YTKO Group is committed to ensuring that your privacy is protected and our company is registered on the Data Protection Public Register of the Information Commissioner’s Office (ICO). Should we ask you to provide certain information by which you can be identified when using this website or via our support services contractual terms, then you can be assured that it will only be used in accordance with this privacy statement.
YTKO Group may change this policy from time to time by updating this page. This policy is effective from May 2018.
What we collect
We may collect some or all of the following information, depending on which of our services you use:
- name, company name and job title
- contact information including email address and telephone number
- demographic information such as postcode, city and areas of interest
- personal information such as education, disability, ethnicity, skills, experience
- other information relevant to customer surveys and/or offers.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping for candidate assessment, recruitment, staff HR and payroll
- Business Support Project reporting and supply of selected data to the Ministry of Housing, Communities and Local Government (MHCLG) (who manage European funds on behalf of the UK, see “ERDF funded projects” below) and our Contract Lead Accountable Partner (if applicable).
- If you have consented for us to do so, we may periodically send you an e-newsletter from the designated project/service or YTKO Group with new or complementary YTKO Group products, special offers or other information which we think you may find interesting using the email address which you have provided. We can remove this email address at any time on request.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
- We use a number of carefully chosen companies who could also have a copy of some of your data:
- Backblaze (for backups)
- Basecamp (for project management)
- Daylite (for data hosting)
- DigitalOcean (for backups)
- Eventbrite (for event registration)
- Formsite (for online forms)
- Google (for email & documents)
- Instiller (for email newsletters)
- MailChimp (for email)
- Tractivity (for client recording)
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online or via our paper forms. We also regularly train and update our staff around the required provisions of GDPR regulation. The US companies we use are all covered by Privacy Shield.
We are obliged to retain your personal data for the duration of all of our EU/government funded business support service contracts and for longer for auditing and compliance purposes.
Using our websites
Our websites collect the following (non-identifying) information (via Google Analytics):
- the internet domain and IP addresses from which you access the website
- the type of browser (for example Internet Explorer or Firefox)
- the operating system you use (for example, Windows, Macintosh)
- the date and time of your visit
- the pages you access
which will also set some cookies:
If there is a YouTube video embedded on any of the pages, that too will set cookies:
The Information Commissioner’s Office has information about disabling cookies and/or opting-out of Google Analytics.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
ERDF funded projects:
The EU Common Provisions Regulations (CPR), and Article 6 of the European Regional Development Fund (ERDF) Regulation require the Ministry for Housing Communities and Local Government (MHCLG), as the managing authority for the programme, to monitor and evaluate ERDF-funded activities. In order to conduct monitoring and evaluation (including the summative assessment) and to ensure compliance, the collection of personal data is required.
Who is the data controller for ERDF personal data?
The MHCLG ERDF Managing Authority is the controller for all personal data required to help deliver the ERDF programme under the terms of its ERDF Funding Agreement.
The MHCLG ERDF Managing Authority will be processing personal data in the ERDF programme according to the following lawful basis:
Article 6(1)(e) of the EU General Data Protection Regulation (GDPR):
‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
The lawful basis for controlling or processing `special category’ data under ERDF is:
Article 9(2)(g) GDPR
“processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;”
What personal data will be collected?
Depending on the nature of activities of the ERDF-funded project and the indicators listed under each activity, the following information for each direct or indirect beneficiary where these are individuals may be collected:
Name of contact point within a business (in some cases property owner) engaged with or individual engaged with:
- phone number
- email address
- labour market status prior to receiving support and 6 months after receiving support
- duration of support
- intensity of support
- pay details
MHCLG may collect special category data on ethnicity and disability.
Who will my personal data be shared with and how will it be used?
Your details will be stored securely and retained in compliance with GDPR and the new Data Protection Act. This information will be used to evaluate this project and to report to the European Regional Development Fund for monitoring and evaluation purposes.
Your details will be used to support the ERDF programme research and evaluation activities. MHCLG will need to share all or some of your personal data with the national evaluator of the ERDF programme. In some cases, the national evaluator, i.e. independent external contractors commissioned by MHCLG, may use the contact details to contact a sample of direct or indirect beneficiaries for the purpose of the National Evaluation of the programme. It is likely that the survey methodology will need to incorporate a variety of approaches in order to maximise the survey response rate (for example, telephone survey, written survey, and e-mail survey) – hence the need for a variety of contact details required for each participant. MHCLG may also need to share with other government departments and the European Commission where this is necessary to test the robustness of the data gathered or to inform the National Evaluation.
MHCLG will not give any personal data to any other organisation unless needed for the purpose of the evaluation and will instruct them not to use it to contact individuals for any reasons not connected with the purpose of the National Evaluation of the ERDF programme 2014-2020 or other matters directly relating to the evaluation. If MHCLG has to pass on the data, it will only provide what is needed, and if possible will remove the details that might identify individuals personally. MHCLG will not transfer personal data outside the European Union, to third countries or international organisations.
MHCLG will not keep your personal data for longer than it needs but as a minimum, will retain data for two years after the closure of the 2014-2020 ERDF programme in line with the European Regional Development Fund document retention guidance to ensure MHCLG meets reporting obligations and to demonstrate compliance with EU Requirements.
What are individual’s rights?
ERDF participants cannot claim the following rights in terms of ERDF personal data:
- right to erasure (“right to be forgotten”)
- right to portability of their data
- The data collected is your personal data, and you have the right, subject to lawful data requirements:
- to see what data we have about you
- to ask us to stop using your data
- to ask us to delete your data, or to correct your data if there is no longer a justification to process it
- to lodge a complaint with the Independent Information Commissioner (ICO) if you think we are not handling your data fairly or in accordance with the law
Automated decision making
Your personal data will not be subjected to automated decision making.
The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
Telephone: 0303 123 1113
If you would like further information about the programme and your personal information please contact the ERDF Programme at: email@example.com
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
- Whenever you are asked to fill in a paper or electronic form, please check the provisions of the consent wording to ensure that you are happy with how your personal information will be used.
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing us at firstname.lastname@example.org or directly to any of the designated project teams.
- Alternatively, please write to us at YTKO Ltd, 150 Minories, London, EC3N 1LS.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you give us consent that you are happy for this to happen.
You may request details of personal information which we hold about you (a GDPR “Subject Access Request”) or ask us to delete it (a GDPR “Request for erasure”). If either case, please contact one of the designated project teams or email email@example.com
If you believe that your information we are holding is incorrect or incomplete, let us know (a GDPR “Request for rectification”) at the above addresses or to any of the designated project teams. We will promptly correct any information found to be incorrect.