1.1. Sonovate is a group of companies working under the parent company of Sonovate Limited, a private limited company incorporated in England and Wales, with company number 07500445, with a registered office address at 4th Floor Golate House, 101 St. Mary Street, Cardiff, Wales, CF10 1DX (“We”)
1.2. This website www.sonovate.com and https://members.sonovate.com/, https://timesheets.sonovate.com/, https://app.sonovate.com/, and/or https://capital.sonovate.com/ (together, the “Site”) are operated by Sonovate Limited.
1.3. We are committed to protecting and respecting the privacy of anyone using the Site.
1.4. “you” or “your” means the person, firm, company or organisation that contracts with us for services or is browsing or using our site, whether as a guest or a registered user, employee or applicant.
1.6. In certain circumstances (see below) you will be asked to indicate your consent to the processing of your information as set out in this Policy when you first submit such Information through our Site or our Portal.
1.7. We may update this Policy from time to time in accordance with clause 2.6 below. This Policy was last updated on 12/06/2023.
1.8. We, as Data Controller, can be contacted via our Data Protection Officer via email on [email protected].
2. Data Protection
2.1. References in this Policy to:
“Privacy and Data Protection Requirements” means: the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation 2016/679 (“GDPR” and “UK GDPR”); the Regulation of Investigatory Powers Act 2000; the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699); the Electronic Communications Data Protection Directive (2002/58/EC); the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003); and all applicable laws and regulations which may be in force from time to time relating to the processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction; and
“Personal Data”, “Data Controller” and “Data Processor” and “processing” shall have the meanings given to them in the DPA or, from 25 May 2018, the GDPR and UK GDPR.
2.2. We provide services to recruitment agencies and recruitment consultants (our Customers). Where our Customers are engaged to find work placements for individuals, we refer to these individuals as “End Users” for the purposes of this Policy.
2.3. For the purposes of applicable Privacy and Data Protection Requirements, and unless otherwise expressly set out in this Policy, We are Data Controller in respect of the personal data we collect about our Customers and our Employees and therefore we are responsible for, and control the processing of, such personal data in accordance with applicable Privacy and Data Protection Requirements.
2.4. Please note that if you are an End-User of one of our Customers then any information which we collect or handle in such circumstances is done by us as a Data Processor on behalf of our Customer, who is the Data Controller and who controls the collection and use of the information. End-Users should direct privacy-related queries to the recruitment entity (i.e. our Customer) providing their service. We are not responsible for the privacy practices of our Customers. In certain circumstances, where we are providing payment services for our Customer, we may become Data Controller of some of your information, please see references to “End-User Information” where this is the case.
2.5. We keep this Policy under regular review and may change it from time to time. If we change this Policy we will post the changes on this page, and place notices on other pages of the Site as applicable, so that you may be aware of the information we collect and how we use it at all times. You are responsible for ensuring that you are aware of the most recent version this Policy as it will apply each time you access the Site.
3. Information we may collect from you
3.1. When using our Site or otherwise when we provide our Customers with services, we may collect and process personal data from you such as (“Information”):
3.1.1. personal information including first and last name, address and date of birth;
3.1.2. contact details including work email, primary e-mail address and/or primary telephone number);
3.1.3. information to enable us to undertake searches for the purposes of fraud prevention and anti-money laundering;
3.1.4. information obtained through our correspondence and in respect of any responses to questions or assessments we carry out or information you volunteer to us (including that of End-Users and your customers);
3.1.5. technical information including IP address, operating system, browser type and related information regarding the device you used to visit the Site, the length of your visit and your interactions with the Site;
3.1.6. information that you provide by filling in forms on our Site. This includes information provided at the time of registering to use our Site, subscribing to our recruitment services, posting information or requesting further services.
3.1.7. information obtained by you entering a competition or promotion sponsored by us;
3.1.8. information obtained during the completion of our surveys (these surveys are used for research purposes, and you are not obliged to take part in or respond to them);
3.1.9. if you contact us, a record of that correspondence (such as telephone conversations and emails) for the purposes of provision of services, quality assurance, training, fraud prevention and compliance purposes.
