Owner and Data Controller
The Data Controller is the person or business that determines the manner in which personal data is processed, and is responsible for the security of any personal data that has been collected. For the purposes of data protection legislation in force from time to time the data controller is NextWave Consulting or Infinium Consulting (or “we”), while the Data Subject is any individual we process personal data for (referred to throughout as “you”). The nominated data protection representative at NextWave Consulting is our COO/CEO, and can be contacted at the following:
Address: 71-75 Shelton Street, Covent Garden, London WC2 9JQ
The nominated data protection representative at Infinium Consulting B.V is Jeanette Zeilmaker, and can be contacted at the following:
Address: 9th Floor, UN Studio, Parnassusweg 819, 1082 LZ, Amsterdam, The Netherlands
Personal Data we Collect
When you register to download a report, register to view a document or submit a CV via our website, certain personal data will be requested from you, such as your name, email address and phone number. If you opt in to receiving job alerts via our website, additional data may be requested from you, such as your job search criteria and salary expectations.
NextWave Consulting and Infinium Consulting B.V are committed to all aspects of data protection and takes seriously its duties, and the duties of its employees. When you submit personal data via our website, you understand that NextWave Consulting and Infinium Consulting B.V may store your information on our secure server in accordance with our data Retention and Destruction policy. If you would like to review this policy, please contact our Data Controller by emailing HR@Nextwave.co.uk or firstname.lastname@example.org.
Should any of the personal data you submit to us change, please notify us without delay so we can ensure your details are kept up to date and accurate.
Sources we collect personal data from include, but are not limited to, the following:
- When you complete a form on our website;
- when you send your CV to us;
- when you apply for a role we advertise;
- Online jobsites;
- Social media (i.e. LinkedIn);
- Telephone call;
- the public domain;
Types of Data collected
Among the types of Personal Data that this Website collects, by itself or through third parties, there are: Cookies; Usage Data; first name; last name; phone number; email address.
- Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
- Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
- Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
- Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Owner.
Legal Basis for Processing
Our legal basis for the processing of personal data is our legitimate interests, although we will also rely on contractual obligations to which you are subject, legal obligations and consent for specific uses of data. We will rely on contractual obligations if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation. We will rely on legal obligation in some cases, where we are required by local laws or regulations to process your data. We will in some circumstances rely on consent for particular uses of your data. Where we rely on consent, you will be asked for your express consent.
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
You can also connect to us through LinkedIn via the links on our home page. Please note that we are not responsible for the content or privacy practices of non-NextWave Consulting or non-Infinium Consulting B.V webpages to which this site may link.
We will not process your personal data for longer than is useful for the purpose for which it was provided (see the section on ‘Goals of and bases for processing’). This means that your personal data will be kept for as long as it is necessary to achieve the relevant goals. Certain data must be retained for a longer period of time (often 7 years) because we have to comply with statutory custody obligations (for example the fiscal retention obligation) or in connection with instructions from our professional association.
We have taken appropriate organisational and technical measures for the protection of the personal data insofar as these can reasonably be required of us, taking into account the interest to be protected, the state of the technology and the costs of the relevant security measures. We oblige our employees and any third parties who necessarily have access to the personal data to secrecy.
Furthermore, we ensure that our employees have received a correct and complete instruction on the handling of personal data and that they are sufficiently familiar with the responsibilities and obligations of the AVG. If you appreciate this, we will gladly inform you about how we have designed the protection of personal data.
You have the right to inspect, rectify or delete the personal data that we have from you (except, of course, if this would interfere with any legal obligations). You can also object to the processing of your personal data (or a part thereof) by us or by one of our processors. You also have the right to have the information provided by you, transferred by us to yourself, or directly to another party if you so wish.
Incidents with personal data
If there is an incident (a so-called data leak) regarding the personal data concerned, we will inform you without delay, subject to compelling reasons, if there is a real chance of negative consequences for your privacy. We will aim to do this within 72 hours after we have discovered this data breach or have been informed about this by our (sub) processors.
Invalidation of the EU-US Privacy shield
A recent ruling (July 2020) by the EU, invalidates the EU-US privacy shield. As such we have recently amended our privacy statement to align with this new ruling. In the EU we work with several parties; Siteground (web-site), Microsoft, Freshteams, Scoro and Surveyanyplace. Google Analytics is US based and there are on-going privacy discussions with the EU. We have taken measures to anonymise user IP addresses and to remove any Personal Identifiable Information (PII) that is passed to Google from our web-site. All users to the web-site also now have to consent to the Cookies prior to using the site.
How can I control the cookie preferences?
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more about how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.