JOB APPLICANT PRIVACY NOTICE

As part of any recruitment process, Bluetree Group collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

WHAT INFORMATION DO WE COLLECT?

Bluetree Group collects a range of information about you. This includes:

• Your name, address and contact details, including email address and telephone number;
• Details of your qualifications, skills, experience and employment history;
• Information about your current level of remuneration, including benefit entitlements;
• Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
• Information about your entitlement to work in the
• Bluetree Group may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so. Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

WHY DOES BLUETREE GROUP PROCESS PERSONAL DATA?

We need to process data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you. In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant’s eligibility to work in the UK before employment starts. Bluetree Group has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims. You may also supply us with Sensitive Personal Data including but not limited to data relating to your racial or ethnic origin, religious or similar beliefs, physical or mental health and sexual orientation by completing our equal opportunities monitoring form. This information is gathered for equality of opportunity monitoring purposes. The provision of such Sensitive Personal Data by you is entirely voluntary.

WHO HAS ACCESS TO DATA?

Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles. We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

HOW DOES BLUETREE GROUP PROTECT DATA?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

FOR HOW LONG DOES BLUETREE GROUP KEEP DATA?

If your application is unsuccessful, Bluetree Group may keep your personal data on file for a period of 1 year. All information is stored securely and all data submitted by unsuccessful candidates will be destroyed responsibly after 1 year from the date of your interview. You can request for us to delete your data at any time by contacting us at DPO@bluetreegroup.co.uk. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

YOUR RIGHTS

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• object to the processing of your data where Bluetree Group is relying on its legitimate interests as the legal ground for
• If you would like to exercise any of these rights, please contact us at DPO@bluetreegroup.co.uk
• If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.

WHAT IF YOU DO NOT PROVIDE PERSONAL DATA?

You are under no statutory or contractual obligation to provide data to Bluetree Group during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

Website Usage Privacy Policy

Protecting your personal details on our website Last updated: 06 December 2021

Bluetree Design and Print Limited T/A Bluetree Group (Registered number 03793442), whose registered office is at Unit 1 Brookfields Park, Manvers Way, Manvers, Rotherham, S63 5DR (“we”, “our”, “us”), knows that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This notice describes our Privacy Policy which describes how we use your personal data whilst using this website. We believe that it is important to protect your Personal Data, as defined in the Data Protection Act 1998, the General Data Protection Regulations ((EU) 2016/679) and any UK implementing law (“Data Protection Laws”)). We are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This Privacy Policy explains how we may collect Personal Data about you. It also explains some of the security measures we take to protect your Personal Data and tells you certain things we will do and not do. For the purpose of the Data Protection Laws, Bluetree Design and Print Limited. is a data controller and a data processor (depending upon what Personal Data it collects and processes from you.) By visiting www.bluetreegroup.co.uk (“the Website”) you are accepting and consenting to the practices described in this Privacy Policy. Should you wish to print a copy of this Privacy Policy for future reference, press ctrl + p to do so.

1. Collecting Information

1.1. We may collect Personal Data about you from a number of sources, including the following:

• 1.1.1. From you when you purchase a service or product from us, which will usually involve creating an account or a guest account. We will collect your full name, email address, company name (if applicable), billing and delivery details and.
• 1.1.2 From you when you make a Job application, either directly through this website or via another application method. Further details about specific job application data collected can be found above in the Job Applicant Privacy Notice.
• 1.1.3. From you when you contact us with an enquiry or in response to a communication from us, in which case, this may tell us something about how you use our services.
• 1.1.4. From documents that are available to the public, such as the electoral register.

1.2. With regard to each of your visits to our site we will automatically collect the following information:

• 1.2.1. Technical device information, including the device used to access our site (i.e. desktop, mobile or tablet);
• 1.2.2. Information about your visit, including products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, whether our template designs have been downloaded and whether you have subscribed to our blog and/or mailing lists.

1.3. We do not anticipate collecting any special categories of personal, within the meaning of the Data Protection Laws. For example, information about your health or ethnic origin. However, in the event that we wish to do so, you will be asked to expressly consent to the collection and processing of this Personal Data and are under no obligation to provide such consent. 1.4. Where you provide Personal Data on behalf of a third party, you will ensure that you have all necessary and appropriate consents and notices in place to enable lawful transfer of the Personal Data to us for the duration and purposes of our agreement with you. This will include providing the third party with the information set out in this Privacy Policy and complying with your own obligations under the Data Protection Laws. If you are unable to ensure that you have all necessary and appropriate consents in place, do not transfer or otherwise provider that third party’s personal data to us.