3.2. When End-Users complete information by filling in forms on our Site, we may collect and process information such as (“End-User Information”):
3.2.1. Name, address, date of birth, PAYE information and bank details for payment.
3.4. Occasionally we may receive information about you from other sources, for example, any services you connect with through the Site, or from any third-party websites and applications that integrate or communicate with our Site in relation to you. If so, we will add this information to the Information we already hold about you in order to help us carry out the activities listed below.
3.5. As an Applicant to Sonovate (whether or not you are eventually employed or engaged by the Company) we may collect, store, and use the following categories of personal information about you up to and including the shortlisting stage of the recruitment process:
3.5.1. Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
3.5.2. Details of your qualifications, experience, employment history (including job titles, salary and working hours) and interests;
3.5.3. Date of birth;
3.5.4. *Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs collected from you in a completed anonymised equal opportunities monitoring form;
3.5.5. Details of your referees.
3.6. We may collect the following information after the shortlisting stage, and before making a final decision to recruit:
3.6.1. Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers.
3.6.2. Information regarding your academic and professional qualifications.
3.6.3. *Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information.
*We collect the information marked with an asterisk (*) to comply with our legal obligations, and enable us to carry out required statutory checks, such as verifying your right to work and suitability for the position.
4. How long we keep your Information
4.1. We will keep your Information, for the periods set out below and use your Information in accordance with clause 5:
4.1.1. 12 months where the legal basis is for the processing which is necessary for the performance of the contract between us
4.1.2. 12 months where the legal basis is the legitimate interests we pursue, unless our interest in the processing is overridden by the resulting risk to your rights and freedoms, in which case it will be deleted sooner
4.1.3. 12 months or until consent is withdrawn (whichever is sooner), where the legal basis is consent
4.2. We will keep End-User Information, for the periods set out below and use End-User Information in accordance with clause 5:
4.2.1. 12 months where the legal basis is the legitimate interests we pursue, unless our interest in the processing is overridden by the resulting risk to your rights and freedoms, in which case it will be deleted sooner
4.3. If required we will be entitled to hold Information and/or End-User Information (if applicable) for longer periods in order to comply with our legal or regulatory obligations, for example, by HMRC. Please see clause 8.9 for information on how long information may be retained by fraud prevention agencies.
5. Legal basis for processing your information
5.1. From 25 May 2018, under applicable Privacy and Data Protection Requirements we may only process your information if we have a “legal basis” (i.e. a legally permitted reason) for doing so. For the purposes of this Policy, our legal basis for processing your Information is set out below
Why we process your information and the legal basis
to carry out our recruitment services and any other obligations arising from any contracts entered into between you and us, such as disclosing personal data to third parties such as prospective employers, clients and third-party service providers.
because the processing is necessary for the performance of a contract you have entered into with us (i.e. your contract with us as set out in this Policy and our Site terms and conditions), or for taking any preliminary steps that are required before you can enter into such a contract (provided we only do this at your request).
- to ensure that content from our Site is presented in the most effective manner for you and for your computer or device
- to operate, administer, maintain, provide, analyse and improve the Site and the services available through the Site
- to investigate and address any comments, queries or complaints made by you regarding the Site, and any similar or related comments, queries or complaints from other users
- to allow you to participate in interactive features of our service, including inputting information and providing feedback, when you choose to do so
- to notify you about changes to our service and our Site
This processing is necessary for the legitimate interests we pursue, subject to you raising an objection under clause 14, requiring us to check that our interest in the processing is not overridden by the resulting risk to your rights and freedoms.
to contact you for marketing purposes (see ‘Marketing and opting out’ clause below)
we send out marketing communications based on our legitimate interests of providing professional services and keeping people informed about the services we offer.
The method of communication may vary as set out below:
we may send you information via post or, if you are dealing with us on behalf of a limited company or LLP, to your corporate email address;
we will only contact you via your personal email address, if:
you have given your consent (see ‘Marketing and opting out’ below)
you have previously bought goods and services from us and we are contacting you to let you know about similar goods and services that we offer (see ‘Marketing and opting out’ below)
You have the right at any time to let us know that you no longer wish to receive marketing communications from us.
Where required by (but not limited to) any request or order from law enforcement agencies and/or HMRC in connection with any investigation to help prevent unlawful activity
This processing is necessary in order for us to comply with our legal obligations, including obligations relation to the protection of your personal information.
