Itad takes your privacy seriously. We are bound by and use your personal data in accordance with the Data Protection Act 2018 (the “DPA”) and the General Data Protection Regulation 2016/679 of April 27th 2016 (the “GDPR”).
We want to inform you as much as possible, respect you and give you control over what happens to your personal data and what you share with us.
Our Privacy Notice is designed to make you aware of what data we are collecting as you browse the website or contact us, how we process that data and why we collect it.
Please take time to read through our Privacy and Cookies Notice (www.itad.com/cookies/) to understand your rights and do not hesitate to contact us for further clarifications.
1. Our contact details
Name: Itad Ltd (“Itad”, “we”, “our”, “us”)
Registered Address: Preece House, Davigdor Road, Hove, BN3 1RE, UK
Company Number: 01869600
Phone Number: +44 (0)1273 765250
Data Protection Officer e-mail: Lou.Howard@itad.com
2. What personal data do we collect and how?
2.1 What personal data do we collect?
We currently collect and process the following information:
- Identity data (for example, name, surname, job title, place of work, nationality, date of birth and age)
- Contact data (e-mail address, residence address, telephone number and business contact details)
- Qualification data (for example details of achievements, qualifications and courses attended)
- Website usage data (information about how you use our website)
- Marketing and communications data (including your marketing and communications preferences)
2.2 How do we collect your personal data?
We will collect your personal data directly from you when you:
- make an enquiry or information request to us
- email us
- apply for a job or secondment with us
- apply to become one of our contractors or suppliers
- agree to partner or collaborate with us
- subscribe to our e-newsletters or to mailing lists
- register to attend, or present at, one of our events
- use, visit, browse and interact with our website (see more in our Cookie Notice)
- visit our offices
2.3 Other information we collect about you from third-party sources
We also receive personal information indirectly, from the following sources:
- From our service providers to deliver the services requested;
- From other third parties outside Itad where you have agreed to them to share your information with us for marketing purposes;
- Government, tax or law enforcement agencies.
3. How do we use your data and on what legal grounds?
We will use your data for the purposes of administering a contract to which you or your organisation are a party.
We collect and use your data for: procurement, background and reference checks, payments, renewal, dispute, enforcement, and other processes related to the entering and performance of a contract.
If you do not provide all of the requested personal data then Itad may not be able to enter into and perform the contract.
We will also collect your data, where you have provided us with your consent to do so, for marketing and communications purposes. This may include, but is not limited to; surveys to track satisfaction and inform improvement, e-mail newsletters about our services and impact, and learning materials.
Itad will never share or sell your data to third parties for their own marketing and promotional purposes.
3.3. Legitimate Interest
We also use your data:
- To manage and improve our website and to make sure that content from our website is presented to you in the most effective and optimal manner (see our Cookie Notice for more information)
- To deliver relevant website content and advertisement to you and measure or understand the effectiveness of the advertising we serve to you
- To customise, measure and improve our services
- To use your browsing activity with Itad to detect, diagnose and resolve errors that occur on our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- To contact you directly for marketing and promotional purposes in connection with our business
- For research and development
- To consider your suitability and contact you in relation to jobs, secondments or contractor/supplier appointments.
In these cases, the legal basis on which we rely to lawfully process your data is the pursuit of our legitimate interests (for example, to better understand how users interact with our website and solve any issue they may have, to improve our website and our services, to develop our organisation, or for direct marketing purposes) when your interests and fundamental rights do not override those interests.
3.4 Legal Obligation
We may use your information also to:
- enable us to enforce our legal rights, and/or to protect the rights, property or safety of our employees and/or other third parties
- prevent, detect, mitigate and investigate frauds or illegal activities
- comply with legal obligations and requirements, for example tax purposes.
The way in which we collect and process your data is based on your consent.
If you do not provide your consent for us to process your personal data for a specific service that is offered under the lawful basis of your consent then we might not be able to provide that service to you in full.
Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. If you are unsure how to withdraw your consent please contact the Data Protection Officer.
