What would you like to know about?
Select a topic

Privacy Notice

Last updated: 11 April 2024

About this notice

This privacy notice (Notice) explains how Bynd Limited and Bynd LLC (we, our, us, BYND) processes personal data in relation to the running of our business and how we manage our relationships with our clients. It also explains your rights under data protection legislation. 

If you are a direct client or if you are a visitor to our website then Bynd will be what is known as the data controller of your personal information. If Bynd is accessing data in order to facilitate any work on your behalf, then Bynd be what is referred to as a data processor of the personal data that we have access to in order to facilitate the agreement in place between us. 

If you have any questions or concerns about the information in this notice, or about our handling of personal data more generally, or if you would like more detailed information, you should email our data protection and privacy office at

How we use your personal data in order to run and promote our business

Operational logs and statistics

The servers hosting our website log basic activity for the purpose of monitoring the technical health and security of our sites and finding and diagnosing problems with it. Typically, this will consist of information about your browser, operating system, device type, and IP address, as well as the pages viewed and any errors encountered. Read our cookie policy.

This information is not used for any other purpose and is separate from our use of Google Analytics, described below.

Our vendors process and retain this information according to their privacy policies. You can learn more about how our hosting vendors process data below:

We do this on the basis of our legitimate interest in maintaining our website and fixing problems that may occur.  We have considered our legitimate interests carefully and have balanced our legitimate interests against your rights under data protection law. We only use your data as necessary for maintaining the website and it is in your reasonable expectation that we would need to use certain personal data in this way.

Social Advertising Platforms

We use platforms like Linkedin, Meta, and Google Ads to enhance our marketing efforts, track user interactions, and provide targeted advertisements. These platforms collect specific data about your interactions with our website. You can learn more about how these platforms process data by visiting their respective privacy policies and our Cookies Policy

We process this information under the legal basis of consent. Please note that you have the right to withdraw consent any time. If you wish to do so you can manage your own preferences or contact us directly. 

Analytics used for improving our services

We use a Google service called Google Analytics to help inform our marketing decisions – for example, the information provided by Google might tell us that we have a large number of visitors from a particular area or falling into a particular demographic.

The service works by saving to your device a series of small files called “cookies”, which contain information which Google can use to track your activity on our website and identify unique visitors.

We ask for your consent before we store performance cookies on your device using our website’s privacy preference center. Read our Cookie Policy to understand how we use cookies for analytics and to manage your existing cookie preferences.

The information presented to us by Google is statistical in nature and does not identify you personally, but if you have a Google account and you are logged in to it on the device you’re using to browse our website then it is likely that Google will know who you are.

Read about Google Analytics data protection.

Read about Google Analytics data retention.

Find details of how Google uses your personal data on their privacy notice.

Marketing and promoting our business

Our marketing communications include periodic newsletters and information in relation to a specific marketing campaign. When you sign up to receive our marketing information using one of our contact forms, we store your contact information so that we can send you personalised content over email.

If you contact us for the purposes of doing business with us, or we have an existing relationship with you, we may ask if you’re interested in receiving our marketing information, but we will rely on your consent before we send you our newsletters or promotional emails.

We may, therefore, store the following information about you:

  • Name

  • Role / Job title

  • Email address

When you subscribe to our newsletters, we may send you marketing communications for as long as you've subscribed. You may opt out of our marketing emails at any time by using the unsubscribe link in the emails.

We may retain certain data about you after you've unsubscribed. We do so in order to maintain our suppression list to ensure that we can give effect to your right to opt out of further communications. 

We use Pipedrive and Hubspot for promoting our business and your personal data will be stored and processed on Pipedrive and Hubspot servers. When you interact with an email campaign that you receive from us, Pipedrive and Hubspot may collect information about your device and interaction with the email.

You can learn more about Pipedrive and Hubspot’s data privacy pages and how they collect this information here.

We process this information under the legal basis of consent. Please note that you have the right to withdraw consent any time. If you wish to do so you can manage your own preferences via the unsubscribe link at the bottom of our newsletter or contact us directly.

Events

We use Linkedin and our Webflow sign-up forms for advertising our events and allowing sign-ups. When you sign up for an event through these platforms, we store your contact information so that we can contact you before and after the event.

