We are 6point6 Limited and are registered in England and Wales under registration number 07946687, nature of business being Information technology consultancy activities.
Should you wish to make contact to further find out how we process personal data and information, to exercise your rights, make a complaint or discuss reacted matters please contact us using the following details:
Unless otherwise stated, this privacy statement applies to the Company’s employee’s or any other “associated persons” within the UK or overseas. Worker refers to 6point6 workers and “associated persons” as defined but not limited to:
This document is not part of your employment contract, and it is not legally binding except where it is a statement of the law. You must be aware of this document and apply it accordingly; failure to do so may result in disciplinary action being taken against you. You should consult your manager if there is anything that is not clear to you or if you are unsure about any aspect of this policy.
As an employer 6point6 must meet its contractual, statutory and administrative obligations. To that end 6point6 is committed to ensuring that the personal data of our employees and prospective employees is handled in accordance with the principles set out in the Information Commissioner’s Office Guide to Data Protection[1]
This privacy statement tells you what to expect when 6point6 collects personal information about you. This statement applies to all individuals stated in section 1.2 Scope. However, the information we will process about you will vary depending on your specific role and personal circumstances.
This privacy statement explains how we will handle any personal data that you provide, or we otherwise obtain in connection with your employment with us or when making an application for a job with us.
For the purposes of data protection law, we are the ‘controller’ of this personal data.
This statement should be read in conjunction with our UK General Data Protection Regulation (GDPR) Policy and our other company policies and procedures. Designed to protect all data and information that comes into the 6point6 systems.
Most of the personal information we process is provided to us directly by you, however other sources maybe used in certain circumstances. Therefore, we may obtain information and data about you from the following:
We currently collect and process the following personal information and data:
Table 1 – Personal data types
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we mainly rely on for processing your information are:
In the instances we process special category data such as health data,
there are additional bases we rely upon for processing such as:
If we process information about staff criminal convictions and offences, the lawful bases we mainly rely on for processing your information are:
Your information is always stored securely.
6point6 is committed to ensuring your personal information and data is secure. To this end we have ensured there are technical and organisational measures in place to safeguard and secure your personal information and data. We have deployed controls and relevant policies, procedures and guidance to maintain the security of your data.
By adopting the following market leading measures (not an exhaustive listing), we maintain our security baseline based on confidentiality, integrity, and availability to ensure that your data continues to be protected, as well as being accurate and available for its intended purposes:
All of this put together continues to demonstrate the strength of our multi-layered approach to the protection of data.
We may share your information with our service providers and professional advisors, public and governmental authorities, or third parties in connection with our business activities. We have contractual agreements in place, and we ensure third party assurance activities are undertaken on them to make sure of their usage over your data and that safeguarding controls are in place.
In the main, the systems and services we use are located in the UK and the EEA.
However, there may be occasions where your personal data may be processed outside of the above two specifically named regions. This processing may occur in countries that are ‘deemed’ not in line with the current UK and EEA levels of data handling and safeguarding, such as the US. In these situations, 6point6 has implemented measures to ensure before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and 6point6’s own policies and procedures. Steps such as conducting Data Protection Impact Assessments (DPIA’s) as well as ensuring we or our processors there is contractual protection via the use of the Standard Contractual Clauses.
We don’t routinely transfer staff personal data overseas but when this is necessary, we ensure that we have appropriate safeguards in place.
6point6 will only process/retain your personal data for as long as is necessary.
We maintain specific records management and retention guidelines that can be found in the GDPR Policy. These guidelines ensure data is deleted after a reasonable time in-line with the following retention criteria:
Under data protection law, you have rights listed as follows:
Your right of access – you have the right to ask us for copies of your personal information.
Your right to rectification – you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – you have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – you have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at (contact details in Section 1.1 Introduction) if you wish to make a request.
We will keep this statement under review and endeavour to reflect any changes to the way we work with your data or any changes in applicable laws in this statement.
This privacy statement is effective as of June 2023.
If you have any concerns about our use of your personal information, you can make a complaint to us at (contact details in Section 1.1 Introduction)
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane,
Wilmslow,
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: ico.org.uk
[1] https://ico.org.uk/for-organisations/
[2] Information you have provided regarding protected characteristics as defined by the Equality Act and s.75 of the Northern Ireland Act for the purpose of equal opportunities monitoring. This includes racial or ethnic origin, religious beliefs, disability status, and gender identification and may be extended to include other protected characteristics
[3] We may collect certain types of sensitive information where permitted by law with your consent such as health/medical information (including disability status), trade union membership information, religion, race or ethnicity, minority flag
[4] Consent for this is normally obtained through notification at the beginning of the meeting declaring recording will take place, stating employees can mute microphones and cameras if desired.