Privacy Notice

Please read this privacy notice carefully, as it describes what personal information Stoneseed Limited (“We”) may hold about you, what it’s used for, and how it’s obtained. You should regularly review this privacy notice, as we may change it from time to time. If we make any significant changes, we will endeavour to send you an email to notify you of such changes, although this may not always be possible. Additionally, we will display a notice on our website to identify the changes being made.

If you have any questions about this privacy notice or do not agree with it, you can email data.protection@stoneseed.co.uk.

This privacy notice does not apply to employees, past or present. A copy of the employee privacy notice can be requested by emailing data.protection@stoneseed.co.uk.

Who are we?

Stoneseed Limited is a professional services company, which employs a wide range of highly experienced, flexible IT professionals, who engage with clients to help advise, manage and deliver their IT projects.

Stoneseed Limited is registered to the following address:

3 Innovate Mews, Lake View Drive,
Sherwood Business Park, Nottingham,
NG15 0EA

You can find out more about us at https://www.stoneseed.co.uk.

What does data protection law say?

Data protection law says that we can only use your personal information if we have a valid reason to do so. We will only keep and use your information if we have one of the following reasons:

To fulfil or negotiate a contract with you
To comply with legal obligations
When it is in our legitimate interest
If you have provided consent

We will only use your information for our legitimate interests when we have an appropriate business reason, and we will tell you what our legitimate interests are.

What information do we collect about you and why?

The information we collect about you depends on who you are, and what your relationship with us is. The information we hold about you may have been provided by you or obtained from a third-party source.

We provide professional services to other businesses, and as such, most of the information we collect relates to individuals in a professional capacity.

The tables below list the personal information we collect, how we collect it, what we use it for, and our reasons for doing so. They are not exhaustive lists, and there may be instances where we need to collect and use your personal information for purposes which are not listed below.

<< SCROLL TABLE >>

Information we collect from our website
When do we collect your information?	What information do we collect?	What do we use it for?	Our reason(s)
When you visit our website.	IP address.	To see which companies are looking at our website.	Legitimate interests – to identify businesses who might be interested in our services.
When you download a brochure or eBook.	Email address.	If you provide a business email address, we will email you yo discuss how our services can help your business.	Legitimate interests – to market our services to businesses.
When you subscribe to our Project Management blog.	Email address.	We will email you blog updates.	Consent. You can unsubscribe at any time.
When you use a form to ask us a question or enquire about our services.	Name, Email address, Phone number, Company.	We will contact you to respond to your question or enquiry.	Legitimate interests – to respond to questions and enquires.

All other information
When do we collect?	How is it collected?	What is it used for?	Our reason(s)
Candidates – contact details, CV and right to work documentation.	When you apply for a Stoneseed job directly, or; When you apply through a recruitment partner, or; When we download your CV from any job boards you have uploaded it to, or; When you are referred to us by someone else.	To recruit permanent and temporary Stoneseed employees.	Legitimate interests – to recruit employees.
Clients – contact details.	We ask our clients to provide us with contact in their organisations.	To contact our clients to discuss and manage our service.	Legitimate interests – so we can contact our clients.
Contractors – contact details, CV and birth certificate or passport details.	When you apply for a Stoneseed contract position directly, or; When you apply through our recruitment partner, Access Talent, or; When we download your CV from any job boards you have uploaded it to, or; When you are referred to us by someone else.	To recruit for contract positions, and to manage active contractors.	Legitimate interests – contractor recruitment and contractor management.
Employees emergency contacts.	We ask all of our employees to nominate emergency contacts, such as relatives or close friends.	If any of our employees have an emergency, we will inform their nominated emergency contacts.	Legitimate interests – to fulfil our duty of care to our employees.
Prospective client contact details.	We identify and collect contact details for prospective clients using public sources, such as professional networking platforms and company websites.	We will contact prospective clients to discuss how our services can help their business.	Legitimate interests – to market our services to businesses.
Supplier contact details.	We ask suppliers to provide us with a contact in their organisation.	To contact suppliers who are working for us or are working for clients on our behalf.	Legitimate interests – so we can contact our suppliers.

Who do we share your personal information with?

We may share your personal information with third-parties for a variety of reasons, depending on who you are, and your relationship with us. Here is a list of some of the third parties that we typically share information with. It is not an exhaustive list, and we may occasionally need to share personal information with other third parties (e.g. if we need to comply with a legal obligation).