We store the following information about you:

  • Name

  • Role / Job title

  • Email address

When you sign up for our events through Linkedin or our Webflow forms, the data is processed through Zapier, which then transfers the information to Pipedrive and Hubspot for further processing and management.

We give you an option to subscribe to our newsletter and will transfer your contact information to our marketing mailing lists if you give your consent for us to process your data in this way. See the "Marketing and promoting our business" section for more information about how we process this information.

We may require a payment when you're attending our ticketed events. The payment information will be processed on a third-party platform who will be our sub- processors for this activity. Please note that anytime we use a sub processor we always ensure that they will provide you with an equivalent level of protection as per our obligations under data protection legislation. 

We may share your contact details with third parties who are organising the events with us, for example, event venues or partners we're working with on the event. If this is the case you will be provided with this additional information at the time you register for the event. 

We store your contact details for as long as you are registered for the event as we may need to contact you regarding any changes or updates. We may keep your information after the event, for the purposes described above.

We process this information under the legal basis of consent. Please note that you have the right to withdraw consent any anytime.

Processing Enquiries through OpenAI

We utilise OpenAI's services to process inbound inquiries. If you choose to send us a message via our online web form and the ‘project brief’ or ‘message’ fields includes your contact details,  they will be sent via Zapier to OpenAI via a secure API. As part of this process, we will redact any personal information we do not require to answer your query before porting that data back into our internal systems so that the relevant team can contact you. Our priority is safeguarding your privacy by minimising the exposure of personal data and adhering to the highest data protection standards.

When inquiries are sent to OpenAI, we do so with the strict guideline that no Personally Identifiable Information (PII) is used for language learning models (LLMs) or other purposes outside of redacting personal information from these communications. This process enables us to maintain the confidentiality and integrity of your data while also benefiting from the capabilities of advanced AI to enhance our service quality and responsiveness.

For more detailed information about OpenAI's privacy practises, see its Privacy Policy.

Please note that we may use an anonymised version of this data set to provide this service. We carry out these processing activities under the legal basis of legitimate interest.

Day-to-day business interactions and general administration

Where we work with other businesses and organizations, we will have the business contact details of the relevant people who work there in order to provide the services as set out in the contract that exists between us and manage that relationship.  Such processing activities may include: 

  • taking steps to enter into, maintain and manage our contract of service with you;

  • managing any disputes or complaints in relation to the services we provide;

  • processing in furtherance of our commercial activities such as to maintain and manage our business operations;

  • management reporting and internal process requirements;

  • to develop and improve our products and services;

  • to communicate with you regarding additional product offerings and to facilitate making campaigns and events;

  • to communicate with you regarding any queries you raise via the website;  

  • We may also process your personal information for the establishment, exercise, or defense of legal claims or if we proceed with a claim against you or  

  • in order to give effect to your rights under data protection legislation or any other legal obligations that we are subject to.  

We carry out these processing activities under the legal basis of performance of contract, legitimate interest, that being our interest in running our business in an efficient and legally complaint manner, to fulfil our legal and regulatory obligations or in some cases with your consent. 

How we collect you personal data as a business client

We collect your personal data as part of our business relationship when you are acting on behalf of your organization. We collect your data from a number of different sources including:  

  • Directly from you in person, by telephone, email, surveys or via our website;

  • From publicly available sources such as internet search engines and social media sites;  

  • From call recording when you interact with us;

  • From our website, including the use of cookie and web analytics. Please see our cookies policy for further information;

  • From third parties in connection with any acquisition or merger of a business by us.  

Who we share your personal data with

There may be circumstances where we share your personal data with other parties. Such examples include:  

  • Directly from you in person, by telephone, email, surveys or via our website;

  • From publicly available sources such as internet search engines and social media sites;  

  • From call recording when you interact with us;

  • From our website, including the use of cookie and web analytics. Please see our cookies policy for further information;

  • From third parties in connection with any acquisition or merger of a business by us.  

If you would like further information in relation to who we share your data with please contact our Data Protection and Privacy Office on the details set out above. 

How we use your personal data when providing services to our clients

Product research for our clients

You may participate in the research work we do for our clients. This includes interviews, field studies, usability testing and surveys. We may also send you a post-test questionnaire following a research session if you consent to receive such materials. 

