do so).
• Email, text or other electronic message
  We will only send you marketing communications by email, text or other electronic message if you have provided your consent or if you have been involved in a commercial transaction with us. You may opt-out of our marketing communications at any time by clicking the unsubscribe link at the end of our e-marketing communication. Alternatively, you can let us know by using any of the contact details listed at the top of this notice.

Website visitors and cookies

Website Cookies

For more information about our website cookies, please refer to our Cookies Policy online.

Social Media

When you interact with us on social media platforms such as Facebook or Linkedin, we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms. Please review the privacy notice of those platforms, in addition to this one.

Links to other websites

Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.

Human Resources

Freelancers, job applicants and current and former employees

How and when do we collect information about you?

You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment. In some cases, we will collect data about you from third parties, such as employment agencies or former employers when gathering references.

What types of information is collected about you and who provides it?

We keep several categories of personal data on our employees, freelancers and job applicants in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each individual and we also hold the data within our computer systems, for example, our holiday booking system.

Specifically, depending on your type of engagement with Bridgit, we may process the following types of data:

• a) b) c) d) f) personal details such as name, address, phone numbers
• name and contact details of your next of kin
• your photograph, your gender, marital status
• information of any disability or other medical information you have disclosed
• e) right to work documentation
• information gathered via the recruitment process such as that included in a CV, cover letter or application form, references from former employers, details on your education and employment history etc
• g) h) National Insurance number, bank account details and tax codes
• information relating to your employment with us (e.g job title, job description, salary, terms and condition of the contract, annual leave records, appraisal and performance indication, formal and informal proceedings involving you such as letters of concern and disciplinary, disciplinary and grievance proceedings)
• i) j) k) l) internal and external training modules undertaken
• information on time off from work including sickness absence, family related leave etc
• IT equipment use including telephones and internet access
• your biography and picture for the website

How is the information used?

We are required to use your personal data for various legal and practical purposes for the administration of your contract of employment or your volunteer/trustee agreement, without which we would be unable to employ you. Holding your personal data enables us to meet various administrative tasks, legal obligations or contractual/agreement obligations.

Lawful basis for processing

We mainly use ‘contractual obligation’ as a lawful basis for processing personal data for employees, job applicants and freelancers. We may also have legal obligation in order to process and share your data, for example we need to share salary information to HMRC or use some of your data to enrol a new employee on a pension scheme.

We may rely on our legitimate interest for processing activity such as keeping supervision and appraisal records; using your image, bio and videos/pictures of the organisations’ events where you may appear on our website or marketing/fundraising materials to promote the company.

Some special categories of personal data, such as information about health or medical conditions are processed in order to carry out employment law obligations (such as those in relation to colleagues with disabilities and for health and safety purposes). We may also process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief for the purposes of equal opportunities monitoring.

How long do we keep your data?

We only keep your data for as long as we need it for, which will be at least for the duration of your employment/engagement with us though in some cases we will keep your data for a period of 6 years after your employment/engagement has ended. If you’ve applied for a vacancy but your application hasn’t been successful, we will keep your data only for 12 months.

Some data retention periods are set by the law. Retention periods can vary depending on why we need your data. Please get in touch by contacting us using the details above if you want to know more about the retention period.

Data is destroyed or deleted in a secure manner as soon as the retention date has passed.

Confidentiality - who do we share your data with?

Data in relation to your salary is shared with HMRC as part of our legal obligation. Data may be shared with third parties for the following reasons: for the administration of payroll, pension, HR functions (for example the online holiday booking system), and administering other employee benefits. When sharing information with third parties, we have data sharing, processor agreements or contracts in place to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.