What this policy covers
Your privacy is important to us and we like to be transparent about how we collect, use and share information about you. This policy is intended to help you understand:
- What information we collect
- How we use your information
- How we share information
- How we store and secure information
- How to access and control your information
- Other important privacy information
What information we collect
We collect information about
- visitors to our website;
- people who use our services;
- suppliers who we work with to deliver services; and
- job applicants and our current and former employees.
How we use your information
How we use the information we collect depends on what product or service you use or access, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
Visitors to our website
When someone visits our website, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be explicit about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
If you provide us with information via one of the forms on our website, we may contact you by post, telephone and email. You are given the opportunity to opt-in to receiving this information at the appropriate section of the website when you register your details. If you no longer wish to be contacted in the future by us, follow the instructions on the specific mailing list or complete the form on our website: Email Preferences.
If you have opted in to our emails, from time to time, we may send emails to you regarding new services, releases and upcoming events. You may opt out of receiving newsletters and other secondary messages from us by selecting the ‘unsubscribe’ function present in every email we send.
Imosphere uses a third party, Spiral Hosting. To deliver this service, it processes the IP addresses of visitors to the Imosphere website.
People who contact us via social media
We use a third-party provider, Hootsuite, to manage our social media interactions.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who use our products and services
Our products and services include:
- Atmolytics, our pioneering self-service and devolved analytics platform.
- The UK’s most accurate and widely used resource allocation system for personal budgets.
- An award winning electronic care record.
- Over 100 nationally recognised assessment, care and support planning toolsets.
- Tailored training solutions.
We have to hold the details of the organisations who have requested our product(s) and/or service(s) in order to provide it. However, we only use these details to provide the product and/or service the organisation has requested.
Job applicants, current and former Imosphere employees
Imosphere is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us.
Using the information you provide us
All of the information you provide during the recruitment process will only be used to progress your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
Information we ask for
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
As part of your application, we simply ask you to send in your CV.
Our hiring managers shortlist applications for interview. They will be provided with all the information on your CV.
We might ask you to participate in assessment days, complete tests or occupational personality profile questionnaires, and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by Imosphere.
If you are unsuccessful following assessment or interview for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.
Decisions about recruitment
Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account.
You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing firstname.lastname@example.org.
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our employees, their right to work in the UK and seek assurance as to their trustworthiness, integrity and reliability.
You will be required to provide:
- Proof of your identity: you will be asked to attend our office with original documents, we will take copies.
- Proof of your qualifications: you will be asked to attend our office with original documents, we will take copies.
- We will contact your referees, using the details you provide in your application, directly to obtain references.
- We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work.
If we make a final offer, we will also ask you for the following:
- Bank details to process salary payments.
- Emergency contact details, so we know who to contact in case you have an emergency at work.
With your consent
We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer case studies to promote our products and services, with your permission.
Legal bases for processing (for EEA users)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the products or services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you with the products or services, including to operate the products or services, provide customer support and personalized features and to protect the safety and security of the products and services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our products and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the products and services.
How we store and secure information
If you are employed by Imosphere, relevant details about you will be stored on our company network, which is protected by our access control policy.
Third party systems
If you are employed by Imosphere, relevant details about you will be entered into our HR and Payroll systems, provided by third parties.
Imosphere sometimes advertises through contracted recruitment agencies. To find out about the specific information held by these agencies, please contact us.
How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Information you share on products
If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the product. For example, we continue to display assessments and reports you created and shared on our care management or analytics software systems.
If the products you use are made available to you through an organisation (e.g. your employer), we retain your information as long as required by the administrator of your account.
If you have chosen to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information.
For job applicants, if you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus six years following the end of your employment. This includes your fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for six months from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for six months following the closure of the campaign.
How to access and control your information
Imosphere tries to be as open as possible in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by contacting us under the EU General Data Protection Regulation (GDPR). If we do hold information about you, we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To access, update or remove any personal information we hold about you a formal request must be sent to us. Clearly label your request as an ‘Information Request’ and send it to the address below.
St Nicholas Court
25-27 Castle Gate
Other important privacy information
Our products and services are not for personal use. Our products and services are purchased by organisations and used by organisations. Where the products and services are made available to you through an organisation (e.g. your employer), that organisation is the administrator of the products and services and is responsible for the end-users and/or sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the products and services are subject to that organisation's policies. We are not responsible for the privacy or security practices of an administrator's organisation, which may be different from this policy.
Even if the products and services are not currently administered to you by an organisation, if you are a member of a team administered by an organisation, or if you use an email address provided by an organisation (such as your work email address) to access the products, then the administrator of that team or the owner of the domain associated with your organisational email address (e.g. your employer) may assert administrative control over your account and use of the products at a later date. You will be notified if this happens.
Under the GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here:https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Disclosure of personal information
Imosphere will not disclose personal data without consent from the individual or relevant party, or unless required due to legal obligations.
Complaints or queries
Imosphere tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to make a complaint about the way we have processed your personal information, you can contact us.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to the privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 25th May 2018.
How to contact us
Imosphere is an ISO/IEC 27001:2013 certified company, demonstrating our effective information security management system.
ISO/IEC 27001:2013 Information Security Management is the international standard for information security and ensures the correct people, processes, procedures and technology are in place to secure an organisation’s information assets.
Information security ensures the preservation of:
- Confidentiality: ensuring that access to information is appropriately authorised
- Integrity: safeguarding the accuracy and completeness of information and processing methods
- Availability: ensuring that authorised users have access to information when they need it
For further information about our Information Security policy, please contact us.
We are Cyber Essentials compliant. The Government-backed Cyber Essentials scheme provides independent assurance that we have effective measures in place and take cyber security seriously.
For more information about the Cyber Essentials scheme, visit the website: https://www.cyberaware.gov.uk/cyberessentials/.