We may use a third-party recruitment agency in the recruitment process of any external research subjects. The recruiters may provide us with your contact information so we may contact you before and during the interview process if you consent to the onward transfer of your data. 

During the interview process, we may collect various types of information for demographics purposes. This may include some special categories of personal information. You may refuse to answer any questions without needing to provide us with a reason. We will always seek your explicit consent to process such information. 

When we're conducting interviews remotely, we may record audio and video so that we may reference these during the research process. We will ask consent from every participant for the recording and you may end the sessions at any time.

We may need to share your personal data with the client so that they may use your contribution for the purpose of the research. We will inform you of this when you participate in our research and ask for your consent before sharing your personal information.

Your personal data, including any audio and video recordings and any special categories of data, shall be retained for as long as it is required in connection with the research purpose and record-keeping. Your personal data will usually be deleted once the project that the data was relevant to has been completed. We will make you aware of any changes to this in advance of the research taking place and ask for your consent before extending this period.

We use third party platforms to conduct interviews and these vendors may store and process your data. We carry out due diligence in relation to all of our processors as per our obligations under data protection legislation. If you have any questions regarding these technology providers please contact the Data Protection and Privacy Office on the details set out above.

Workshops with our clients

You may participate in workshops for the work we do for your business. Some of these workshops may also take place during the events we organise. 

The information processed will likely include your name, occupation and any relevant contact details needed to access these workshops. We may also ask for your photograph to personalise the experience.

Information about the particular workshop and details of the use of your data will be provided in advance of your participation in the workshop. We ask for your consent before you participate in any workshop or process your data. We may share the research data with our clients. We will inform you of this when you participate in our research and ask for your consent before sharing your personal information.

When we're conducting workshops remotely, we use third-party platforms that may store and process your data. If you have any questions regarding these technology providers please contact the Data Protection and Privacy Office on the details set out above.

Technical solutions for our clients

When we process personal information in order to facilitate technical solutions to or provide services for our clients, they will be the controllers of the personal data we process for this purpose. In order to understand your rights and how they process your personal information please see their privacy notice as available on their webpages or their Employee Privacy Notice which will be available internally or via their own Data Protection and Privacy Office. 

Who we share your personal data with

There may be circumstances where we share your personal data with other parties. Such examples include:  

  • Our third-party service providers such as IT suppliers, auditors, marketing agencies and documents management providers;  

  • Regulators who govern how we operate such as the ICO and the Advertising Standard Authority;  

  • Third parties in connection with any sale, transfer or disposal of our business.  

  • Other entities within Next 15 Group Plc for the purposes of administrating technical and administrative support.

  • Our clients who have instructed the service we are providing to them – in most cases this will be your employer.

  • We may also disclose your personal information to other third parties where disclosure is required by law or by a regulator with authority over us on the grounds of substantial public interest.  

If you would like further information in relation to who we share your data with please contact our Data Protection and Privacy Office on the details set out above. 

Data Retention

We will retain your personal data for as long as is reasonably necessary for the purposes explained in this Notice. 

If we are acting as the data controller of the information process in most cases this will be a maximum of seven years post termination of contract. Where we are acting as data processors on behalf of our client our data retention period will be in line with the terms of our commercial agreement or the length of campaign plus one year. 

In some circumstances we may retain your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. We may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your relationship with us. Where your personal data is no longer required, we will ensure it is either securely deleted or stored in a way that no longer identifies you. If you would like further details regarding our records retention then please contact us.  

Compliance with the CCPA / CPRA

The California Consumer Privacy Act (CCPA) as amended by the California Consumer Privacy Act of (CPRA) gives consumers more control over the personal information that businesses collect about them.

Bynd does not currently meet the criteria described that would have the CCPA apply to our business operations. Namely, because we do not:

  • Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or

  • Derive 50% or more of our annual revenue from selling California resident's personal information.

International data transfers

There may be circumstances where we transfer information to our service providers/ data processors outside of the UK or the EEA. If we do so, then your personal data will only be transferred on one of the following conditions:  

  • Our third-party service providers such as IT suppliers, auditors, marketing agencies and documents management providers;  

  • Regulators who govern how we operate such as the ICO and the Advertising Standard Authority;  

  • Third parties in connection with any sale, transfer or disposal of our business.  

