This privacy notice tells you what to expect when LexisClick collects personal information. It applies to information we collect about:
LexisClick will collect a range of information on you, either via activity via our website or emails, ticketing systems, telephone, in person or at trade shows. This information includes:
We will not collect sensitive categories of personal data without your explicit consent.
LexisClick will not collect data relating to minors as defined under UK law. Minors as defined by UK law are not permitted to use LexisClick Services or interact with us as a corporate entity.
LexisClick may from time to time contact customers via email regarding service related matters such as billing, account management and maintenance. These emails are an important part of our service to you.
For business contacts who are not currently customers, LexisClick may contact you via email and other electronic means to promote our services to you. If you do not wish to receive these communications you can unsubscribe at any time. All email communications that we send contain a clear link to manage your subscription preferences.
We only store personal contact details for contacts who have given these to us, by signing up for information communications from us, applying for a role with us, or have provided us these details as their preferred address.
We will keep your personal information for as long as you are a customer of LexisClick or a relevant marketing contact.
After you stop being a relevant marketing contact or unsubscribe from our communications, we will remove your data as part of our annual data reviews. Where a contact has been removed from our system, because the information is out of date or the contact has unsubscribed, we may retain a small amount of information relevant to controlling marketing activities. These details typically include email address, subscription preferences and reasons to not contact.
After you stop being a customer, we may keep your data for up to 10 years for the following reasons:
LexisClick will not share your data with a third party not directly associated with the provision of services without your explicit consent. LexisClick will also not transfer Subject data to a third party country outside of the UK or EEA that is not compliant with the applicable data protection laws via adequacy agreement, Binding Corporate Rules or other legally appropriate means as defined by the Information Commissioners Office without your explicit consent.
LexisClick makes use of a number of third party organisations for the purposes of delivery of Services to the Customer.
Whilst the following list is not intended to be exhaustive, LexisClick typically only transfers the personal data relating to our customers, where required for the activities set out below, to the following third parties or Data Processors:
LexisClick will update this list from time to time as our systems and operations evolve and inform you accordingly.
By interacting with LexisClick as defined in this policy, you provide your consent for this transfer and use of our Data Processors and their Data Sub-Processors, and for transfer to any other appropriate third-party Data Processor for the purposes of delivery of the Services and customer relationship management activities. No data transfer will be undertaken that is outside of the strict scope of the purposes stated in this policy, or that will materially degrade the security of your data or your rights.
The Data Processors and Sub Processors we use will be contractually bound to process only in accordance with our instructions and to maintain technical and organisational controls in compliance with our security policy and the requirements of the GDPR.Commitment to confidentiality and security of processing
LexisClick will use appropriate technical and organisational security measures within our sphere of responsibility to ensure an appropriate level of confidentiality, integrity and, where LexisClick is the Data Controller, availability of your data and to ensure its availability in the event of a business continuity incident.
LexisClick will undertake security and data protection assessments of any third parties we elect to use prior to transfer of any Customer Data and regularly thereafter.
When someone visits www.lexisclick.com we use a small number of third-party services, including Google Analytics, Hubspot and Hotjar to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site, understand how the website is being used, personalise areas of the website and understand how marketing channels are performing. Where consent has not been requested and provided, this information is only processed in a way which does not personally identify anyone.
We use standard software to collect information for the strict purpose of tracking activity on our site. This allows us to understand how many people use our site and which pages and features are most popular. The information we normally collect and store is
You never transmit personally identifying information that you do not enter yourself, and this is always your option. This information cannot be collected unless you specifically elect to send it to us. This information is used internally only for the purpose of fulfilling the request or for contacting you directly and is not sold to any other organisation. Your information is transmitted directly to LexisClick and is stored securely in the services that we use for this purpose.
We have outlined below details about the type of information that LexisClick keeps about job applicants, current and former employees and the purposes for which it keeps them. You can read more about this here.
LexisClick believes that these uses are consistent with our employment relationship with each member of staff and with the principles of the Data Protection Act and the GDPR.
During the recruitment process LexisClick will ask for information about your personal and employment history. All of the information you provide during the process will only be used for the purposes of progressing your application, or to fulfil legal, regulatory or legitimate requirements if necessary.
LexisClick will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is held in electronic or physical format.
LexisClick will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
The information we ask for is used to assess your suitability for employment. You do not have to provide what we have requested but it may affect your application if you don’t.