4. Who will your data be shared with?
In order to fulfil the purposes stated above, it might be necessary for Itad to share with suitable third parties your data. In particular, your data might be shared with:
- Itad Inc, incorporated in the US (EIN: 84-2346030), for potential engagements and in relation to contracts
- Itad’s insurers, in the event of a claim or potential claim
- Our CRM provider, where enquiry has been made or services are to be provided
- Selected third-party service providers, agents, subcontractors or other associated organisations that we work with, so that we are able to provide you with our services or that will provide services to you on our behalf, for example:
- Service providers acting as processors who provide IT and system administration services, including those who provide analytics services – for administration and functionality purposes
- Professional advisers including lawyers, bankers and auditors – in relation to claims and advice and/or services provided to us
- Any other third parties and governmental institutions to comply with our legal obligations and enforce our legal rights (i.e. tax obligations)
- Prospective clients of Itad
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.
Before sharing any of your personal data with third parties, we require our providers to sign an agreement confirming that your data will be kept secured and that it will be used only the purpose we have identified. We share or disclose with them only the personal information that is necessary.
You can request from us a comprehensive list of our data processors.
4.1 International data transfer
The majority of the personal data we process is stored and backed-up on servers within the UK. Some personal data we process is stored on the cloud through Microsoft, with their backup servers based in the UK or Ireland.
If you are using this website from within the European Economic Area (EEA) you need to be aware that as part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the EEA. This includes CV and CRM information which may be shared with Itad Inc. in the United States.
If we transfer your information outside of the UK or the EEA, we have put in place contractual agreements or other measures with any recipients of your information to ensure your personal data will be equally protected.
5. How do we protect your personal data?
We take all reasonable and appropriate technical and organisational measures to protect the security of your personal information throughout the course of our business. Technical safeguards include for example restrictive access, encryption, antivirus software, regular testing and evaluation.
We are compliant with the IASME Governance assessment (including CyberEssentials and GDPR elements) which is recertified annually.
6. How long will we keep your personal data for?
Your personal data will be retained for no longer than is necessary for the purpose for which it was obtained, or for as long as we are obliged to according to relevant regulatory, tax, accounting, legal or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
We will then dispose of your information by removing all files and back-ups from all personal computers, shared drives and hard drives.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request by contacting us.
7. What are your rights?
Under data protection law, you can exercise the following rights free of charge:
- withdraw consent- You can withdraw your consent at any given time by contacting the Data Protection Officer.
- access – You have the right to ask us for copies of your personal information.
- rectification – You have the right to ask us to correct personal information. You also have the right to ask us to complete information you think is incomplete.
- erasure – You have the right to ask us to erase your personal information in certain circumstances, i.e. if your personal data are no longer necessary for the purpose they were collected for or if you withdraw your consent.
- restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances, i.e. if you think that the information we process is inaccurate or unlawful.
- object to processing – You have the right to object to the processing of your personal information only if we process the relevant information on legitimate or public interest grounds.
- data portability – You have the right to ask that we transfer the personal information you directly gave us to another organisation, or to you, if we process the relevant information on consent or contract grounds.
- rights in relation to automated decision-making and profiling.
- lodge a complaint – You have the right to lodge a complaint to the supervisory authority if you think our processing of data is unlawful.
If you make a request to exercise your rights, we have one month to respond to you before you can complain to the relevant Supervisory Authority. You can also lodge a complaint if you are unsatisfied with our reply.
For the UK, the Supervisory Authority is the Information Commissioners Office (ICO). The ICO’s contact details are:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire SK9 5AF
ICO website: https://www.ico.org.uk
If you are based in, or the issue you would like to complain about took place in, the European Economic Area (EEA), please refer to the local data protection authorities in the EEA countries.
8. How to contact us
We want the data we hold to accurate and up-to-date. Please contact us if you wish to make a change or if you have a question or complaint about how we use your personal data. See our full contact details in section 1 of this Privacy Notice.
9. Version history
We regularly update this Privacy Notice to reflect changes in our services and in data legislation. This Notice was last updated on 10 March 2023.