  • Other entities within Next 15 Group Plc for the purposes of administrating technical and administrative support.

  • Our clients who have instructed the service we are providing to them – in most cases this will be your employer.

  • We may also disclose your personal information to other third parties where disclosure is required by law or by a regulator with authority over us on the grounds of substantial public interest.  

Said mechanism ensure that your personal data is protected to the same standard as it would be within the UK or the EEA.  

If you would like further details about how the technology providers transfer your personal data please click on the links above or contact our data protection team (see above for contact details).

Your Rights Under this Notice and How to Make a Complaint. 

Under data protection legislation you have the following rights:

The right to be informed – We are required to provide individuals with clear and precise transparency information regarding who we are and what we do with your data. This Privacy Notice along with other transparency information gives effect to this right;

The right of access – Individuals have the right to access and receive copies of their personal data alongside other supplementary information as required. If you wish to affect this right please contact our data protection team on the details provided above;

The right to rectification – Individuals have the right to ensure that the information that we hold about them is accurate. If you believe that the personal information that we hold about you is inaccurate or incomplete, then please contact us to request that we amend or update our records;

The right to erasure – You have the right to request that all data pertaining to you be erased from our systems. Please note that there are certain circumstances where this request may not be possible. If we are unable to comply, we will issue you with meaningful information regarding why this is the case;

The right to restriction of processing – There may be circumstances where we will restrict the processing of your data. For example, if we are investigating a claim that your personal information is no longer accurate or you object to the processing taking place;

The right to data portability - You have the right to request that your information be compiled into a common, machine-readable format and either provided directly to you or sent by us to a third-party you nominate. If this is not possible, we will issue you with information setting out why this cannot be done;

The right to object – You have the right to object to us processing your data or a category of data that we hold about you. If we are unable to comply with your request, we will issue you with meaningful information regarding why this is the case;

Rights in relation to automated decision making and profiling – You have the right to request human intervention relation to any process involving automated decision making or profiling where that processing results in legal or similarly significant effects.  

Please note that the above rights are not absolute and requests may be refused where exemptions apply. 

  • Email our data protection team on privacy@bynd.com or

  • Bynd, Data Protection and Privacy Office, 60 Great Portland Street, London, W1W 7RT.

In order to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made.

If your personal data is subject to UK or EU data protection laws, then you have the right to lodge a complaint about our handling of your personal data with your local supervisory authority, although we do ask that you raise any concerns with us first as we can probably address them much more efficiently. 

Changes to this privacy notice

We reserve the right to amend this notice at any time in response to changes in data protection legislation and our legal and regulatory obligations. We recommend that you check our privacy page on a regular basis. If the changes will have an effect on you or the way we use your personal data we will bring them to your attention where appropriate (e.g. if we have your email address as part of our relationship with you).

Back to top

Privacy

Last updated: 31 October 2023

When you browse our site, we may collect some information about you – like your location, or the pages you look at. This information is your ‘personal data’.

We use your personal data to:

  • Run and promote our business, and manage relationships with colleagues and clients
  • Provide services to our clients
  • Recruit awesome people to work with us
  • Read our cookie policy.
  • Read our full privacy policy below.

1.  Who we are and how to contact us

We are BYND LIMITED of the United Kingdom, a limited company whose registered office is at 60 Great Portland Street, London, W1W 7RT. Our registered company number is 07123452. We're also associated with BYND LLC, a limited liability company based in the US. Both companies are trading under the Beyond brand and may provide you with our services.

We are the publisher of this website, and a controller in respect of the personal data which it collects. This privacy notice applies to all of our public websites and provided services unless specified otherwise.

If you have any questions or concerns about the information in this notice, or about our handling of personal data more generally, or if you would like more detailed information, you should email us at privacy@bynd.com.

2.  How we use your personal data to run and promote our business and manage relationships with the people we work with

2.1 Operational logs and statistics

The servers hosting our website log basic activity for the purpose of monitoring the technical health and security of our sites and finding and diagnosing problems with it. Typically, this will consist of information about your browser, operating system, device type, and your IP address, as well as the pages viewed and any errors encountered.