6. Your consent to processing
6.1. As noted above, you will be required to give consent to certain processing activities before we can process your Information as set out in this Policy. Where applicable, we will seek this consent from you when you first submit information to or through the Site.
6.2. If you have previously given consent you may freely withdraw such consent at any time. You can do this through your account on the Site or by notifying us in writing (see paragraph ‘Contact’ below).
6.3. If you withdraw your consent, and if we do not have another legal basis for processing your information (see tables above), then we will stop processing your Information. If we do have another legal basis for processing your Information, then we may continue to do so subject to your legal rights (for which see paragraph ‘Your rights’ below).
6.4. Please note that if we need to process your Information in order to operate the Site and/or provide our services, and you object or do not consent to us processing your Information, the Site and/or those services may not be available to you.
7. Marketing and opting out
7.1. Where you are dealing with us on behalf of a limited company or LLP, for business purposes, then we may contact you by email to your corporate email address about similar or related products that we offer. If you prefer not to receive any direct marketing communications from us, or you no longer wish to receive them, you can opt out at any time.
7.2. Where you have previously ordered products or services from us we may contact you by telephone or email and post about similar or related products, services, promotions and special offers that may be of interest to you. We will inform you (during the sale process) if we intend to use your data for such purposes and give you the opportunity to opt-out of receiving such information from us. In addition, and if you have given permission, we may also contact you by telephone or email about our other products, services, promotions and special offers that may be of interest to you. We will inform you (before collecting your data) and seek your permission if we intend to use your data for such additional marketing purposes. If you prefer not to receive any direct marketing communications from us, or you no longer wish to receive them, you can opt out at any time (see below).
7.3. If you have given permission, we may contact you by mail, telephone and email to provide information about products, services, promotions, special offers and other information we think may be of interest to you from carefully selected third parties. We will inform you (before collecting your data) if we intend to use your data for such purposes. If you would rather not receive such third-party marketing information from us, or you no longer wish to receive it, you can opt out at any time (see below).
7.4. If you have given permission, we may share your personal data with carefully selected third party organisations and business partners and they may contact you directly (unless you have asked them not to do so) by mail, telephone and email about products, services, promotions and special offers that may be of interest to you. We will inform you (before collecting your data) and seek your permission if we intend to disclose your data to third parties for such purposes. If you prefer not to receive direct marketing communications from our business partners, or you no longer wish to receive them, you can opt out at any time (see below).
7.5. You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to [email protected] or contact the relevant third party using their given contact details, giving us or them enough information to identify you and deal with your request. Alternatively, you can follow the unsubscribe instructions in emails you receive from us or them.
8. Disclosure of your information
8.1. We may disclose personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
8.2. We may only disclose personal information to third parties:
8.2.1. including any prospective buyer or seller (and their representatives) in the event that we sell or buy any business or assets;
8.2.2. if our business or substantially all of its assets are acquired by a third party, in which case personal data held by us about our clients and customers will be one of the transferred assets;
8.2.3. to our business partners, service providers or third-party contractors to enable them to undertake services for us and/or on our behalf (and we will ensure they have appropriate measures in place to protect your information);
8.2.5. to other third parties if you have specifically consented to us doing so.
8.3. We may disclose aggregated, anonymous information (i.e. information from which you cannot be personally identified), or insights based on such anonymous information, to selected third parties, including (without limitation) analytics and search engine providers to assist us in the improvement and optimisation of the Site. In such circumstances we do not disclose any information which can identify you personally.
Fraud Prevention and Anti-Money Laundering
8.4. Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
8.5. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
8.6. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address.
8.7. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
8.8. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
8.9. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Consequences of Processing
8.10. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
8.11. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Credit Reference Agencies (CRAs)
8.12. We carry out credit and identity checks when You apply for a product or service and from time to time as you use our service. We may use CRAs to help us do this.
8.13. We will share your personal information with CRAs and they give us information about you. The data we exchange can include: name, address, date of birth, fraud prevention information, public information and financial history.
8.14. We will use this data to: validate the information you have provided to us, assess whether You can afford any potential repayments, detect and provent financial crime and trace or recover debts
8.15. You can find out more about the CRAs on their websites, in the Credit Reference Agency Information Notice. This includes details about: who they are, their role as fraud prevention agencies, the data they hold and how they use it, how they share personal information and how long they can keep data for.
