Privacy Policy
Note: Bizuking is a tradename of Renaissance Business Strategy & Engineering Ltd. You can find below the “Privacy policy” of Renaissance Business Strategy & Engineering Ltd.
Privacy policy
Contents
1. Introduction
2. Who we are and how to contact us
3. What information do we process and how?
3.1 General principles and policies
3.2. Business contacts
3.3. Direct marketing
3.4. Contracts
3.5. Personnel management
3.6. Recruitment
3.7. Online resources
3.8. Client projects
4. Your rights and how to exercise them
4.1. Right to be informed
4.2. Right to access your data
4.3. Right to get your data corrected
4.4. Right to get your data deleted
4.5. Right to limit how we use your data
4.6. Right to object to the use of your data
4.7. Right to data portability
4.8. Right to raise a concern
5. ICO registration
6. Version and change log
* * *
1. Introduction
At Renaissance, we are committed to protecting your personal data and complying with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018). This privacy policy describes why and how we process personal data. It also informs about your rights and how to exercise them. Please do not hesitate to contact us with any questions or requests regarding your personal data or this notice.
2. Who we are and how to contact us
Renaissance Business Strategy & Engineering Ltd. (referred to in this document as ‘Renaissance’, ‘we’ or ‘us’) is a company based in the United Kingdom that provides business-to-business (B2B) services in Management Consultancy and Technology. Renaissance is a data controller, which means that we are responsible for ensuring that our processing of personal data is compliant with GDPR and DPA 2018.
If you have any queries regarding your data or our privacy policy, email us by clicking here.
You can find further details about our company on the page Legal information.
3. What information do we process and how?
Renaissance carries out different business activities which may involve processing personal data. We have mapped our processing activity into seven main use cases:
- Business contacts
- Direct marketing
- Contracts
- Personnel management
- Recruitment
- Online resources
- Client projects
For each use case, we specify the types of personal data we collect, the legal grounds for processing the information, how the information is processed, how long the information is kept in our systems, and other aspects which may be relevant from a data protection perspective. You can find all these details in sections 3.2 to 3.8. Before that, section 3.1 explains some general principles and policies which apply to our entire processing activity.
3.1. General principles and policies
3.1.1. Personal data. Special category data. Protection of children.
According to GDPR, personal data is any information relating to an identified or identifiable living person. Depending on the purpose of our processing, we may collect different kinds of information about individuals:
- Personal details. For example: Name, title, date of birth, ID or passport details, etc.
- Contact details. Information used to contact an individual. For example: Phone numbers, email addresses, postal addresses, etc.
- Professional details. Information related to the professional activity and background of an individual. For example: Company name, job title, details about professional experience, training or education, languages spoken, etc.
- Business interaction details. Information about the interactions between Renaissance and an individual. For example: Participation in meetings, workshops, events or marketing campaigns, log of interactions (email, phone, social media…), etc.
- Recruitment records. Information about an individual’s participation in our talent acquisition and recruitment processes. For example: CV, information obtained from their application, interviews or assessments, references from third parties and public sources, etc.
- Personnel records. Information related to the contract and work of an individual as an employee, contractor or business partner of Renaissance. For example: Contract details, professional assessments, performance reports, bank account details, tax details, etc.
- Business contract details. Other personal data which may be necessary for the performance of a business contract between Renaissance and one of our clients, partners or suppliers.
- Online interaction details. Information about the interactions of users and visitors with our online resources (e.g. our website).
- Other information. For example: User names, service preferences, etc.
The GDPR defines specific requirements for processing certain sensitive information about individuals: “special category data” and criminal offence data. Special category data includes personal data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification purposes), and other sensitive information. This type of specially protected information can only be processed with the individual’s express consent or under certain conditions defined by GDPR and DPA 2018.
Renaissance will not require, collect or process “special category data” or criminal offence data except in the context of an employment relationship with us, if this data is necessary for legal reasons or to protect your rights or the interests of our company. In any other case, we expressly ask you not to provide “special category data” to us.
In the same way, personal data about children merits particular protection under the GDPR. As a company providing business-to-business products and services, Renaissance only intends to interact with individuals aged 18 or over. Renaissance will never knowingly process personal data of underage individuals. Apart from setting reasonable measures to prevent it, Renaissance expressly asks individuals under 18 years of age to refrain from using our products, services and online resources or interacting with our company.
Apart from the information above, Renaissance may process other personal data in the framework of consultancy projects with clients. In those cases, the details and conditions of the data processing will be defined in the contract between Renaissance and the client and may be subject to a specific privacy policy. See section 3.8 for more details.