This information is not used for any other purpose, and is separate from our use of Google Analytics, described below.

This information is processed and retained by our vendors according to their privacy policies. You can learn more about how our hosting vendors process data below:

We do this on the basis of our legitimate interest in maintaining our website and fixing problems with it. We have considered our legitimate interests carefully and have balanced our legitimate interests against your rights under data protection law. We consider this use to be proportionate because it is appropriate to our relationship with you. We only use your data as necessary for maintaining the website and it is in your reasonable expectation that we would need to use certain personal data in this way.

2.2 Social and Advertising Platforms

We use platforms like Linkedin, Meta, and Google Ads to enhance our marketing efforts, track user interactions, and provide targeted advertisements. These platforms may collect specific data about your interactions with our website. You can learn more about how these platforms process data by visiting their respective privacy policies.

2.3 Analytics used for improving our services

We use a Google service called Google Analytics to help inform our marketing decisions – for example, the information provided by Google might tell us that we have a large number of visitors from a particular area, or falling into a particular demographic.

The service works by saving to your device a series of small files called “cookies”, which contain information which Google can use to track your activity on our website and identify unique visitors.

We ask for your consent before we store performance cookies on your device using our website’s privacy preference centre.

Read our Cookie Policy to understand how we use cookies for analytics and to manage your existing cookie preferences.

The information presented to us by Google is statistical in nature and does not identify you personally, but if you have a Google account and you are logged in to it on the device you’re using to browse our website then it is likely that Google will know who you are.

You can learn more about Google Analytics data protection.

Learn about Google Analytics data retention.

Find details of how Google uses your personal data on their privacy notice.

2.4 Marketing and promoting our business

Our marketing communications include periodic newsletters and information in relation to a specific marketing campaign. When you sign up to receive our marketing information using one of our contact forms, we store your contact information so that we can send you personalised content over email.

If you contact us for the purposes of doing business with us or we have an existing relationship with you, we may ask if you’re interested in receiving our marketing information, but we will rely on your consent before we send you our newsletters or promotional emails.

We may, therefore, store the following information about you:

  • Name
  • Role / Job title
  • Email address

When you subscribe to our newsletters, we may send you marketing communications for as long as you've subscribed. You may opt-out from our marketing emails at any time by using the unsubscribe link in the emails.

We may retain certain data about you after you've unsubscribed, but only as necessary to ensure you will not receive any further marketing communications.

We use Pipedrive and Hubspot  for promoting our business and your personal data will be stored and processed on Pipedrive and Hubspot servers. When you interact with an email campaign that you receive from us, Pipedrive and Hubspot may collect information about your device and interaction with the email.

Learn more about Pipedrive and Hubspot’s data privacy pages and how they collect this information.

2.5 Events

We use Linkedin and our Webflow sign-up forms for advertising our events and allowing sign-ups. When you sign up for an event through these platforms, we store your contact information so that we can contact you before and after the event.

We store the following information about you:

  • Name
  • Email address
  • Company

When you sign up for our events through Linkedin or our Webflow forms, the data is processed through Zapier, which then transfers the information to Pipedrive and Hubspot for further processing and management.

We give you an option to subscribe to our newsletter and will transfer your contact information to our marketing mailing lists if you subscribe to our newsletter. See the "Marketing and promoting our business" section for more information about how we process this information.

We may require a payment when you're attending our ticketed events. The payment information will be processed on a third-party platform.

We may share your contact details with third parties who are organising the events with us, for example, event venues or partners we're working with on the event.

We store your contact details as long as you're attending the event and we need to contact you regarding the event. We may keep your information after the event, for the purposes described above.

2.6 Day-to-day business interactions and general administration

Where we work with other businesses and organisations, we will have the business contact details of the relevant people who work there, and we will use them to manage our relationship with that business and carry out the usual sorts of business administration tasks.

We share this information with our parent company, Next Fifteen Communications Group Plc ("Next 15"), because it operates a number of our “back office” functions for us, and with our and their technology suppliers (to the extent necessary for them to perform their functions).

Read the Next 15 privacy policy.

We keep information about employees of clients or suppliers for as long as the relevant businesses are customers or suppliers (as applicable), and for up to ten years afterwards, in case of issues or disputes.

