Privacy Policy
1. Who are we and our Commitment to You
Bold New World (”We”) is committed to protecting and respecting your privacy.
This policy (together with our Terms and Conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.boldnewworld.co.uk (“our site”) you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Bold New World, Larkhill House, Long Newnton, Tetbury, Gloucestershire GL8 8SY. Our nominated representative for the purpose of the Legal Requirements is Katharine Landale.
2. Information we Collect From You
We will collect and process the following data about you:
- Information you give us. This is information about you that you give us by filling in forms on our site, participating in voluntary surveys or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, participate in discussion boards or other social media functions on our site, complete a voluntary survey and when you report a problem with our site. The information you give us may include your name, address, e-mail address, phone number, and Twitter handle whether you are an applicant, an employer and/or an expert. Where you are an expert it may include your area of expertise. As an applicant, you will be asked to provide a curriculum vitae and one or two references.
- Data added by you and stored in your accounts. When you use our services you might upload or generate personal information in relation to your own customers and users. You will remain the data controller for all such data that is stored within our systems and are responsible for ensuring you have an appropriate lawful basis and notes in place to allow us to store this data on your behalf. If you use Bold New World's services, which allow you to upload, store or process any personal data, you are responsible for ensuring that you are compliant with appropriate laws and regulations for this data. We do not recommend that Employers, Charities or Candidates store any personal data in areas of our system that are not designed for the purposes of storing this information.
- Information we collect about you. We collect demographic information such as your general area postcode, age, gender, preferences, interests and generic favourites. In addition, with regard to each of your visits to our site we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, log-in time and referring website addresses
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
- Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
- Social Media. We allow you to share information with social media sites, or use social media sites to create your account or to connect your account with the respective social media site. Those social media sites may give us automatic access to certain personal information retained by them about you (e.g., content viewed by you, content liked by you, and information about the advertisements you have been shown or have clicked on, etc.). You control the personal information you allow us to have access to through the privacy settings on the applicable social media site and the permissions you give us when you grant us access to the personal information retained by the respective social media site about you. By associating an account managed by a social media site with your account and authorising us to have access to this information, you agree that we can collect, use and retain the information provided by these social media sites in accordance with this Privacy Policy. We may also use plug-ins or other technologies from various social media sites. If you click on a link provided via a social media plug in, you are voluntarily establishing a connection with that respective social media site.
- Special Category Data. We do not collect special category data such as biometric data for unique identification, health information and medical records, criminal records, racial or ethnic origin, political orientation or beliefs, religious or philosophical beliefs, trade union membership, data concerning sex life or sexual orientation, genetic data, nor do we require you to give us this data.
- Information about other individuals. If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices; and
- give consent to the transfer of his/her personal as contemplated in this privacy policy.
- You should inform them how we collect, use, disclose, and retain their personal information according to our privacy notice.
- Payment cards. We do not store full payment card details on our own servers. We work with external PCI-compliant payment processors (Stripe) who store these details. We store the last 4 digits of your card and the card type on our systems so that you can identify which card will be used for future payments. We also store the country that the card was registered in and the IP address country that the card was added from as a legal obligation to ensure that the correct VAT rate is charged fro your payments.
Retention: We will instruct our payment processors to delete any stored card details when you cancel your account. - Analytics. We use Google Analytics to help us track the details of visits browsing our public website. We do not use Google Analytics on any URLs once you have been authenticated. We do not send any personal data to Google's services through Google Analytics and we configure our tracking codes to anonymise any IP addresses.
- Email Address. We will store your email address for the purposes of managing your account with us. This will be used for transactional emails that relate directly to your account or service. This information is required in order to ensure you are informed about your account and can take appropriate action in various situations. We may also use your email address to send you messages about our services which may include notifications about newly launched features, improvements to the service, upcoming maintenance as well as ways to help you make the most of your service. If you would rather not receive these messages, please let us know or click the unsubscribe link in these emails. We will not send you any other marketing message unless you subscribe to our newsletter which you can do through our website when signing up or through one offer applications. When you do this, you will be consenting with us to use your email address for this purpose. You may withdraw this consent at any time by unsubscribing from he messages or contacting us. If you are using a service that allows multiple users to have access to the same account, your email address may be shared with the other users on this account. Our applications may share cryptographic has (MD5) of your email address with the Gravatar service to allow us to display an appropriate profile with your images. If you do not have an account with Gravatar, they will not be able to determine your actual email address.
Retention. Your email address will be kept until such time as all accounts associated with it are deleted from our systems. - Outgoing Emails. If we send you transactional emails, these will be passed through our internal mail server and stored for a period of time to assist with debugging delivery problems and ensuring messages are appropriately diverted to their destinations. This is necessary to provide our service to you. The information stored includes the contents fo the messages sent, the email addresses of the recipients and any other headers.
