This Privacy Statement explains what we do with your personal data, whether we are in the process of assisting you verify your identity, continuing our relationship with you once have, providing you with a service, receiving a service from you, using your data to ask for your assistance in relation to a user of our services, or you are visiting our website.
It describes how we collect, use and process personal data, and how, in doing so, we comply with our legal obligations.
This Privacy Statement applies to the personal data of our website users, clients, suppliers and other people and organisations whom we may contact digitally to find out more about users of our services or whom they indicate is an emergency contact. It also applies to the emergency contacts of W2 Global Data Solutions Ltd staff.
For the applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679)) (the “GDPR”), the company responsible for your personal data is W2 Global Data Solutions Ltd or “us”.
This Privacy Statement applies in relevant countries throughout our international network. Different countries may approach data privacy in slightly diverse ways. W2 Global Data Solutions Ltd wishes to ensure that it is compliant with all applicable data privacy protections, no matter where you are.
It is very important you read the statement carefully to understand our views and practices regarding the processing of personal information and how W2 Global Data will treat it.
By visiting the W2 Global Data website and/or providing your information to us via use of any of our services, you are accepting and consenting to the practices described in this statement.
When using W2 Global Data services, our clients will require you to provide explicit consent to the collection and use of any personal information you may provide to us, and to transfer of your personal information, for the purposes of validation and verification, to W2 Global Data and its partners located in the UK or elsewhere as outlined in this statement. Please note that this includes your explicit consent to the processing of any sensitive personal information you may provide, as described herein.
If you do not agree with any of the content of this statement: please do not use W2 Global Data services or this site.
Your privacy is important to us, and W2 Global Data is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all its legal obligations and it values your right to control what personal information is collected about you and how this information is used.
While information is the foundation for providing you with superior service, protecting the privacy of your personal information is of highest importance to us. W2 Global Data believes that responsible stewardship of the information entrusted to us is crucial in developing and maintaining the public trust essential for our continued success.
We are sensitive to your privacy concerns and are committed to letting you know how the information collected is being used and what choices you have regarding the collection and use of the information you have provided. In seeking to protect personal data and ensure that our staff understand the rules governing their use of the personal data to which they have access during their work; staff must ensure that the Data Protection Officer (DPO) is consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
All information supplied by you to the W2 Global Data service will be used and protected by us in accordance with current applicable data protection law and this Privacy Statement.
W2 Global Data seeks to comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation and makes every effort possible in all that we do to do so. The Principles are:
W2 Global Data is responsible for the processing of any personal information you provide to it while using its services to engage with you. W2 Global Data Solutions Limited is registered in the United Kingdom with the UK Information Commissioner’s Office under Registration No: Z2736945.
In the event you provide W2 Global Data with personal data, W2 Global will in that instance be what’s known as the ‘Controller’ of any personal data you provide to us. In the event you provide W2 Global Data with personal data through one of our clients, W2 Global will in that instance be what’s known as the ‘Processor’ of any personal data you provide to us.
W2 Global Data provide a wide range of online screening tools and services to help organisations make time critical and informed decisions about the people and businesses they are interacting with.
W2 Global Data collects data from users of its services and this website; its suppliers and others and it does so to operate effectively and provide the best possible service.
SERVICE USERS (the end-user of a W2 Client) – PERSONAL DATA: You have choices about the data we collect at W2 Global Data. When you are asked to provide personal data, you may decline or, the end users may decline. The data we collect depends always on the context of the interactions between end-user and W2 Client and in turn, with W2 Global Data. The personal data shared will depend upon the choices made, and the services and features chosen.
If you submit personal details or documents on request from an enterprise using a W2 Global Data service or do so direct to W2 Global Data, depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the information listed below to enable us to offer you services which are tailored to your circumstances and the W2 Global Data client you may be engaged with, including:
(Please note: that the above list of categories of personal data we may collect is not exhaustive and to the extent that you access our website we will also collect certain data from you).