We will ask all candidates for personal details including their name and contact details. We will also ask for information about your previous experience, education, referees and for answers relevant to the role you have applied for.
We use a third party HR consultancy provider Streetwise HR and all the information you share with us, will be shared with them as our external HR department. Our HR provider and your Recruiting Manager will have access to all the information you provide.
You may be asked to provide equal opportunities information. This is not mandatory information. If you choose not to provide it, it will not affect your application. This information will only be made available to our HR provider and your Recruiting Manager, it will not be available to any other staff in a way which could identify you.
Any information you choose to provide will only be used to produce and monitor equal opportunities statistics.
All external applicants who are to be formally interviewed will be asked to complete an Application and Pre-Employment Screening form .
The selection process will normally begin with a discussion between the Recruiting Manager our HR provider and their Line Manager or Department Head in order to determine the selection approach. The appropriate selection method may not necessarily be limited to, but will always include, face to face interviews. We may also ask you to complete a test or attend other selection events such as a selection centre or psychometric testing. This information will be held by LexisClick and will be accessible to our HR provider.
If, following assessment of your application for the position you have applied for, you are unsuccessful we will retain your information for a period of 6 months unless you instruct us otherwise.
In compliance with LexisClick’s recruitment guidelines, if we make you a conditional offer of employment we will ask you for information so that we can carry out pre-employment screening and vetting checks.
These checks include:
Commencement of your employment is conditional on completion of Pre- Employment Screening and Vetting documentation.
You will be required to provide the following to allow us to complete these checks:
We will provide your name and copies of your proof of identity, right to work and proof of address to our HR provider, who may at their discretion provide it to a third-party employment detail checking provider. You will be provided with details of any third party service prior to your data being submitted. LexisClick or our HR provider will also contact your referees using the details you provide in your Application Form to obtain references.
You must successfully complete these pre-employment checks to progress to a final offer.
If we make a final offer and you accept, we will also ask you to provide the following:
Data processors are third parties, such as our HR provider, who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us.
If you accept a final offer from us, some of your personnel records will be held on our HR software and physical records may also be held securely. These details will include:
If you are successful, the information you provide during the recruitment and application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your Application Form, Medical Questionnaire, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided up until that stage will be retained for 6 months and will then be securely disposed of.
Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict or object to processing. For further information see our Employee Handbook.
The information held will be for our management and administrative use only, but from time to time we may need to disclose some information we hold about employees to relevant third parties.
LexisClick may also hold information about an employee for which disclosure to any third party will only be made when strictly necessary for the purposes as follows
LexisClick requires all employees to comply with the GDPR in relation to information about other staff. Failure to do so will be regarded as serious misconduct and will be dealt with according to the Company’s disciplinary policy and procedure. If an employee is in a position to deal with information about other employees, they will be given separate guidance on their obligations.
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you. You can read more about these rights here.
LexisClick tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of LexisClick’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can either email firstname.lastname@example.org or write to the Data Department at LexisClick, 76 Shelley Road East, Bournemouth, BH7 6HB.
If you are not satisfied with our response you can contact the statutory body which oversees data protection law – www.ico.org.uk/concerns.
LexisClick tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a data request to us. If we do hold information about you we will:
To make a request to LexisClick for any personal information we may hold you need to put the request in writing addressing it to our Data Department, or writing to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Data Department.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
We keep our privacy notice under regular review. This privacy notice was last updated on 21st May 2018.
76 Shelley Road East
For the purpose of providing the Services, LexisClick will process Customer Provided Data. To the extent that Customer Provided Data is comprised of Personal Data, the parties acknowledge that LexisClick acts as a Data Processor for all Customer Provided Data supplied to LexisClick by the Customer as well as the Customer’s own customers or agents.
The Services are provided on the basis that either:
By accepting this addendum, the Customer indicates their acceptance of the provisions below and warrants that the basis of the Services set out in this Data Processing Addendum is accurate.
LexisClick undertakes a range of Processing as defined by the Services, i.e. the provision of marketing and website hosting services to the Customer, the choice of which is determined by the Customer.
LexisClick provides marketing services to support the Customer’s or Customer’s agents’ processing of data to that end.
LexisClick has access to process and manipulate Customer Provided Data under the Customer’s written instruction for the purposes of their marketing activities and customer communications.