Retention: The contents of messages are stored for a minimum period of 30 days from eh date the message is received by our mail system. - Postal Address. We require your postal address in order to provide you with an invoice for your services. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of 7 years. We may need to send you items by post. To do this, you will need to provide your address to us again and consent to us using it for the purpose of sending you items by post. We may store your address on file to allow us to send you items in the future. You may opt to have this address removed from our records at any time by contacting us.
- Support by E-mail. If you contact us ty email or through our website, you will be sharing your contact details (email addresses and/or telephone numbers with us for the purposes of responding to your query. This is necessary to provide our service to you.
Retention: We retain all support requests (including name and contact details) that we receive for the purposes of auditing and training staff. - Email directly to/from our employees. If you communicate with our employees directly by email (i.e. not using our normal support channels), we may retain your name and email address in the mailbox of the employee(s) that you communicate with. This is necessary to provide our service to you.
- Backups. We store backups of website data stored by us for use in disaster recovery. Backup data is encrypted and stored off site in a secure data centre. This is necessary to provide our service to you.
Retention. Database backup data is stored for a minima period of 20 days, whereas full backup data is stored for a minimum period of 4 months.
3. Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.
4. Uses made of information.
We use information held about you in the following ways:
- to provide those services to you that you have requested;
- to carry out our obligations arising from any contracts entered into between you and us;
- to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to send you case studies, blogs, tips and other information that we think will be of interest to you;
- to notify you about changes to our service;
- to contact you to invite you to participate in voluntary surveys for the purpose of conducting research into your opinion of current services and/or of potential new services that may be offered;
- to ensure that content from our site is presented in the most effective manner for you and for your computer;
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our site safe and secure;
- to allow you to participate in interactive features of our service when you choose to do so;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
5. Marketing and Opting Out
If you have given permission, we may share your personal data with organisations who are our business partners and we or they may contact you (unless you have asked us or them not to do so) by email or mail about blogs, recommendations, voluntary surveys, services, promotions and special offers, and other things that we think may be of interest to you. Where you are an existing user signed up for our services, and you are not a candidate or other individual acting as a contact for a corporation, we may rely on legitimate interests to send you such material by email. If you prefer not to receive any further direct marketing communications from us or our business partners, you can opt out at any time using the unsubscribe or opt out mechanism in the relevant communication or by contacting us. See further 'Your rights', below.
6. Legitimate Interests
We process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services’ communications for the benefit of our customers;
- to identify and prevent fraud;
- to enhance the security of our network and information systems;
- to better understand how people interact with our websites;
- to provide postal communications which we think will be of interest to you e.g. case studies including useful tips; recommendations of clubs to join; books to read
- to determine the effectiveness of promotional campaigns and advertising.
“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Our site is aimed at building a community of like minded people and providing a forum where information of interest to this community can be shared. To achieve the purposes of this forum we believe it is in the interests of users of this site for us to send case studies about other individuals in similar positions, to provide tips on how to put together a good curriculum vitae, covering letter or on interview techniques, improving your LinkedIn profile or to make recommendations of things that we think users will be interested in.
You have the right to object to this processing if you wish, and if you wish to do so please see the “Your Rights” section below. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit and may defeat the object of your participation in the forum offered through this site.
7. Disclosure of your Information
You agree that we have the right to share your personal information with:
- Any member of our group. (For more information on our group members please check our site or contact us. See “Contact” below.)
- Selected third parties including:
- potential employers/those recruiting, business partners, service providers, suppliers, agents and sub-contractors for the performance of any service which you have signed up for, or for the performance of any contract we enter into with you;
- analytics and search engine providers that assist us in the improvement and optimisation of our site.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If Bold New World, or substantially all of its assets, are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or a contract we have entered into with you; or to protect the rights, property, or safety of Bold New World, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8. Data Storage and Transfers
All information you provide to us is stored on our secure servers located in the UK and the European Economic Area (EEA). It will also be processed by staff operating inside the UK or the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the provision of our services including support services and the processing of your payment details.
You can obtain more information about the locations where your data is stored and transferred to, including the identity of third-party suppliers and their locations and processing activities please by contacting us. See “contact” below.
Wherever we are required to transfer your personal information, regardless of where this occurs, we have taken steps to ensure that your information is treated securely and in accordance with this privacy policy and all applicable data protection laws and regulations. By submitting your personal data, you agree to this transfer, storing or processing.
9. Security
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and username that are unique to you; and
- we store your personal data on secure servers.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
10. How long do we keep your data?
We only keep your information for so long as it is necessary to fulfil the purpose for which it was collected. We use the following criteria to determine how long we should keep your data for:
- Whether or not you are actively using your account;
- Whether or not you are opening emails that we send to you with communications we think you are interested in;
- If we are required by law to keep your information for a certain period of time;
- If we will need to keep copies of correspondence with you to resolve complaints.