W2 Global Data – CLIENT DATA: The data we collect about our clients is actually very limited. We generally only need to collect company contact details and/or the details of individual contacts at a client organisation (such as their names, telephone numbers and email addresses) to enable us to ensure that our relationship runs smoothly. We also hold information relating to a client’s engagement with user’s profiles through their use of our services. We may also hold extra information that someone in a client organisation has chosen to tell us and to the extent that they access our website we will also collect certain data from them.
W2 Global Data – SUPPLIER DATA: We don’t collect much data about our suppliers – we simply need to make sure that our relationships run smoothly. We’ll collect the details for our contacts within supplier organisations, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay them. We may also hold extra information that someone in a supplier organisation has chosen to tell us and to the extent that they access our services, we will also collect certain data from them.
PEOPLE WHOSE DATA WE RECEIVE FROM SERVICE USERS SUCH AS REFEREES AND EMERGENCY CONTACTS: All we need from referees is confirmation of what they already know about our service user. Emergency contact details give our clients somebody to call on in an emergency. To secure references, we’ll obviously need referee contact details (such as name, email address and telephone number). We’ll also need these details if our service user has put provided anyone as their emergency contact so that clients can contact you in the event of an accident or an emergency.
WEBSITE USERS: We collect a limited amount of data from our website users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, your browser type, the location you view our website from, the language you choose to view it in and the times that our website is most popular. If you contact us via the website, for example by using the contact form function, we will collect any information that you provide to us, for example your name and contact details.
SERVICE USER DATA (the end user of a W2 Client): We collect service user personal data in three primary ways:
W2 CLIENT DATA: We collect client personal data in three ways:
WEBSITE USERS: When you visit our website, there is certain information that we may automatically collect, whether you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website, for example by using the contact form function. We collect your data automatically via cookies, in line with cookie settings in your browser.
SERVICE USER DATA (in other words, the end user of a W2 Client): In general terms, when W2 Global Data collects personal data, it uses the data it collects for four basic purposes:
In carrying out these purposes, W2 Global Data combines data that it collects to provide a more seamless, consistent and complete experience. W2 Global Data will not collect any personal data from you it does not need to provide and oversee a service to you.
Where we collect information, which may be classified as ‘sensitive’ personal information and where slightly stricter data protection rules apply to it; we will in all cases need to obtain your explicit consent before we can use it. We’ll ask for your consent by offering you an opt-in. This means that you must explicitly and clearly tell us that you agree to us collecting and using this information.
Where we may need to collect other sensitive personal data about you, such as health-related information, religious affiliation, or details of any criminal convictions if this is appropriate in accordance with local laws and is required for the service you are using; we will never do this without your explicit consent.
Whatever else, service users can be certain that W2 Global Data has a Data Protection regime in place to oversee the effective and secure processing of all personal data provided, always, which includes the following key principles, namely:
W2 CLIENT DATA: In general terms, when W2 Global Data collects client data it uses the client information it collects for three basic purposes: namely
W2 SUPPLIER DATA: To find the right balance, we will only use supplier information:
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests. We will not, as a matter of course, seek your consent when sending marketing messages to a corporate postal or email address. If you are not happy about this, in certain circumstances you have the right to object and can find out more about how to do so in this statement. Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements.
PEOPLE WHOSE DATA WE RECEIVE FROM SERVICE USERS SUCH AS REFEREES AND EMERGENCY CONTACTS: We will only use the information that service users give us about you for the following three purposes:
Where appropriate and in accordance with local laws and requirements, we may share your personal data with your consent, in many ways and for assorted reasons, with the following categories of people or organisations:
W2 Global Data shares your personal data with your consent or as necessary to complete any transaction or provide any service outcome you have requested or authorised. We will however access, transfer, disclose and preserve personal data, including your content, when we have a good faith belief that doing so is necessary to:
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately. Details of how to contact us can be found in this statement.
W2 Global Data retains personal data for as long as necessary to provide the products and fulfil the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements and it retains such information for no longer than is necessary. Because these needs can vary for different data types in the context of various products, actual retention periods can vary significantly.
