Last updated: 20th May 2021
Fair HQ’s mission is to help companies become more successful by embedding diversity and inclusion (D&I) across the business. Our evidence based product helps businesses audit and benchmark their D&I, create an effective strategy and continuously track improvements.
At Fair HQ we are committed to protecting personal information and respecting data protection laws across national boundaries. We are going to explain how we do this here.
We come into contact with personal data in four distinct ways:
- When you visit our website or communicate with us to discuss the services we provide.
- In order to operate our business, i.e. employment, marketing.
- When we are contracted by an organisation to deliver our services to the data subjects of which they are the Data Controller.
- When users interact with our web app or other tools as part of a contracted service delivery.
FairHQ as the Data Processor
This is when we are contracted by an organisation to deliver a service and are provided with personal data to do so. We act solely under the instruction of the data controller to deliver this service.
FairHQ as the Data Controller
This is when we determine what data we are going to collect, where we are going to collect it, for what purpose and how long we are going to keep it. We use this personal information to run our business, including the recruitment of employees and the promotion of our services.
We also act as the data controller for information given to us by users in the provision of our services. This data is pseudonymised, i.e. we are not able to determine the identity of the individuals it belongs to without the instruction of the original data controller, i.e. our client.
How we use your personal information
Regardless of whether we are acting as the Data Processor or the Data Controller we follow key data protection principles to ensure that the collection, retention and processing of personal data is managed in a compliant and fair way. We only collect the data we need to provide our services or to manage our business.
This means that we will always tell you:
- what type of personal data we are collecting;
- why we are collecting it;
- what we are going to do with it, i.e. the specific uses;
- what legal bases permit us to undertake the processing;
- who we are sharing personal data with;
- your rights with respect to your personal data
What personal information do we collect?
We collect and process different personal information and personal sensitive information according to the context in which you interact with us. This information includes:
We collect this information when you provide it to us directly, or from your interaction with our services.
How do we use your information?
We use your information as follows:
To fulfil a contract with Employers:
- conducting diversity and inclusion surveys with Employees to develop an evidence-based standard for measuring diversity and inclusion in businesses;
- validating individual metrics and reports against the benchmarks to recommend to Employers annual performance review targets;
- conducting analytical research to assess Employers’ diversity and inclusion practices and recommending steps to enable Employers to improve and meet the standard;
- provide D&I strategy and evidence based recommendations
- providing information and technical support if you ask for this;
- contacting you with information about changes to our services;
- certifying Employers which can successfully evidence consistent compliance with the diversity and inclusion standard; and
- processing payments for our services and fraud prevention.
As required by us to conduct our business and pursue our legitimate interests, in particular:
- giving our customers access to our services;
- contacting Employees with regards to anything in connection with our services;
- providing dynamic content within our services, depending on how you use such services;
- letting you know about our services by post, email, and phone in accordance with your marketing preferences and law relating to direct marketing;
- providing targeted advertising for our other products and services that we think may be of interest to you, based on how you use our website, products and services;
- analysing how you use our services so we can improve our levels of service and develop future products and services, including through the use of surveys and research studies;
- ensuring the security of our website and information technology systems and protecting our rights; and/or
- reviewing and progressing your job application.
Where you have provided your consent:
- where we need your consent to process your sensitive personal information to conduct study on Employers’ diversity and inclusion practices;
- gathering and processing Employees’ profile and sensitive data to conduct diversity and equality research;
- if we need your consent in order to send marketing for our services to you; and/or;
For purposes which are required by law:
- we may share your personal information in order to comply with legal obligations to which we are subject.
- in order to protect your vital interests or those of another individual; and/or
- for the purposes of record-keeping and hosting, back-up and restoration of our systems.
We may integrate your personal data with the Employers’ software to enable the Employers to continue to monitor and measure their compliance with the diversity and inclusion practices against the established benchmarks to ensure that they are meeting the standard at all times. In this case we will anonymise all personal and sensitive data so that Employers would never be able to identify individuals (the Employees) and attribute your answers to the surveys and other personal data directly to you.
How will we share your information?