If you have not logged-into your account or you have not opened emails from us for a period of 2 or more years we may close your account and delete your information. We contact you before we do this to ask you if you want us to do this or if you want us to keep your account open and if you want us to continue to communicate with you.
Your Rights
Right to ask us to stop contacting you with direct marketing. Even if you have accepted the processing of your personal data for marketing purposes (by ticking the relevant box), you have the right to ask us to stop processing your personal data for such purposes. Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
Right to request a copy of your information. You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please contact us and let us know the information you want a copy of, including any account or reference numbers, if you have them. Any subject access request may be subject to a reasonable fee to cover the cost of providing you with details of the information we hold about you.
Right to correct any mistakes in your information. Where you are a registered user on our site and have a log-in, you can log-in and update your own information. It is your responsibility to do this as soon as any of your information changes. However, you can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please contact us and let us know the information that is incorrect and the information you want it replaced with.
Right to request we cease processing your information. You may request that we cease processing your personal data. If you make such a request, we shall retain only the amount of personal data pertaining you that is necessary to ensure that no further processing of your personal data takes place.
Data Portability Request. You have rights to obtain a copy of some of the Personal Information that we hold on you and reuse or share it for your own purposes (“right to data portability”). The right to data portability only applies:
- to Personal Information you’ve provided to us (i.e. not any other information),
- where we are processing your Personal Information because you have provided your consent for us to do so, or under a contract with you; and
- when processing is carried out by automated means.
We can refuse your data portability request if the processing does not satisfy the above criteria. Also, if the Personal Information concerns more than one individual, we may not be able to transfer the information to you if doing so would prejudice the other person’s rights.
Right to request deletion of your information. You can ask us to erase all your personal data (also known as the “right to be forgotten”) in the following circumstances:
- it is no longer necessary for the Manager to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
- you wish to withdraw your consent to us holding and processing your personal data;
- you object to us holding and processing your personal data (and there is no overriding legitimate interest to allow us to continue doing so);
- the personal data has been processed unlawfully; or
- the personal data needs to be erased in order for us to comply with a particular legal obligation.
Unless we have reasonable grounds to refuse to erase your personal data, all requests for erasure shall be complied with.
12. Changes to our Privacy Policy
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
13. Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed by email to contact@boldnewworld.co.uk. Please use these contact details to exercise your rights as outlined in the “Your Rights” section above.
14. Complaints
If you have any complaints about the way in which we collect, store and use your information, and these have not been addressed by contacting us first, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: https://ico.org.uk/concerns/
15. Links to other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over other websites and their content. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Last Updated: 30.4.2019
Cookie Policy
Our website (Site) uses cookies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our site.
A cookie is a small text file which is placed onto your browser or the hard drive of your computer.
Types of Cookies. The following sets out details on the type of cookies and how we use the different categories of cookies as well as providing information on your options for managing cookies’ settings.
How We Process Your Data. Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting. The key information that we process is shown below for your information:
IP Addresses. When you access any of our services we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our system to ensure the integrity of our services.
Retention. This information is stored in rotating logs, which are kept for a minimum of 6 months.
Authorisation & Session Data. Whenever you login to one of our services we will use at least two cookies that will identify your session to our services. This is necessary to provide our service to you.
The browser_id cookie is a permanent cookie that uniquely identifies your browser to us and allows us to ensure that previous sessions from that browser are invalidated when logging in again. This is only used for the purposes of invalidating these sessions as well as allowing us to notify you when new sessions are created in new browsers.
The user_session cookie is, initially, a session-only cookie that contains a unique token that identifies your specific session. This data is not stored on our end and is only stored in a hashed form. If you choose to persist your login session, this cookie will be converted to a more permanent cookie with an expiry time at some point in the future. The actual time will depend on the service you are using.
In addition to these cookies, we also store IP addresses & user agents with your session. This allows us to look for anomalies in its use to help us protect your account and our systems.
Job Processing Cookies. These cookies are required for the job processing part of this website to run correctly. There maybe additional cookies to the ones listed below however these are the standard at time of writing.
-
- chosen_package_id
- chosen_package_is_user_package
- wp-job-manager-submitting-job-id
- wp-job-manager-submitting-job-key
Shopping Cart & Payment Processing Cookies. These cookies are required for the e-commerce section of the site to run correctly. They include storing data for your shopping cart as well as the checkout process.
Please note that card payment details are not stored by us, these are handled by our payment processor, Stripe. You can find out more details at the Stripe website.
- __stripe_mid
- __stripe_sid
- woocommerce_cart_hash
- woocommerce_items_in_cart
- wp_woocommerce_session_
Retention.This data is stored until such time as the associated user account is deleted.