3.1.2. Lawful bases for processing
“Data controllers” are required to determine their legal ground for collecting and using personal data. The GDPR defines six lawful bases for data processing:
- Consent: the individual has given us clear consent to process their personal data for a specific purpose.
- Contract: the processing is necessary for us to perform a contract or to take some agreed steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law.
- Legitimate interests: the processing is necessary to pursue our legitimate interests as a company or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary to perform a task in the public interest or for the official functions of the “data controller”, and the task or function has a clear basis in law.
The last two bases (“Vital interests” and “Public task”) do not apply to the current business activity of Renaissance.
When we rely on your consent for processing personal data, we will apply a number of best practices recommended by data protection authorities: Renaissance will not use pre-ticked boxes or any other type of default consent. We will ask you to positively opt-in. At the time of consent, we will explain the purpose of collecting your data and how we are going to use it, we will name the data controllers who will be relying on your consent, and we will inform you about the applicable privacy policy, your rights under data protection law and how to withdraw your consent at any time.
Sections 3.2 to 3.8 specify the legal bases for Renaissance’s processing activity, as well as a description of the purposes and reasons that support them.
3.1.3. Security
Renaissance has established appropriate technical measures and procedures to protect personal data and the systems used to process it. These measures and procedures are designed to guarantee the confidentiality, integrity and availability of both the information and our systems. When working with external parties, we assess that their security policies are also compliant with the requirements of data protection law and our policies.
If necessary, further details can be provided by contacting us.
3.1.4. Data retention.
Renaissance will not keep personal data for longer than required by the purpose for which the information was collected. In line with that principle, in sections 3.2 to 3.8, we have defined standard retention periods for each type of data and circumstance. Personal data may be held longer where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
Renaissance runs periodical audits to ensure the fulfilment of our data retention policies.
3.1.5. Data sharing. Locations of processing.
Renaissance only shares personal data with other parties when legally permitted. In particular, Renaissance does not sell nor transfer personal data to third parties for the sole purpose of allowing them to market their products or services or to resell that information to others.
When a project for one of our clients involves business-to-business commercial interactions with other companies, Renaissance may include, as part of certain project or activity reports, information about those interactions and professional and contact details of the individuals we have interacted with. We include appropriate clauses in our clients’ contracts to prevent them from using, sharing or reselling that information outside of the framework of the project with us.
In the cases we share data with others or use external services or tools to store or process personal data, we check that the information is transferred and processed in accordance with data protection law and our privacy and security standards, including the requirements set by GDPR about the locations of processing.
3.1.6. Disclosures
In addition to the cases described in section 3.1.5, we may disclose data to other parties for legal reasons. If we suspect criminal activity, we may disclose data relating to those involved or affected to the appropriate authorities. Finally, we may have to disclose data to law enforcement, other government and regulatory agencies or other third parties as required by law or if it is needed to protect our rights and defend ourselves against claims.
3.2. Business contacts
Renaissance processes personal data about individuals we interact with in the course of business. This section refers to the processing of personal data about our business contacts, including existing and potential clients, partners, suppliers, intermediaries, stakeholders and other third parties.
Processing details
Renaissance processes the following types of information (see section 3.1.1) about business contacts: personal, contact, and professional details. This information may be obtained from you (e.g. business cards, emails, etc.), publicly available sources (e.g. business websites, social media, public directories, etc.) and other third parties. Renaissance may also process information about your interactions with us (business interaction details).
The information is stored in our Business contacts database, and it is retained for as long as the relationship with a particular individual is relevant to the business and interests of Renaissance.
Purposes and lawful bases for processing
Renaissance processes personal data about business contacts for any combination of the following purposes: identify and contact potential clients, partners, suppliers, intermediaries, stakeholders, and other third parties; develop and manage the relationship with existing clients, partners, suppliers, intermediaries, stakeholders, and other third parties; inform about our company, business activity and capabilities; market our products and services; research the market and understand client needs; explore business opportunities and partnerships; perform other tasks which may be relevant to our activity.
It is important to note that when the purpose of the communication with a business contact is related to our business development activity or is part of one of our client’s projects, this section only refers to interactions made on a one-to-one basis. In particular, marketing actions targeting segmented groups of individuals are out of the scope of this section. Please refer to section 3.3 about “direct marketing” for more details.
We rely on the following legal basis for processing personal data about “business contacts”:
- Legitimate interest: The processing is necessary to pursue our legitimate interests as a company or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.
3.3. Direct marketing
We perform different marketing activities to promote our business. We may also execute marketing campaigns for our clients as part of a client’s assignment. This section refers specifically to Renaissance’s direct marketing campaigns: marketing actions directed to segmented groups of particular individuals, which excludes the one-to-one commercial communication with business contacts (covered in section 3.2) and other marketing actions that do not target specific individuals.