2. Using Your Personal Information

2.1. The Personal Data of our customers is an important part of our business and we shall only use your Personal Data for the following purposes and shall not keep such Personal Data longer than is necessary to fulfil these purposes:

• 2.1.1. To help us to identify you when you contact us.
• 2.1.2. To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
• 2.1.3. To allow us to carry out marketing analysis and conduct research (including creating statistical and testing information). We will not, however, use your Personal Data for automated profiling to carry out automated decisions such as evaluating credit without your express consent.
• 2.1.4. To allow us to contact you (including mail, email, telephone, visit, text or multimedia messages) about products and services offered by us that are similar to those that we have already provided to you or that we have a legitimate interest to contact you about, unless you have asked us not to do so. You can manage your preferences at any time via the preferencing page on our website or by contacting us using the details set out in clause 6.1. below.
• 2.1.5. We may check your details with fraud prevention agencies, as further set out in clause 2.4 below.
• 2.1.6. To notify you about changes to our service.
• 2.1.7. To ensure that content from the Website is presented in the most effective manner for you and for your computer.
• 2.1.8. To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
• 2.1.9. To improve the Website to ensure that content is presented in the most effective manner for you and for your computer.
• 2.1.10 As part of our efforts to keep the Website safe and secure.

2.2. We will not disclose your Personal Data to any third party except in accordance with this Privacy Policy or with your express consent. 2.3. We may allow other people and organisations to use Personal Data we hold about you in the following circumstances:

• 2.3.1. Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
• 2.3.2. If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case Personal Data held by us, about our customers, will be one of the transferred assets.
• 2.3.3. If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.

2.3.4. If we engage companies and individuals to perform functions on our behalf. Any third parties we may engage are bound by strict contractual provisions with us and only have access to Personal Data needed to perform their functions, and may not use it for other purposes. In addition, they must process the Personal Data in accordance with this Privacy Policy and as permitted by the Data Protection Laws. The types of third parties that we use include:

• Contracted courier and delivery companies,
• Marketing and Market Research companies,
• Online advertising platforms,
• Customer Relationship Management software providers,
• Secure Online payment platforms,
• Recruitment companies.

2.4. In connection with any transaction which we enter into with you: 2.4.1. We, and other companies in our group, may from time to time carry out credit and fraud prevention checks with one or more licensed credit reference and fraud prevention agencies. We and they may keep a record of the search. Information held about you by these agencies may be linked to records relating to other people living at the same address with whom you are financially linked. These records will also be taken into account in credit and fraud prevention checks. Information from your application and payment details of your account will be recorded with one or more of these agencies for this purpose. 2.4.2. If you provide false or inaccurate information to us and we suspect fraud, we will record this and may share it with other people and organisations. We, and other credit and insurance organisations, may also use technology to detect and prevent fraud. 2.4.3. If you require further details of the credit agencies and fraud prevention agencies we engage from time to time, please write to our Data Protection Officer using the contact details set out in clause 6.1 below.

Protecting Information

3.1. In accordance with the Data Protection Laws, we adopt strict security measures to protect your Personal Data. 3.2. All Personal Data you provide to us is stored on our secure servers in the European Economic Area. We will not transfer your Personal Data outside the European Economic Area without your express consent. We also work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. 3.3. We reveal only the last five digits of your credit card numbers when confirming an order. Of course, we do however transmit the entire credit card number to the appropriate credit card company during order processing. 3.4. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of Personal Data. Our security procedures mean that we may occasionally request proof of identity before we disclose Personal Data to you. 3.5. It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer. If you have any reason to believe that your password may have been accessed by a third party, please contact us as soon as possible and we will take steps to reset that password. 3.6. We will only retain your Personal Data as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. This will usually be for a period of seven years. To allow you to return to your account to reorder we keep account data for up to 10 years. If an account is inactive for more than 10 years it will be deleted. If you would like us to delete your account details prior to this date please contact us via our customer service teams or via the contact detailsset out in clause 6.1. below. 3.7. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. 3.8. In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