Any processing by LexisClick of Customer Provided Data (which may comprise Processing of Personal Data) is determined by the Customer insofar as it is the Customer that ultimately determines what the Services will be and, therefore, what data processing occurs.
LexisClick classifies all Customer Provided Data as the same type of data and does not maintain visibility of different types of Customer Provided Data or categories of Personal Data within this set. LexisClick applies the same level of generic security controls to all Customer Provided Data.
LexisClick provides a service which constitutes among other things the provision of websites, hosting, storage, networking and dedicated servers to Customers. Whilst we will try to ensure the compliance of those underlying services with the applicable Data Protection Laws, we do not maintain reliable access to the Operating Systems, applications or data that Customers upload to their Customer Hosted Solution, so the Customer is responsible for all data protection issues not related to the underlying services.
The Customer is responsible for the duration of the processing of any Personal Data comprising Customer Provided Data. While the Agreement is in force, LexisClick will Process all such Personal Data in accordance with the Customer’s written instructions.
LexisClick along with its third party suppliers will be responsible for maintaining the GDPR compliance of the underlying hosting infrastructure, within the scope of the services provided to the customer. LexisClick’s personnel are subject to a duty of confidence that is compliant with the applicable Data Protection Laws.
LexisClick has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.
A non-exhaustive list of technical and organisational measures are as set out below. By entering into this addendum, the Customer confirms that it has reviewed and approved the following measures:
SECURITY MANAGEMENT & POLICY
HR & ACCESS CONTROL
INCIDENT MANAGEMENT & COMMUNICATION
AVAILABILITY OF CUSTOMER HOSTED SOLUTIONS AND SERVICES
Temporary loss of Availability or Integrity related to an Emergency Maintenance or Scheduled Maintenance is not considered to be a loss of Availability under the applicable Data Protection Laws.
In accordance with the Services being provided, LexisClick is not able to decide how Personal Data comprising Customer Provided Data is processed, as it is processing data under the written instruction of the Customer
As the Data Controller the Customer has the following responsibilities under GDPR:
By entering into this Data Protection Addendum, the Customer hereby permits LexisClick to appoint sub-processors of Personal Data and, for the term that the Data Protection Addendum is in force, shall have a general right to appoint sub-processors of Personal Data. LexisClick shall provide the Customer with prior notification before appointing any sub-processors of any Personal Data that are in addition to those noted in this Data Processing Addendum.
LexisClick utilises a small number of Data Sub-Processors in order to provide Services to the Customer. The following list of Data Sub Processors used to provide Services will be updated from time to time to reflect the current operational position:
LexisClick will update the Customer of the use of any new Data Sub-Processor prior to adoption of the Sub-Processor and transfer of Customer Provided Data or provision of any form of access to Customer Hosted Solutions by support ticket or email, and the Customer must ensure that all necessary Data Protection Consents are obtained or other legitimate grounds for processing the Personal Data are established. The Customer’s continued use of the Services constitutes approval for the use of this new Data Sub-Processor and a repeated warranty by the Customer that the use of all sub-processors is lawful under the applicable Data Protection Laws subject to LexisClick complying with its obligations under the applicable Data Protection Laws in respect of appointing sub-processors. LexisClick will perform appropriate due diligence on the Data Sub-Processor, as we will on any security-impacting supplier.
LexisClick will maintain written contracts with all LexisClick Sub-Processors including any relevant GDPR-related compliance requirements and will conduct regular checks to confirm their continuing conformance with Data Protection Laws.
LexisClick will not transfer Customer Hosted Data to any Data Sub-Processor located outside of the EEA or to any other third-party location not deemed appropriate by Binding Corporate Rules, Privacy Shield or other adequacy decision defined on a continuing basis by the Information Commissioner’s Office without explicit written permission from the Customer.
LexisClick will only process Customer Provided Data (which may or may not include data for which the Customer is the Data Controller) in accordance with the Data Controller’s written instructions, which for the purposes of data protection and this addendum are taken to be in whole contained within the section ‘Purpose and scope of LexisClick’s Data Processing on behalf of Data Controllers.’ No other written instructions can be accepted as they will fall outside of the scope of our services.
Insofar as LexisClick provides data processing services to the Customer, LexisClick will assist the Data Controller in meeting their data protection obligations including: