We take data protection seriously.
This privacy notice explains what personal data we may collect about you, why we collect it and how we may use it, and what rights you have in respect of your personal data.
We are a data controller in respect of your personal data. This means that we make decisions about how to use your personal data for our business, and we are legally responsible for those decisions.
We operate through other companies within our group, BDZ Investments Limited and BDZ Holdings Limited (collectively, “BDZ Group”), who may also become data controllers in respect of your personal data. The BDZ Group provides us with payroll and human resource services; accounting, legal and IT support; funding and payment services and electronic data storage.
This privacy notice also applies to the BDZ Group.
We’ll only use your personal data in accordance with the General Data Protection Regulation (GDPR), Data Protection Act 2018 (“DPA 2018”) and other applicable laws. We’ll obtain your consent to our use of your personal data where it’s necessary or appropriate.
Personal data is information that can be used to identify you, such as your name, telephone number and email address.
We may collect your personal data from the following sources:
We collect and use personal data about:
The types of personal data that we may (depending on the circumstances) collect and use includes:
We may also collect and use special category data.
Special category data also includes information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life, or sexual orientation. We will process any special category data only where necessary, and in accordance with the GDPR and DPA 2018.
For example, if you apply for employment with us, we may process information about any offences or alleged offences you’ve committed.
By way of further example, we may handle information about your health in an employment context when undertaking health & safety risk assessments.
We may collect and use your personal data to:
We may also notify you of additional ways in which we use your personal data.
We may collect and use personal data for our legitimate interests, such as:
We collect and use personal data as part of our employment application procedure.
If we conclude an employment contract with you, we’ll comply with all legal requirements regarding the use of your personal data during your employment with us.
If you apply for employment with us and we do not employ you for whatever reason, we’ll securely delete your personal information within two months, unless we have a legitimate interest in retaining your personal data (in which case, we’ll securely delete your personal data as soon as we cease to have a legitimate interest in retaining it).
There are six legal bases on which we may be entitled to collect and use your personal data, which means that your express consent is not always required.
For example, the law allows us to collect and use personal data to perform contracts, or where this is necessary for our legitimate interests – provided our use of the personal data is fair and balanced.
We’ll obtain your consent to our use of your personal data where this is necessary or appropriate, including where this is required for direct marketing purposes.
Where you provide us with your consent, you can withdraw this at any time by contacting us on 01635 517517. Alternatively, you can email us at firstname.lastname@example.org or write to us at Boomerang Creative Limited, University House, Oxford Square, Newbury, Berkshire, RG14 1JQ.
We will never sell your personal data.
To provide our goods and services, we may need to share your personal data to the minimum extent necessary with our suppliers and service partners, such as
We may also need to share your personal data with other organisations, such as:
Where it’s necessary for us to share your personal data with anybody else, we’ll comply with all laws, including the GDPR and DPA 2018. Amongst other things:
Cookies are small pieces of computer code that may be stored on your computer, mobile or other device when you visit our website. Cookies do not give access to the rest of your computer.
The main types of cookie are as follows:
purpose: Improves performance and functionality of websites, or collects information to improve the performance and functionality of websites. For example, information may be collected about the number of site users, the traffic sources, which website pages are the most and least popular, and how visitors move around the website.
capable of being turned off: yes
Cookies may also be session cookies that expire when you close your browser, or persistent cookies that remain on your computer until you remove them. Persistent cookies enable websites to remember you and your preferences.
Our website may use necessary, performance and functional cookies. Where we use performance cookies, all information is aggregated and therefore anonymous.
However, if you do not agree to, restrict or delete cookies, this may have a negative impact on the functionality of, and availability of features on, our website.
If we use Google Analytics, anonymised information about your use of our website may be sent to Google and stored on servers outside of the EEA. We would not provide Google with any of your personal data.
Google would then use this information to help us to analyse and improve our website, including providing us with reports.
Google may also be required to transfer the information to third parties where required to do so by law, or where third parties provide services on Google’s behalf.
We’ll only provide information to Google in accordance with Google’s policies, the GDPR and DPA 2018. Google is also required to comply with the GDPR and DPA 2018.
We have implemented technical and organisational measures to ensure our retention and use of personal data remains secure. However, the transmission of information via the internet is not completely secure and cannot be guaranteed.
If you have a particular concern about a method of data retention or transfer, we’ll take reasonable steps to provide an alternative method.
To deliver our services to you, it may sometimes be necessary for us to transfer personal data outside of the European Economic Area (e.g. if you or our service partners are located outside of the EEA). All transfers will be made in compliance with the GDPR, the DPA 2018 and in accordance with the country-specific legislation.
We verify personal data periodically to ensure that it’s kept up-to-date.
We’ll only retain personal data for as long as it’s necessary for us to retain it. When it’s no longer necessary for us to retain your personal data, we’ll securely delete it.
Generally, we’ll retain personal data for the statutory retention and/or limitation period which is
relevant to the personal data. This is usually 6 years.
The GDPR and DPA 2018 provides you with the following rights:
We may ask you for proof of your identity and address to ensure that we are authorised to disclose information to you.
This privacy notice shall be governed by and interpreted in accordance with the law of England and Wales. All disputes arising under this notice shall be subject to the exclusive jurisdiction of the English courts.
We may make changes to this notice to reflect changes in the law or our privacy practice. Any changes we may will be posted on our website and, where appropriate, notified to you in writing (e.g. by email).
If you have any questions about this privacy notice, please contact us on 01635 517517. Alternatively, you can email us at email@example.com or write to us at Boomerang Creative Limited, University House, Oxford Square, Newbury, Berkshire, RG14 1JQ.