PRIVACY POLICY
How we use your information
This privacy policy explains to you what to expect when PSD2.co.uk collects personal information. It applies to information we collect about:
· Visitors to our website;
· Freedom of Information requests;
· People who use our services, for example for KYC remediation or regulatory compliance services in relation to financial crime prevention;
· Job applicant, current and former employees.
Visitors to our websites
When someone visits PSD2.co.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various pages on our website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Use of cookies by PSD2.co.uk
Our website uses cookies.
We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website. / By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
About cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.
Our cookies
We use session cookies and persistent cookies on our website.
The names of the cookies that we use on our website, and the purposes for which they are used, are set out below:
we use session cookies on our website to recognise a computer when a user visits the website / track users as they navigate the website / enable the use of a shopping cart on the website / improve the website's usability / analyse the use of the website / administer the website / prevent fraud and improve the security of the website / personalise the website for each user / target advertisements which may be of particular interest to specific users / marketing purposes;
we use persistent cookies on our website to recognise a computer when a user visits the website / track users as they navigate the website / enable the use of a shopping cart on the website / improve the website's usability / analyse the use of the website / administer the website / prevent fraud and improve the security of the website / personalise the website for each user / target advertisements which may be of particular interest to specific users / marketing purposes;
Analytics cookies
We use Google Analytics to analyse the use of our website.
Our analytics service provider generates statistical and other information about website use by means of cookies.
The analytics cookies used by our website have the following names: [_utma, _utmb, _utmc and _utmz].
The information generated relating to our website is used to create reports about the use of our website.
Our analytics service provider's privacy policy is available at:
http://www.google.com/policies/privacy/
Third party cookies
Our website also uses third party cookies.
We publish Google AdSense advertisements on our website. To determine your interests, Google will track your behaviour on our website and on other websites across the web using the DoubleClick cookie. This behaviour tracking allows Google to tailor the advertisements you see on other websites to reflect your interests (we do not publish interest-based advertisements on this website). You can view, delete or add interest categories associated with your browser by visiting: http://www.google.com/settings/ads/.
You can also opt out of the AdSense partner network cookie using those settings or using the NAI's (Network Advertising Initiative's) multi-cookie opt-out mechanism at: http://www.networkadvertising.org/choices/.
However, these opt-out mechanisms themselves use cookies, and if you clear the cookies from your browser your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-in available at: https://www.google.com/settings/ads/plugin.
Details of [other] third party cookies used by our website are set out below:
Godaddy.com
Blocking cookies
Most browsers allow you to refuse to accept cookies; for example:
in Internet Explorer you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
In Firefox you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
In Chrome, you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
Deleting cookies
You can delete cookies already stored on your computer; for example:
in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);
In Firefox, you can delete cookies by clicking "Tools", "Options" and "Privacy", then selecting "Use custom settings for history" from the drop-down menu, clicking "Show Cookies", and then clicking "Remove All Cookies"; and
In Chrome, you can delete all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Clear browsing data", and then selecting "Cookies and other site and plug-in data" before clicking "Clear browsing data".
Deleting cookies will have a negative impact on the usability of many websites.
Search engine
Our website search and decision notice search are powered by godaddy.com. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either PSD2.CO.UK or any third party.
For details of godaddy.com Privacy Policy, please follow the link below:
https://www.godaddy.com/en-uk/legal/agreements/privacy-policy
Security and performance
PSD2.co.uk uses a third-party service to help maintain the security and performance of its website. To deliver this service it processes the IP addresses of visitors to the PSD2.co.uk website.
Social media contacts
We will not ask you to contact us using Social Media; whilst we appreciate its importance in today’s marketing activities, we do not believe in your information, requests, queries having to be processed by an undetermined number of third parties, across several jurisdictions, so we can be contacted or just answer your queries. We contact our clients or third parties via email or telephone only.
People who call our office
When you call PSD2.co.uk we do not need other information other than what is essential to identify you and ensure we are able to help client’s queries.
People who email us
We use godaddy webmail Security to encrypt and protect email traffic. If your email service does not support encrypted email, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
LiveChat service
We do not use live chat services; we are dedicated in performing one to one consultation, so please refer to the “People who call our office”.
People who make a request to us and Data Subject Access Requests (DSAR).
When we receive requests or a DSAR from a person we make up a file containing the details of the request. This normally contains the identity of the requestor and any other individuals involved.
We will only use the personal information we collect to process the request and to check on the level of service we provide.
We will keep personal information contained in files in line with our retention policy. This means that information relating to a request will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries or DSARs are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
People who use PSD2.CO.UK services
PSD2.CO.UK offers various services to the public. We use a third party to provide KYC and financial crime remediation services, provided by reputable third parties such as Sanctions Search and GBG.
For details of their respective Privacy Policies, please refer to the following links below:
Sanctions Search: https://www.sanctionssearch.com/home/privacypolicy
GBG: https://www.gbgplc.com/privacy-policy/
We have to hold the details of the people who have requested the service in order to provide it, along with the personal data of the individuals who are being subjected to financial crime and/or KYC remediation services/checks. We only use these details to provide the service the person has requested.
Service providers reporting a breach
Public electronic communications service providers are required by law to report any security breaches involving personal data to the ICO. We will advise if our providers GBG and Sanctions Search, godaddy, and other service providers who we may engage report a data breach.
Job applicants, current and former PSD2.CO.UK employees
PSD2.CO.UK is the data controller for the information you provide during the process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at compliance@psd2.co.uk
What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You do not have to provide what we ask for, but it might affect your application if you do not.
Application stage
If you email us, your data will be collected directly by us via our email provider godaddy.com.
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our HR team will have access to all of this information.
You will also be asked to provide equal opportunities information. This is not mandatory information – if you do not provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.
Shortlisting
Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.
Conditional offer
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
· Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
· Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
· You will be asked to complete a criminal records declaration to declare any unspent convictions.
· We will contact your referees, using the details you provide in your application, directly to obtain references
· We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work. This is done through a data processor (please see below).
If we make a final offer, we will also ask you for the following:
· Bank details – to process salary payments
· Emergency contact details – so we know who to contact in case you have an emergency at work
· Membership of a Pension scheme – so we can send you a questionnaire to determine whether you will join our previous scheme.
Post start date
Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest. If you complete a declaration, the information will be held on your personnel file.
Use of data processors
Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
How long is the information retained for?
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
Equal opportunities information is retained for 6 months following the closure of the campaign whether you are successful or not.
How we make decisions about recruitment?
Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account.
You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing compliance@psd2.co.uk
Your rights
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here:
https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Complaints or queries
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of PSD2.CO.UK’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact us at compliance@psd2.co.uk
Access to personal information
PSD2.CO.UK tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
· Provide you with a description of it;
· Tell you why we are holding it;
· Tell you who it could be disclosed to; and
· Let you have a copy of the information in an intelligible form.
To make a request to the PSD2.CO.UK for any personal information we may hold you need to put the request in writing addressing compliance@psd2.co.uk
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes if applicable.
Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However, when we investigate issues or situations in line with Financial Crime Acts we may need to share personal information with the organisation concerned and with other law enforcement bodies.
You can also get further information on:
· Circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
· Our instructions to staff on how to collect, use and delete personal data; and
· How we check that the information we hold is accurate and up to date.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on January 2nd 2023.
How to contact us
If you want to request information about our privacy policy you can email us at compliance@psd2.co.uk or complete your request on our Contact us page.
Copyright © 2023 PSD2 - All Rights Reserved.