Processing details
Renaissance may collect the following types of information, as described in section 3.1.1: personal, contact and professional details. This information may be provided by you (e.g. if you subscribe to receive information from us). However, we may also link this information to the one available in our “Business contacts database” (see section 3.2). Renaissance will also record your consent and preferences about direct marketing, as well as the marketing interactions between you and Renaissance. Finally, if you withdraw your consent, we will record your request and immediately cease any further processing of your data for direct marketing purposes.
The personal data you provide, as well as your consent, withdrawal and marketing preferences, are stored in our Direct marketing database. The personal data is kept for as long as we have your consent to process it for direct marketing purposes. If you withdraw this consent, that information will be moved onto a suppression list for a standard period of up to 12 months to ensure that we comply with your request and that no further processing is made.
Purposes and lawful bases for processing
The purpose of this process is the execution of “direct marketing” campaigns to promote the business of Renaissance or one of our clients, inform about the activity of Renaissance or one of our clients, and market the products and services of Renaissance or one of our clients.
We rely on the following bases for processing:
- Consent: You provide your consent to be included in our marketing campaigns and process your personal, contact, and professional details for that purpose.
- Legitimate interest: We process the information about your involvement in our marketing activities to optimise our commercial activity and provide a better experience and meaningful information about our business or our clients’ business.
- Legal obligation: We record your consent/withdrawal and marketing preferences to comply with our legal obligations regarding direct marketing in the context of data protection law.
3.4. Contracts
As part of our business activity, we sign contracts with clients, partners and suppliers. This section refers to the processing of personal data necessary for the performance of these contracts.
Processing details
Renaissance may collect the following types of information, as described in section 3.1.1: personal details, contact details, professional details and business contract details. The contract parties will provide this information, although we may also link this information to the one available in our “Business contacts database” (see section 3.2).
This information may be stored in our Contract database and other related systems (e.g. our accountancy system). The personal data will be kept in our systems until the end of the contract. This retention period may be extended for the reasons explained in section 3.1.4 (for example, to comply with tax or accountancy obligations).
Purposes and lawful bases for processing
The purpose of this processing is the performance of contracts between us and our clients, partners, or suppliers.
We rely on the following bases for processing:
- Contract: The processing is necessary for us to perform a contract or to take some agreed steps before entering into a contract.
- Legitimate interest: In some instances, we may need to retain information about a contract to protect the interests of our company.
- Legal obligation: In some instances, we may need to retain information about a contract to comply with law or regulation.
3.5. Personnel management
This section refers to the processing of personal data of Renaissance’s personnel, which may include staff, contractors and certain partners.
Processing details
We collect, store and use personal data about our personnel, which is necessary to perform their contracts with Renaissance and apply our people management policies. This information may include the following types of information, as described in section 3.1.1: personal details, contact details, professional details, recruitment records and employment/contract records. This information will be provided by the individual and may be completed by Renaissance with internal information generated as part of our people management policies (e.g. performance reports) and information from external sources (public sources, references provided by our business contacts). If the processing of “special category data” and criminal offence data is required, we will follow the guidelines described in section 3.1.1.
This information will be stored in our Personnel database and other related systems (e.g. the PAYE system). The data will be kept for the duration of the contract with Renaissance, plus an additional standard period of 2 years. Exceptionally, certain information may have to be kept longer to comply with law and regulation (e.g. HM Revenues & Customs require companies to keep certain records up to 3 years from the end of the tax year they relate to). In the same way, Renaissance may have to share some of that information with authorised parties for legal reasons.
Purposes and lawful bases for processing
The purpose of this process is to manage and develop Renaissance’s personnel and the performance of their contracts with Renaissance.
We rely on the following bases for processing:
- Consent: The individual has expressly provided their consent for processing specific information.
- Contract: The processing is necessary for us to perform a contract or to take some agreed steps before entering into a contract.
- Legitimate interest: The processing is necessary for us to pursue our legitimate interests as a company.
- Legal obligation: The processing is necessary to comply with law or regulation.
3.6. Recruitment
This section refers to the personal data processing of individuals who participate in Renaissance’s talent acquisition and recruitment processes.
Processing details
Renaissance processes personal data about applicants and potential candidates in relation to job opportunities with us. The processing may include the following types of information, as described in section 3.1.1: personal details, contact details, professional details and recruitment records. The individual may provide this information as part of their application or during the recruitment process. It may also be obtained and completed by Renaissance, using information from both internal sources (e.g. information generated during our recruitment process, like interview reports, etc.) and information from external sources (e.g. personal referrals, public sources, etc.) If the processing of “special category data” and criminal offence data is required, we will follow the guidelines described in section 3.1.1.