Our clients – Offers of employment and contract positions may be subject to client acceptance. In these circumstances, we will provide your personal information, such as your CV to the client, but never without your consent.
Our software and IT service providers – We use several software and IT service providers, such as a cloud-based email marketing service. They store some personal information on our behalf but do not use it for their own purposes.
Our suppliers – If you are a client and have expressed an interest in using any of our suppliers, we will share your contact details with them, so they can contact you about their services.

When do we use automated decision making?

We do not use automated means to make any decisions about you. All of our decisions are made with human involvement.

Do we send your personal information outside of the EEA?

We use IT service providers who have operations outside of the European Economic Area (EEA). For example, we use an email marketing service based in the U.S. As such, some of your personal information may be transferred and stored outside of the EEA.

We have contracts in place with all of our IT service providers, which require them to protect your personal information to the same standards as in the EEA, regardless of where they store it.

How long do we keep your personal information for?

We keep personal information for different lengths of time, depending on what it is, and what we use it for. Here are our retention periods for commonly collected information.

IP addresses – Our website analytics tools store IP addresses of visitors for a maximum of 26 months.
Email addresses obtained via brochure downloads, eBook downloads and question / enquiry forms – We keep your business email address for as long as we believe you may be interested in our services for your business. Should you tell us that you are no longer interested in our services, we will add your email address to our blacklist, to ensure you do not receive further marketing communications from us. Alternatively, you can request we delete your email address altogether.
Email addresses obtained via blog subscriptions – We will keep your email address to send you blog updates until you unsubscribe.
Candidate contact details, CV and right to work documentation – We will keep your details for up to 3 years after your last contact with us, so we can contact you if we have any opportunities for you. If you become an employee, we will keep your data in line with the Employee Privacy Notice, which can be found on the company intranet.
Client contact details – We will retain client contact details for the duration of our engagement, and then for as long as we believe is reasonably necessary, so that we can contact you about previous and future engagements.
Contractor contact details and CV – We will keep your details for as long as we believe is reasonably necessary, so we can contact you to discuss previous, current and future contracts. We may also need to keep some information for up to 6 years for tax purposes.
Employees emergency contacts – If you have been nominated as an emergency contact for one of our employees, we will keep your contact details for as long that employee remains in our employment. If you do not wish to be an emergency contact, you can ask us to delete your contact details.
Prospective client contact details – We will keep your contact details for as long as we believe you may be interested in our services for your business. Should you tell us that you are no longer interested in our services, we will add you to our blacklist, to ensure you do not receive further marketing communications from us. Alternatively, you can request we delete your contact details altogether.
Supplier contact details – We will keep your details for as long as we believe is reasonably necessary, so we can contact you to discuss previous, current and future contracts.

In some circumstances, we may need to keep your information for longer than stated above, such as, to comply with our obligations to the tax authorities, or for evidence in an ongoing legal claim.

What are your rights?

You have several rights with regards to your personal information (listed below). In accordance with data protection law, we will exercise requests within one month, except where the request is considered excessive.

To exercise any of your rights, please submit your request in writing by emailing data.protection@stoneseed.co.uk.

Access to your personal information – You can request a copy of your personal information.

Change or correct your personal information – If you believe the information we hold is incorrect or incomplete, you can request we change it.

Request we stop using your personal information – If you do not believe we are using your personal information fairly or lawfully, you can ask us to delete, or stop using your personal information.

In some circumstances we may not be able to delete your personal information (e.g. if it’s needed to comply with a legal obligation). If we cannot delete your personal information, we will tell you why.

Request we restrict the use of your personal information – You can ask us to restrict the use of your personal information for the following reasons:

You contest the accuracy of your personal information.
You believe your personal information has been unlawfully processed, but you don’t want us to delete your personal information.
We no longer need your personal information, but you need us to keep it so you can establish, exercise or defend a legal claim.

Whilst use of your personal information is restricted, we will not use it for any other purpose.

Withdraw consent – If you have provided consent for any activities involving your personal information, you can withdraw consent at any time.

How to complain?

If you believe we have used your personal information irresponsibly or unlawfully, you can email data.protection@stoneseed.co.uk. Should you wish to make a complaint to the Information Commissioners Office (ICO), you can do so by visiting https://ico.org.uk/concerns/.