What is “necessary” will depend on the circumstances of an individual’s case, considering the reasons that the personal data was obtained, but is always determined in a manner consistent with our data retention guidelines; the criteria used to determine these which include:
In general terms, we will otherwise delete personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the W2 Global Data client organisation through which you were using our services) for two years unless you have consented otherwise (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you have or are actively engaging with our online services. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you clickthrough or reply directly.
The GDPR exists to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. You have rights to your data which we must respect and comply with to the best of our ability. These are described in more detail here. To get in touch about these rights or if you have any concerns whatsoever, please contact us via the contact information options provided in this statement. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
W2 Global Data adheres to applicable data protection laws in the European Economic Area, and therefore, we must where applicable ensure individuals can exercise their rights in the following ways:
Right to be Informed: by being provided with privacy notices which are concise, transparent, intelligible and easily accessible, free of charge, that are written in clear and plain language, particularly if aimed at children and by keeping a record of how we use personal data to demonstrate compliance with the need for accountability and transparency.
Right of Access: which we satisfy by enabling individuals to access their personal data and supplementary information and by allowing individuals to be aware of and verify the lawfulness of our processing activities.
Right to Object: this right enables you to object to us processing your personal data where we do so for one of the following four reasons:
If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
Right to Withdraw Consent: Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing arrangements or automatic profiling), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject access requests and may refuse your request in accordance with such laws.
Right to Erasure: You have the right to request that we erase your personal data in certain circumstances. Normally, the information held must meet one of the following criteria:
Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject right to erasure and may refuse your request in accordance with local laws. We would only be entitled to refuse to comply with your request to erasure for one of the following reasons:
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either:
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on , but not process it further. We must retain enough data to ensure the right to restriction is respected in the future.
Right to Rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. This must be done without delay, and no later than one month. This can be extended to two months with permission from the DPO. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of Data Portability: If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you can transfer your W2 Global Data account details to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform. Alternatively, we may directly transfer the data for you.
This right of data portability applies to:
Rights in relation to Automated Decision Making and Profiling: which require us to respect the rights of individuals in relation to automated decision making and profiling including ensuring that individuals retain their right to object to such automated processing, have the rationale explained to them, and request human intervention.
Right to lodge a Complaint with a Supervisory Authority: You also have the right to lodge a complaint with your local supervisory authority. Details of how to contact them can be found in this statement.
If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact us can be found in this statement. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Cookies may be used by W2 Global Data to provide you with customised information from our web service. A cookie is an element of data that a web site can send to your browser, which may then store it on your system. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our web site.
Cookies may also allow us to make our web site more user friendly by, for example, allowing us to save your password so that you do not have to re-enter it every time to visit our web site. Some website browsers can remember website passwords, to save you having to enter the password each time you visit a website. If you choose to let your browser remember your password for this site, one of our cookies helps this to happen. Your browser should not remember your password unless you have allowed it to. Your browser settings will allow you to erase password data at any time.
W2 Global Data is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as a credit card number or password) over the Internet, we protect it using encryption. When we transfer personal data from the European Economic Area, we do so using a variety of legal mechanisms.
W2 Global Data takes all reasonable steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located. Because W2 Global Data operates throughout the world in providing its goods and services, we on occasion transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection, including transfers:
If we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and equivalent protections travel with your data. Above all else, we want to make sure that data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
For further on information on how some of our suppliers treat your privacy and PII please see the below:
Article 6(1)(f) of the GDPR is the one that is relevant here – it says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
However, you do have the right to object to us processing your personal data on this basis.
We have our own obligations under the law, which it is a legitimate interest of ours to insist on meeting! If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection, tax collection or actual or anticipated litigation.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” In plain language, this means that:
We will keep records of the consents that you have given in this way.
We have already mentioned that, in some cases, we will be able to rely on soft opt-in consent. We can market products or services to you which are related to the recruitment services we provide if you do not actively opt-out from these communications. Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding consenting to receive marketing materials. As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time by contacting us.