We share your personal details:
- with people within our organisation who are involved in carrying out the processing described above; and
- with third party service providers who process your information on our behalf for the purposes above – such as IT hosting providers, payment service providers, data analytics specialists and other professionals retained by us.
List of authorized data processes
- Auth0 – Authentication as a service. (Shared info: Email + First name + Last name)
- Intercom – Customer success tool to support customers and their employees (Shared info: Email + Company name + First name + Last name)
- Full story – Behavioural analytics used for improving UX experience & debugging (Shared info: Email + First name + Last name)
We will also share your personal information:
- if we think this is necessary in order to protect the rights, property, or safety of our business, our employees, our partners, or our customers. This includes sharing information for the purposes of fraud protection and credit risk reduction;
- any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy; and/or
- with government authorities and/or law enforcement officials if required by law.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Giving and withdrawing your consent and updating your personal information
Where your consent is required for us to process your personal information, we will ask for your consent at the point at which you provide your data. You have the right to withdraw that consent at any time. Please note that we may not be able to provide our services if you withdraw consent for us to use your sensitive data. You can also update your personal information at any time. If you wish to do either, contact us at email@example.com.
Storing your personal information; transfers outside the EEA and data retention
We may use our secure servers to store your personal data. We take appropriate physical, electronic and procedural measures to ensure that we keep your information secure, accurate and up to date in accordance with this policy.
Your personal information may be stored and processed outside of the country where it is collected, including outside of the European Economic Area (EEA). When transferring information to others, within the EEA or otherwise, we ensure that appropriate and suitable safeguards and technical measures are in place to protect your personal data. To do this, we make use of standard contractual clauses that have been approved by the European Commission, or we implement other similar measures required by laws around the world. If you would like further information about this, please contact us at firstname.lastname@example.org
We will only keep records of your personal information for as long as is reasonably necessary for the purposes for which we have collected it, and in order to comply with any statutory or regulatory obligations in relation to retention of records. We respect requests to stop processing your personal data for marketing purposes. This includes keeping a record of your request indefinitely so that we can respect your request in future.
We may retain your personal data longer:
- to comply with law;
- to protect your vital interests or those of another individual; or
- in connection with any legal claims (to the extent those claims are continuing after the end of the relevant retention period).
Finally, we may create anonymised or aggregated records relating to demography or the use of our website or services, from which no individual is identifiable. We may retain those records, which are not personal data, indefinitely.
We do not knowingly collect or store any personal information of children under the age of 16, because the services we offer are not applicable to this age group.
Personal data relating to someone else
Prior to providing to Fair HQ any personal information concerning another individual, you must (unless we agree otherwise):
- obtain their permission (where possible) to share their personal information with us in accordance with this policy.
Your rights and how to make changes to your personal information
You have the right to request access to and rectification or erasure of personal information, the right to restrict processing of your personal information, and the right to object to processing of your personal information. You have the right to object to your personal information being processed on the grounds of our legitimate interests. You have the right to object to us sending you direct marketing and profiling you for the purposes of direct marketing. You can contact us by email at email@example.com in relation to any of the rights described in this paragraph, or if you have any questions regarding this privacy notice.
You can make a request to rectify, erase, restrict or object to the way your information is handled. You can also ask to access the data for which we are the data controller.
When you make a request, we may ask you for some specific information to help us confirm your identity and ensure you have the right to exercise these rights. We will make it easy and secure for you to share this information with us and we will do it in a timely fashion.
You may also request your data in a useable electronic format so that you can use it elsewhere.
To update your personal information, make changes to it, request a copy or ask us to change the way we contact you please email us at firstname.lastname@example.org.
If your request relates to information provided by your employer, we will ensure that it is passed on to them so that they can take the appropriate action.
If you have a complaint or concern about how Fair HQ uses your personal information, please contact us in the first instance and we will attempt to resolve the issue as soon as possible.
If you are not satisfied with the way we have handled a request regarding your information, you have the right to lodge a complaint with the appropriate supervisory authority. Details are given below:
Information Commissioner’s Office https://ico.org.uk/make-a-complaint/ Telephone: +44 303 123 1113
We are Fair HQ LTD, whose registered address is 20-22 Wenlock Road, London, England, N1 7GU. Our Data Protection Officer can be reached by email at email@example.com