This Privacy Notice is effective as of August/1, 2021. Please note that this Privacy Notice will be updated regularly to reflect any changes in the way we handle your personal data or any changes in applicable laws.
We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who interacts with us and will only collect / use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and under any other applicable data protection legislation, including the South African Protection of Personal Information Act, 2013.
Lucky Beard Limited is registered in Ireland under company number 610580 and offices at 15 Harcourt Street, St. Kevin’s, Dublin 2, D02 XY47 and Lucky Beard UK Limited is registered under company number 11409849 and whose registered office is at 1 WestFerry Circus Canary Wharf, London E14 4HD.
This Privacy Notice (“Notice”) describes the manner in which Lucky Beard collects, uses, maintains and discloses information from visitors to our website, customers, prospective customers, employees and prospective employees, in situations in which Lucky Beard is a data controller as defined in the GDPR. It also explains your rights under the law relating to your personal data.
Where Lucky Beard is required to comply with additional obligations imposed by other jurisdictions when it processes information which you have provided to it these obligations are set out at the end of this Privacy Notice.
For purposes of this Privacy Notice, the terms “user,” “customer,” “employees,” “you,” and “your” are meant to refer to the individuals about whom we may collect personal information, and at times may be used interchangeably within this Notice. The term “Personal data” is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified’.
If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the end of this Privacy Notice.
We collect personal data of our employees, potential employees, clients, potential clients, suppliers, business contacts and website users. If the data we collect are not listed in this privacy notice, we will give individuals (when required by law) appropriate notice of which other data will be collected and how it will be used.
Below describes the categories of personal data we collect:
|Categories of personal data||Purpose|
|Personal details, contact details and identifiers||Personal data is collected on our website through forms you complete including registering to events, downloads and newsletter.
Our website also collects personal data about your website visit including information about your computer through 3rd party cookies (see below).
Lucky Beard may also collect personal details for recruitment/employment purposes, such as national identification number, social security number, insurance information, marital/civil partnership status, domestic partners, dependents and emergency contact information.
We may also collect this information when working on projects for our clients.
|Education history, professional information, sensitive data and immigration documents for recruitment||Lucky Beard may collect information about your portfolio, education and professional employment history. Information that you submit in CVs, letters, writing samples, or other written materials (including photographs). Information generated by interviewers and recruiters related to you including any assessments. We may also collect certain type of sensitive information such as background checks, medical information and legal documents such as data on citizenship, passport data, residency, work permits where permitted or required by law or with your consent.
|Financial information for payroll, benefits or customer invoicing||We may collect your banking details and other relevant financial details for payroll purposes or in order to conduct business with you.|
3rd party Cookies
Under the GDPR, we must always have a lawful basis for using your personal data. The following describes how we will use your personal data and our lawful bases for doing so:
|For the purpose of marketing communication and interactions on our website, including when you request information from us, sign up to newsletters, complete web forms or surveys||Based on consent given by the data subject|
|For the purpose of promoting our products and services to you in general||Based on consent given by the data subject or our legitimate interests to communicate with our customers|
|For the purpose of managing our contractual obligations we have with you||Necessary for the performance of a contract|
|For the purpose of operating and managing our business operations||On the basis of our legitimate interests for ensuring the proper functioning of our business operations|
|Managing our contractual obligations as an employer including performing any administrative functions (e.g. expenses, benefits)||Necessary for the performance of a contract|
|Performing any legally required reporting and to respond to legal process related to employment or business operations||Necessary for the compliance with a legal obligation to which we are subject|
|Manage applications from prospective employees||Based on your consent|
|Monitoring your use of our systems (including monitoring the use of our website and any apps and tools you use)||On the basis of our legitimate interests of avoiding non-compliance and protecting our reputation.|
Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms.
Lucky Beard does not knowingly collect personal information from children under the age of 16. We do not provide services to children, nor do we market to children.
With your permission and/or where permitted by law, we will use your personal data for marketing purposes, which may include contacting you by email AND/OR telephone with information, news and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation, and you will always have the opportunity to opt-out.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose.
The bulk of the personal data we collect and use for marketing purposes relates to individuals employed by our clients and other companies we work with. We may also obtain contact information from public sources, including content made public on social media sites, to make an initial contact with a relevant individual.