The information will be stored in our Recruitment database for a standard period of up to 1 year after the end of the recruitment process. If the selection process is successful, the information will be moved to our “Personnel database” and aggregated into the corresponding employment record (see section 3.5).
Purposes and lawful bases for processing
The purpose of this processing is the performance of Renaissance’s talent acquisition and recruitment processes.
We rely on the following bases for processing:
- Consent: You consent to process your personal, contact, and professional details for that purpose.
- Legitimate interest: The processing is necessary for us to pursue our legitimate interests as a company.
3.7. Online resources
Renaissance owns and operates a number of online resources which internal and external users may access. This section refers to the processing of data about users and visitors of Renaissance’s “online resources”.
Processing details
Renaissance may process limited personal data about online users and visitors, including their user preferences and information about how they interact with our resources. For that purpose, Renaissance may use different technologies, including HTTP cookies and third-party services. You can find further information about cookies technology and their usage on our website in the last version of the Cookies Policy, which is available at each of our online resources.
Finally, we want you to be aware that our online resources may contain links to third-party sites that we do not control and, therefore, are out of the scope of our privacy policy. We encourage you to review the privacy policy of each external site that you visit.
Purposes and lawful bases for processing
The purpose of this process is to allow us to analyse how visitors interact with our site in order to improve our site and our services.
We rely on the following bases for processing:
- Consent: Renaissance requires your consent to store non-essential cookies on your device.
- Legitimate interest: The processing is necessary for us to optimise the use of our online resources, improve our content, products and services and provide a better user experience.
3.8. Client projects
This section refers to the processing of personal data in the context of a Renaissance project that requires that processing.
Processing details. Purposes and lawful bases for processing.
If the execution of a project for one of our clients requires the processing of personal data by Renaissance in a scenario not covered in sections 3.2 to 3.7, the details of that processing (including our role as “data controller” or “data processor”, information being processed, purposes and lawful bases for processing, etc.) will be defined in a specific privacy policy. That policy will be shared with all the relevant parties in accordance with data protection law.
4. Your rights and how to exercise them
You have a number of rights under data protection law. In this section, you will find information about all these rights, when they are available and how to exercise them. Renaissance is committed to replying promptly to your requests and, in any event, within the time limits defined by the regulation. In some cases, we may need you to provide some details in order to process the request. If you or we have to take any further steps, we will explain them in our reply. Please read the information and instructions below carefully to help you exercise your rights.
4.1. Right to be informed
You have the right to be informed about the collection and use of your personal data (what information is processed, how and on what legal grounds). You must also be informed about your rights and how to exercise them. With that purpose, we make publicly available a copy of the latest version of this privacy policy on Renaissance’s website, as explained in section 6 of this document. When explicit approval is required to process your personal data (e.g. if you want to subscribe to our marketing communications or if you apply to work with us), prior to obtaining your consent, we will also inform you about our privacy policy and your rights.
How to exercise your right to be informed
If you have any further questions about our privacy policy (or you need a copy of the latest version of this document and you cannot access our website), please email us using this link (if possible, adding “GDPR: Right to be informed” to the subject).
4.2. Right to access your data
You have the right to obtain confirmation as to whether Renaissance processes personal data about you, receive a copy of your personal data held by us as a controller and get information about how and why we process your personal data (similar to the information provided in this privacy policy).
How to exercise your right to access your data
Send us your request by email using this link (if possible, adding “GDPR: Right of access” to the subject). We will need you to provide enough information in your request to identify you. We may also ask you to prove your identity to ensure that only you access your personal data.
4.3. Right to get your data corrected
If the information that Renaissance stores about you is inaccurate or incomplete, you have the right to request us to amend or complete your personal data.
How to exercise your right to get your data corrected
This right may be exercised by emailing Renaissance using this link (if possible, adding “GDPR: Right of rectification” to the subject). We will need you to indicate in your request the information to be amended or completed. We may also ask you to prove your identity to ensure that only you change your personal data. In some instances, we may also require further evidence from you about the information to be corrected (e.g., a contractor who wants a professional certification to be added to their record).
4.4. Right to get your data deleted
The data protection law defines certain circumstances where you have the right to get your personal data deleted from our systems:
- the personal data is no longer necessary for the purpose which supported their collection or processing
- the only legal ground for holding your data is consent, and you withdraw that consent
- the legal ground for processing your data is legitimate interest, you object to the processing, and there is no overriding legitimate interest to continue this processing
- we process the personal data for direct marketing purposes, and you object to that processing
- your personal data have been unlawfully processed
- your personal data must be deleted to comply with a legal obligation
We have designed our internal procedures to delete and/or prevent the processing of your data in these cases. Regardless of that, you have the option to explicitly demand the erasure of your personal information.