We do this on the basis of our legitimate interest in operating our business. We have considered our legitimate interests carefully and have balanced our legitimate interests against your rights under data protection law. We consider this use is proportionate because it is appropriate to our relationship with you, we only use your business contact details and, it is in your reasonable expectation that we would need to use your personal data to contact you in this way.

3. How we use your personal data when providing services to our clients

3.1 Product research for our clients

You may participate in the research work we do for our clients. This includes interviews, field studies, usability testing and surveys. We may also send you a post-test questionnaire following a research session.

We may use a third-party recruitment agency in the recruitment process of any external research subjects. The recruiters may provide us with your contact information so we may contact you before and during the interview process.

We ask for your consent before you participate in an interview and process your data. During the interview process, we may collect various types of information for demographics purposes. This may include some special categories of personal information. You may refuse to answer any questions without needing to provide us with a reason.

When we're conducting interviews remotely, we may record audio and video so that we may reference these during the research process. We will ask consent from every participant for the recording and you may end the sessions at any time.

We may need to share your personal data with the client so that they may use your contribution for the purpose of the research. We will inform you of this when you participate in our research and ask for your consent before sharing your personal information.

Your personal data, including any audio and video recordings and any special categories of data, shall be retained for as long as it is required in connection with the research purpose and record-keeping. Your personal data will usually be deleted once the project that the data was relevant to has been completed. 

We will make you aware of any changes to this in advance of the research taking place and ask for your consent before extending this period.

We use third party platforms to conduct interviews and these vendors may store and process your data. If you have any questions regarding these technology providers, you can contact us at privacy@bynd.com for more information.

3.2 Workshops with our clients

You may participate in workshops for the work we do for your business. Some of these workshops may also take place during the events we organise.

The data collected during the workshops may be with our Beyond employees or other participants attending the workshop or working on the project. This information will likely include your name, occupation and any relevant contact details needed to access these workshops. We may also ask for your photograph to personalise the experience.

Information about the particular workshop and details of the use of your data will be provided in advance of your participation in the workshop. We may share the research data with our clients. We will inform you of this when you participate in our research and ask for your consent before sharing your personal information.

When we're conducting workshops remotely, we use third-party platforms that may store and process your data. If you have any questions regarding these technology providers, you can contact us at privacy@bynd.com for more information.

3.3 Technical solutions for our clients

We may collect and store the following types of information on the websites and applications we develop and manage for our clients:

Operational logs and statistics data. This information may be stored and shared with our cloud infrastructure and services providers in order to provide reliable services and ensure the security of the services. This may include information about your IP address, device, browser or location.

Analytics data and cookies. The information will be used to improve the performance and user experience of the applicable service and not shared across the services we provide for our different clients. This may include information about your IP address, device, browser or location.

Authentication information may include your name or email address as needed to provide a unique and secure user experience.

Contact information for marketing purposes to allow you to learn more about our client's services or for our client to contact you to provide relevant customer service. When entering such information you will be informed of the purpose of the information.

The information we collect and process for our clients may be shared with our internal team and suppliers as needed for them to provide the services for our client.

Outside of our general day-to-day business applications, the suppliers used for each service will vary from client to client. The websites or services we manage for our clients will include a privacy notice with details of the personal data collected and processed as applicable to those services.

4. How we use your personal data for our recruitment

Where you apply for a job opening posted by us and you are a European job applicant, the provisions in the Privacy Notice for recruitment will apply to our processing in addition to what has been provided to you in this privacy notice.  

See the full privacy notice for recruitment.

4.1 Information we collect when you apply for a role

We use Workable to assist with our recruitment process. When you see a job opening posted on our careers page, you will be provided with a link to submit a job application on the Workable website.

We may collect and process the following types of information from you in our recruitment process:

Information that you provide when you apply for a role through on online job sites, via email, in person at interviews and/or by any other method.

If you contact us, we may keep a record of that correspondence.

We maintain a record of your progress though the hiring process that we may conduct.

When you visit our recruitment website, we may store details of your visits and the resources you access.

When you submit a job application, we rely on your consent to disclose your information to us and any service providers involved in our recruitment process. Workable and any other service providers we use will process your personal data in accordance with our instructions.