4. The Internet and Cookies

4.1. As stated above, we may occasionally email you about our services and products. We will, however, give you the opportunity to opt-out of that communication in each email. You can also always contact us using the details set out in clause 6.1. 4.2. Please remember that communications over the Internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our reasonable control. 4.3. We may from time to time use ‘cookies’ on the Website to monitor how people use the Website. This helps us to understand how our customers and potential customers use the Website so we can develop and improve the design, layout and function of the sites. A cookie is a piece of information that is stored on your computer’s hard drive through your browser, to recognise your browser and which records how you have used a website. This means that when you go back to that website, it can give you tailored options based on the information it has stored about your last visit. 4.4. If you do not want us to use cookies, you can set your browser to reject cookies or to tell you when a website tries to put a cookie on your computer. However, you may not be able to use some of the products or services on the Website without cookies. The ‘Help’ icon on the menu bar of most browsers will tell you how to prevent your browser from accepting cookies, how to have the browser notify you when you receive a cookie and how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-ons settings or visiting the website of its manufacturer. 4.5. The cookies that we currently use on the Website are as follows:

Cookies	Purpose
_gid	Google Analytics cookie used to distinguish individual users, expires after 24 hours
_ga	Google Analytics cookie used to distinguish individual users, expires after 2 years
_ga	Google Analytics cookie used to distinguish individual users, expires after 2 years
_gat	cookie used to limit amount of user requests to maintain your website’s performance, expires after 1 minute
cookie_consent_level	Cookie used to store user consent levels, expires after 1 year
cookie_consent_user_accepted	Cookie used to store user has accepted cookie consent, expires after 1 year

5. Links

5.1. The Website may include third-party advertising and links to other websites. We do not provide any Personal Data to these advertisers or third-party websites. 5.2. Third-party websites and advertisers, or Internet advertising companies working on their behalf, may also use technology to send (or “serve”) the advertisements that appear on the Website directly to your browser. They automatically receive your IP address when this happens. They may also use cookies, JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalise advertising content. We do not have access to or control over cookies or other features that they may use, and the information practices of these advertisers and third-party websites are not covered by this Privacy Policy. Please contact them directly for more information about their privacy practices. In addition, the Network Advertising Initiative offers useful information about Internet advertising companies (also called “ad networks” or “network advertisers”), including information about how to opt-out of their information collection. You can find out more information through the website https://www.networkadvertising.org/ 5.3. We exclude all liability for loss that you may incur when using these third party websites.

6. Further Information

6.1.If you would like any more information or you have any comments about our Privacy Policy, please either write to us at Data Protection Officer, Unit 1 Brookfields Park, Manvers Way, Manvers, Rotherham, S63 5DR, email us at DPO@bluetreegroup.co.uk or telephone us at 0191 2727327. 6.2. We may amend this Privacy Policy from time to time, in which case we will publish the amended version on the Website. You confirm that we shall not be liable to you or any third party for any change to this Privacy Policy from time to time. It is your responsibility to also check the Website regularly to determine whether this Privacy Policy has changed. 6.3. You can ask us for a copy of this Privacy Policy and of any amended Privacy Policy by contacting us using the details set out in clause 6.1 above. This Privacy Policy applies to Personal Data we hold about individuals. It does not apply to information we hold about companies and other organisations. 6.4. We aim to keep the Personal Data we hold about you accurate and up to date. If you tell us that we are holding any inaccurate Personal Data about you, we will delete it or correct it promptly. 6.5. Please note that we may monitor and record communications with you (including phone conversations and emails) for quality assurance and compliance. You will be advised at the start of your phone conversations with us whether any recording is taking place and whether you are comfortable proceeding on that basis. If not, we will contact you by other means.

7. Your Rights

7.1. The Data Protection Laws give you the right to access information held about you. Your right of access can be exercised in accordance with the Act. An access request may be subject to an administrative fee to meet our costs in providing you with details of the information we hold about you. You additionally have the right to ask for your Personal Data to be deleted or to be moved to another provider. These are sometimes referred to the ‘Right to Erasure’ and the ‘Right to Data Portability’. 7.2. Please contact us using the details set out in clause 6.1 if you wish to exercise any of those rights and we will be happy to assist. 7.3. You also have the right to make a complaint to the Information Commissioner’s Office if you are unhappy about how we have dealt with your Personal Data. You can find the Information Commissioner’s Office’s website at https://ico.org.uk/