How to exercise your right to get your data deleted
Should any of the cases listed above apply to you, and you want your information to be erased from our systems, please email us using this link (if possible, adding “GDPR: Right to erasure” to the subject). You must indicate in your request which circumstance applies to you and give details of what personal data you want deleted. We will contact you if additional information is needed to process your request.
4.5. Right to limit how we use your data
The data protection law defines certain circumstances where you have the right to restrict the processing of your personal data by us:
- you have contested the accuracy or completeness of your personal data, and you request your information not to be processed while we verify it
- you have objected to the processing of personal data that we collect or use on the grounds of legitimate interest, and you request your information not to be processed while we verify whether your interests override the legitimate grounds relied on by us
- your personal data have been unlawfully processed, and you request restriction of processing instead of deletion
- your personal data are no longer necessary in relation to the purposes for which they were collected and processed, and you request the restriction of processing instead of deletion because you require that information to establish, exercise or defend legal claims
Renaissance’s internal procedures restrict the processing of personal data while we consider its accuracy or the legitimate grounds for processing the personal data in question. Our procedures are also designed to delete or prevent the processing in other circumstances, such as the ones described in section 4.4. Regardless of that, you have the option to explicitly request Renaissance to restrict the processing of your personal data.
How to exercise your right to limit how we use your data
Should any of the cases listed above apply to you, and you want Renaissance to restrict the processing of your personal data, please email us using this link (if possible, adding “GDPR: Right to restrict processing” to the subject). You must indicate in your request which circumstance applies to you and the data you want to be restricted. We will contact you if additional information is needed to process your request.
4.6. Right to object to the use of your data
According to the data protection law, you have the right to object to the processing of your personal data in the following cases:
- processing of personal data for direct marketing purposes
- processing of personal data whose lawful basis for processing is the legitimate interest pursued by us or a third party
Renaissance’s procedures related to “direct marketing” are designed to make it easy for you to stop receiving our communications at any time. In particular, in all our direct marketing pieces, we include a link to allow you to be excluded from future direct marketing actions by us. Regardless of that, you have the option to make an explicit request. You can also use the procedure explained below to object to the processing of your data in other cases where the lawful basis for processing is “legitimate interest” (see section 3.1.2). However, the data protection law requires you to provide the specific reasons why you are objecting.
How to exercise your right to object to the use of your data
Please email us using this link (if possible, adding “GDPR: Right to object” to the subject). You must indicate in your request which circumstance applies to you as well as your reasons for objecting (if that is required). If you object to the processing of data we collect or use on the legal ground of “legitimate interest”, we must verify whether your interests override the legitimate grounds we relied on.
4.7. Right to data portability
You have the right to receive the personal data you provided to us when our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
How to exercise your right to data portability
Send us your request by email using this link (if possible, adding “GDPR: Right to data portability” to the subject). We will need you to provide enough information in your request to identify you. We may also ask you to prove your identity to ensure that only you access your personal data.
4.8. Right to raise a concern
IIf you have any concerns about how we are handling your personal data or any request you have made to us in connection with your rights under the data protection law, please email us using this link. We look into and respond to all the queries we receive. We are committed to working with you to resolve your concerns. We also invite you to send us your suggestions and ideas to improve our procedures and services.
If you are not satisfied with our response, you also have the right to lodge a complaint with the data protection authority in your country of residence, place of work or the country where an alleged infringement of data protection law has occurred within the EU. In the United Kingdom, the Information Commissioner’s Office (ICO) is the independent authority set up to uphold information rights. For further information on your rights and how to raise a concern with the ICO, please refer to the ICO website: https://ico.org.uk/your-data-matters/.
5. ICO registration
Renaissance is registered with the Information Commissioner’s Office (ICO) with registration reference ZB194611.
6. Version and change log
This version of the privacy policy was last updated on 10 October 2024.
As part of Renaissance’s internal procedures, we periodically review our privacy policy and the contents of this document. The last version of the Privacy Policy is available on our websites. You can download a PDF version of the current Privacy Policy by clicking here.
Change log
Version 1.1.1 [2024.10.10]: We updated some links, corrected minor errors, and improved the overall writing style for clarity.
Version 1.1.0 [2024.09.01]: We corrected minor errors, rewrote section 3.7, added details of ICO registration (section 5, new) and updated some links.
Version 1.0.0 [2020.07.01]: First public version of Renaissance’s privacy policy.