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”. This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
W2 Global Data personnel have an obligation to report actual or potential data protection compliance failures. This allows us to:
W2 Global Data’s Data Protection Officer has overall responsibility for the day-to-day implementation of this privacy statement if, at any time, you:
You can write to us at the following address:
W2 Global Data Solutions Ltd, Clarence House Clarence Pl, Newport NP19 7AA, UK.
Alternatively, you can send an email to: firstname.lastname@example.org
W2 Global Data takes complaints very seriously and will respond to complaints within 30 days. Unless otherwise stated, W2 Global Data Solutions Ltd is a processor for the personal data we collect through the services we provide which are subject to this statement.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with UK law and the requirements of GDPR; you can complain to the UK Information Commissioner’s Office: You can contact them in the following ways:
Being transparent and providing accessible information to individuals about how we will use personal data is important for W2 Global Data. The following are key details on how we collect data and what we do with it:
What information is being collected?
Personal data provided to W2 Global Data by one of its clients with and only with, the data subject’s consent.
Who is collecting it?
W2 Global Data Solutions Ltd.
How is it collected?
Personal data is provided to W2 Global Data by the data subject by one of its clients utilising W2 Global Data’s secure online platform(s).
Why is it being collected?
Data is collected through W2 Global Data’s platform(s) at the invitational request of an enterprise with whom the data subject may be engaging for whatever their mutual purpose may be.
How will it be used?
We must and will process personal data fairly and lawfully in accordance with an individual’s’ rights. This generally means that we should not process personal data unless the individual whose personal details we are processing has consented to this happening. The processing of all data must be necessary to deliver our services, in our legitimate interests and not unduly prejudice an individual’s privacy.
The personal data you provide to us and which we process with your consent is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. We use the information you provide to us and the information we collect about you to provide a service(s) to the enterprise that has invited you to provide your details, and for validating and verifying your identity which may include searches with third parties.
Who will it be shared with?
We may disclose any of the information we collect about you to other W2 Global Data companies and information may be hosted outside of the European Economic Area by such group companies.
W2 Global Data engages third parties to assist in the provision of specific verification and validation services and the uses of the information as described in this Policy. Third party service providers who have access to your personal information are authorised to use this information only in a manner consistent with this Policy and for no other unrelated purpose.
We may provide aggregated data about the use of our services to select third parties for such purposes as we deem, in our sole discretion, to be appropriate. This aggregated data will not contain personal information about you and will not enable you to be identified or located. We may segment our users by age, geographic location, gender, etc. If you would like to be excluded from aggregated research, you should contact the enterprise that has invited you to use this service for assistance.
W2 Global Data Solutions Ltd, a company registered in the UK under company registration no: 7669978 is the Data Controller (ICO Data Protection Registration Number Z2736945).
Registered Office Address:
W2 Global Data Solutions Limited, Clarence House, Clarence Place, Newport, NP19 7AA, UK.
Details of transfers to third country and safeguards
In most cases where we process sensitive personal data we will require the data subject’s explicit consent to do this unless exceptional circumstances apply, or we are required to do so by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will always clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
We maintain reasonable administrative, technical and physical safeguards to protect against unauthorised access, use, modification and disclosure of personal information in our custody and control. All information you provide to us is stored on our secure servers.
Children are not eligible to use our services and we ask that minors (persons under the age of 18 years or under the age majority in their jurisdiction of residence, if that is different than 18 years of age) do not submit any personal information to us online or attempt to use our services.
We may disclose any of the information we collect about you to other W2 Global Data companies and information may be hosted outside of the European Economic Area by such group companies. You should be aware that W2 Global Data engages third parties to assist in the provision of specific verification and validation services and the uses of the information as described in this Policy.
Third party service providers who have access to your personal information are authorised to use this information only in a manner consistent with this Policy and for no other unrelated purpose.
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. We must however retain personal data for no longer than is necessary. What is necessary will depend on the circumstances of an individual’s case, considering the reasons that the personal data was obtained, but is always determined in a manner consistent with our data retention guidelines.
Updated: 1st May 2018