When you apply for a job opening on a third-party job site or similar online service provider, you should note that the provider may collect and retain your personal data in addition to what has been outlined here. Any use of such third-party providers will be in accordance with their privacy notice.

Read Workable’s Privacy Policy.

We will hold your personal information in Workable for 12 months from the date you applied for a role or since we’ve collected the information from other sources.

4.2 Information we collect from other sources

We may additionally collect information from other sources:

  • Publicly available sources such as LinkedIn
  • Various databases where you have submitted your information
  • When a third party recommend you as a candidate

Where we are collecting information from these sources (and not directly from you), we are relying on legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are the recruitment of staff for our business.

5. International transfer of personal data

5.1 Internal transfers

We operate in multiple countries in Europe and we may need to transfer your personal data outside of the country from which it was originally provided, within the UK and the EEA.

We also operate in the United States, and we may need to transfer your personal data outside of the UK and the EEA.

Our parent company, Next 15, operates globally and any data processed by them may be transferred outside of the UK and EEA.

5.2 External transfers

Due to the global nature of our technology providers we may store your personal data outside of the UK or the EEA. Our technology providers have developed processes to ensure that where your personal data is transferred outside of the UK or EEA they have a legal basis for doing so and your personal data is protected to the same standard as it would be protected in the UK or EEA by putting in place safeguards.

Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by either ensuring that the relevant countries have been deemed to provide an adequate level of protection for personal data or, otherwise, we may use specific contracts approved for use in the UK and EEA which give personal data the same protection it has in the UK and EEA.

If you would like further details about how the technology providers transfer your personal data please click on the links in the relevant sections above or contact our data protection team at privacy@bynd.com.

6. Your rights and how to exercise them

European and UK privacy laws grant people certain rights in relation to their personal data. Below is a short overview of those rights.

If those laws apply to you, you can exercise your rights by contacting us at privacy@bynd.com. If you do contact us to exercise your rights, it is a good idea to be as specific as possible about which rights you wish to exercise because it enables us to respond more quickly.

6.1 You have the right to a copy of your data

You have the right to have access to the information we hold about you. There are a few exceptions to that right, designed to protect the rights of other people. If it is information you have given to us, you have the right to receive it in a portable electronic format.

6.2 You have the right to have wrong information corrected

If we hold information about you that is factually inaccurate then you have the right to have it corrected. This right does not extend to matters of opinion.

6.3 In some situations, you have the right to have your information deleted

You may have the right to have some or all of your information deleted, principally if the information you want deleted is no longer needed or if we don’t have a legal basis to continue using it (for example, if we are using it on the basis of your consent and you withdraw your consent).

6.4 If we’re relying on your consent, you have the right to withdraw your consent at any time

If we’re relying on your consent to do something with your information (for example, our use of Google Analytics) then you have the right to withdraw that consent at any time.

6.5 If we’re not relying on your consent, you may still have the right to object to things we do with your information

If we are doing something with your data not on the basis of your consent but on the basis of our “legitimate interest”, then you have the right to object to what we are doing, and we must stop unless we can show that there is a compelling and legitimate reason to continue, or what we are doing relates to a legal claim.

6.6 In some situations, you have the right to restrict what we do with your information

If you dispute the accuracy of information we hold about you, or we do something unlawful with your information but you don’t want us to delete it, or if we don’t need the information any more but you want us to preserve it in connection with a legal claim, or for the period in which we are considering a valid objection you have raised under your right to object discussed above, then you have the right to require us to restrict use of that information to simply storing it and using it only for legal claims, protecting the rights of others and matters of important public interest.

6.7 You have the right to complain to the supervisory authority

If you are unhappy with how we have handled your personal data, you have the right to complain to your local data protection authority, which in the UK is the Information Commissioner's Office. You can reach them through the Information Commissioner website. If you are based in the EU, then you can find the contact details for your local supervisory authority on the website of the European Data Protection Board.

7. Changes to this privacy notice and how to contact us

We will keep our privacy notice under regular review and changes we make to our privacy notice in the future will be posted on this page and if the changes will have an effect on you or the way we use your personal data we will bring them to your attention where appropriate.

If you have any questions about this privacy notice or about the ways we use your personal data, please contact our data protection team at privacy@bynd.com.