Like most companies, Lucky Beard has customer relationship management (CRM) database to manage and track our relationship with customers. Personal data used for this purpose includes contact data, publicly available information such as social media posts, your responses to targeted mailing, web activity of registered users. If you wish to be excluded from our CRM databases please contact us.
We may sometimes share your data with a third party to supply services on our behalf. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights.
We may share personal data with third parties that provide services to us such as billing/ payment processing, HR, web publishing, marketing services, customer support, email processing, communication interfaces, web/application hosting and CRM services.
We are careful only to share the information that is necessary for the purposes described. Any third party who receives this information is bound by a contract with Lucky Beard setting out their obligation in relation to your data as required per Article 28 of the GDPR.
We may also be required to disclose data to third parties who are not data processors acting on our behalf of Lucky Beard. Categories of recipients include:
Lucky Beard takes strong measures to help protect your data from inappropriate access or use by unauthorized persons. We take all necessary steps to ensure that your data will be given adequate protection as required under the GDPR and Lucky Beard’s own internal policies.
Lucky Beard will, from time to time, make use of services provided by 3rd parties which may make the transfer of personal data outside the EU/EEA necessary. For example, we use a variety of cloud-based tools such as Bamboo HR, Skype, Office365, and similar.
Unless stated otherwise, transfers of personal data from within the European Economic Area (EEA) to third parties outside the EEA are based on an adequacy decision or are governed by the standard contractual clauses (SCC). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.
We will retain your personal data only for as long as necessary for the purposes outlined above related services provided to you, to comply with our legal obligations, resolve disputes, and enforce our agreements.
We maintain specific records management and retention policies and procedures, so that personal data is deleted according to the following retention key criteria:
We are committed to ensuring that your information is secure with us and with any third parties who may act on our behalf.
All staff working for Lucky Beard have a legal duty to keep information about you confidential and all staff are aware of our information security policy. We take a number of important measures defined in our security policies, including the following:
Under the GDPR, you have the following rights, which we will always work to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided below.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Office of Data Protection Commission.
If you want to know what personal data we have about you, you can ask us for details of your personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the
There is normally no charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details: [email protected]
In addition to the information set out in the Privacy Notice above, individuals, including juristic persons, who reside in South Africa or have their personal information processed by Lucky Beard in South Africa will have certain rights under the Protection of Personal Information Act, 2013 (“POPIA”) and any regulations thereto.
For the purposes of POPIA, “personal data” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
Where you reside in South Africa, or we process your personal data within South Africa the following provisions will be applicable to your personal data which we process notwithstanding what is set out in the Privacy Notice above.
Lucky Beard Pty Limited is registered in South Africa under company number 2014/16429/07 and offices at Southdowns Ridge Office Park, 1240 John Vorster Avenue, Irene, 0062.
Lucky Beard may, from time to time, make use of services provided by 3rd parties which may make the transfer of personal data outside of South Africa necessary. For example, we use a variety of cloud-based tools such as Skype, Office365, and similar.
The transfer of personal information to a country outside of South Africa shall take place only if one or more of the following applies:
(i) effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal data relating to a data subject who is a natural person and, where applicable, a juristic person; and
(ii) includes provisions, that are substantially similar to the requirements set out in POPIA, relating to the further transfer of personal data from the recipient to third parties who are in a foreign country;
(i) it is not reasonably practicable to obtain your consent to that transfer; and
(ii) if it were reasonably practicable to obtain such consent, you would be likely to give it.
For the purpose of International Transfers:
Under POPIA, you have the following rights, which we undertake to uphold and which include the right to:
Application of the above rights may vary depending on the type of data involved, and Lucky Beard’s particular basis for processing the personal data.
To make a request to exercise one of the above rights set out in (a) and (b) above, please contact [email protected]
We will consider and act upon any requests in accordance with applicable data protection laws. Please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal data that we hold about you. We may, in limited circumstances, charge you a reasonable fee to access your personal data; however, we will advise you of any fee in advance.
If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time, but note that we do not require your consent in order to process your information for our legitimate business interest. Please note however that this will not affect the lawfulness of the processing before its withdrawal.