Here are links to the information notice for each of the three main Credit Reference Agencies:
- Equifax <https://www.equifax.co.uk/crain>
- Experian <https://www.experian.co.uk/legal/crain/>
- TransUnion <https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference>
9.1. We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer, and similar tracking technologies. Cookies contain information that is transferred to your computer’s hard drive.
10. Keeping your information secure
10.1. The transmission of information via the internet is not completely secure. Although we will use all reasonable endeavours to protect personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
10.2. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We may monitor and record communications with you (such as telephone conversations and emails) for the purposes of provision of services, quality assurance, training, fraud prevention and compliance purposes. Any information that we receive through such monitoring and communication will be added to the information we already hold about you and may also be used for the purposes listed in clause 5 above.
12. Overseas transfers
12.1. From time to time we may need to transfer your personal information to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (“EEA”). Non-EEA countries that we may need to transfer your personal information to include the United States of America, because we are based there.
12.2. Such countries may not have similar protections in place regarding protection and use of your data as those set out in this Policy. Therefore, if we do transfer your personal information to countries outside the EEA we will take reasonable steps in accordance with applicable Privacy and Data Protection Requirements to ensure adequate protections are in place to ensure the security of your personal information.
12.3. Whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
12.4. By submitting your information to us in accordance with this Policy you consent to these transfers for the purposes specified in this Policy.
13. Information about other individuals
If you give us information on behalf of a third party, you confirm that the third party has appointed you to act on his/her/their behalf and has agreed that you can give consent on his/her/their behalf to the processing of his/her/their information, receive on his/her/their behalf any data protection notices, and give consent to the transfer of his/her/their information abroad (if applicable).
14. Your rights
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
14.1. If you are an individual, this paragraph sets out your legal rights in respect of any of your personal data that we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us (using our contact details in clause 1.6) giving us enough information to identify you and respond to your request.
14.2. Your right of Access: You have the right to request information about personal data that we may hold and/or process about you, including whether or not we are holding and/or processing your personal data, the extent of the personal data we are holding, and the purposes and extent of the processing.
14.3. Your right to Rectification: You have the right to have any inaccurate information we hold about you be corrected and/or updated. If any of the information that you have provided changes, or if you become aware of any inaccuracies in such information, please let us know in writing giving us enough information deal with the change or correction.
14.4. Your right to Erasure: You have the right in certain circumstances to request that we delete all personal data we hold about you (the ‘right of erasure’). Please note that this right of erasure is not available in all circumstances, for example where we need to retain the personal data for legal compliance purposes. If this is the case, we will let you know.
14.5. Your right to Restriction of Processing: You have the right in certain circumstances to request that we restrict the processing of your personal data, for example where the personal data is inaccurate or where you have objected to the processing.
14.6. Your right to Data Portability: You have the right to request a copy of the personal data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different data controller (the ‘right to data portability’). Please note that the right to data portability is only available in some circumstances, for example where the processing is carried out by automated means. If you request the right to data portability and it is not available to you, we will let you know.
14.7. Your right to Object to Processing: You have the right in certain circumstances to object to the processing of your personal data. If so, we shall stop processing your personal data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests. If, as a result of your circumstances, you do not have the right to object to such processing then we will let you know.
14.8. Your right to Restriction of Processing: You have the right in certain circumstances not to be subject to a decision based solely on automated processing, for example where a computer algorithm (rather than a person) makes decisions which affect your contractual rights. Please note that this right is not available in all circumstances. If you request this right and it is not available to you, we will let you know.
14.9. You have the right to object to direct marketing, for which see paragraph ‘Marketing and opting out’ above.
14.10. For more information or to exercise your data protection rights, please contact us using the contact details below.
14.11. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data (for more information please see below).
If you have any concerns about how we collect or process your information then you have the right to lodge a complaint with a supervisory authority, which for the UK is the UK Information Commissioner’s Office (“ICO”). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/.
16. Links to other websites
Our Site may contain links to other websites. This Policy only applies to our Site. If you access links to other websites any information you provide to them will be subject to the privacy policies of those other websites.
This Policy aims to provide you with all relevant details about how we process your information in a concise, transparent, intelligible and easily accessible form, using clear and plain language. If you have any difficulty in reading or understanding this Policy, or if you would like this Policy in another format (for example audio, large print or braille), please get in touch with us.