Experience UX – Privacy Notice 2023

How we use your information

This privacy notice tells you what to expect when Experience Solutions Limited t/a Experience UX collects personal information. It applies to information we collect about you:

  1. Visitors to our websites
    a. Google Analytics
    b. Use of Cookies
    c. WordPress
    d. Search Engine
  2. E-newsletter
  3. People who contact us
    a. Via social media
    b. Via telephone
    c. Via email
  4. Job applicants, current and former Experience UX employees
  5. Security and performance
  6. Your rights
  7. How to contact us

1. Visitors to our websites

If we collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

a. Google Analytics
When someone visits www.experienceux.co.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone, but does use cookies. We do not make any attempt to find out the identities of those visiting our website. For more information about how Google Analytics cookies work on websites visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

b. Use of other cookies by Experience UX
We use cookies on our website (https://www.experienceux.co.uk/). A cookie is a text file sent by a web server to a web browser, and stored by the browser. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may send a cookie which may be stored on your browser on your computer’s hard drive. We may use the information we obtain from the cookie in the administration of this website, to improve the website’s usability and for marketing purposes. We may also use that information to recognise your computer when you visit our website, and to personalise our website for you.

Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”,, “Advanced” and selecting “Block” from both First-party and Third-party Cookies) This will, however, have a negative impact upon the usability of many websites.

c. WordPress
We use a third-party service, WordPress.com, to publish our blog, and some of our conference microsites. These sites are hosted by WP Engine. Please see WP Engine’s privacy policy here. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.

2. E-newsletter
We use a third-party provider, MailChimp, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including web beacons to help us monitor and improve our e-newsletter. For more information, please see the Mailchimp site: https://mailchimp.com/help/about-open-tracking/

When you sign up to our newsletter we will collect and store your name and email address. We will keep this information secure and only share it with MailChimp to enable us to deliver the newsletter. You will stay on our mailing list until you unsubscribe which you may do at any time by clicking on the link in the email or by contacting us.

USES MADE OF THE INFORMATION
We use information held about you in the following ways:

  • to provide you with the information, products and services that you request from us or subscribe to (i.e blogs, events & articles)
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your data in this way, please advise us.
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and others;
  • to notify you about changes to our service;

3. People who contact us:
If you contact us in any of the following ways we may store your details in our CRM system. We will keep your data within this CRM system for as long as you are a customer or are showing an interest in our services.

a. via social media

We use a third-party provider, Hootsuite to manage our social media interactions.

If you send us a private or direct message via social media the message, along with your social media identifier, will be stored by Hootsuite for three months, please see Hootsuite’s privacy policy. It will not be shared with any other organisations.

b. via telephone
When you call Experience UX we might collect your name, email address or other contact information (including the Calling Line Identification (CLI) information) as well as details of why you contact us.

We also make use of a third party call operator service, Message Direct Limited, to answer our calls. See Message Direct’s privacy policy.

c. via email
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidelines. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

For more information see the Microsoft website.

Any emails we send or receive will be stored in the mailboxes with our email service provider and may be downloaded by a member of staff onto their local device via their email client software.

d. via a contact form on our website
If you fill out one of the forms on our website (e.g. https://www.experienceux.co.uk/contact/) for the purposes of contacting us, the form will be emailed to us and processed via our email service provider, just like any other email we receive (see above).

A copy of the information you provide will also be automatically saved in our customer relationship management (CRM) system, so that we can maintain information about you and your interest or queries relating to ExperienceUX.

4. If you are a client
For the purposes of providing our services to you we will maintain copies of your personal data within our CRM system as well as our accounting system for invoicing. This data will include your name, contact details, business details and anything specific to the service we are providing.

Where you provide us with data for the purposes of carrying out our services we will process this data in accordance with our Data Processing Agreement and in line with the GDPR. All Personal Data you supply will be stored securely and only accessible to those employees that are working on your services.

5. Research Participants
To provide our services we use a number of individuals (“research participants”). If you are a research participant we will collect certain information about you including your name and contact details. Under some circumstances, where it is relevant for us to do so, we may also collect other information about you such as medical information and ethnicity.

We may also make use of Campaign Monitor to notify you of any further opportunities to be a research participant. You can opt out of receiving these emails at any time by clicking the unsubscribe button in the email you receive or by contacting us. We will only collect and store your name and email address for this purpose.

Research Participant Recruitment
To ensure you are appropriate for the services we are providing we may collect other information from you for the purposes of assessing your reviewing abilities. This information will form part of the information we collect and store about you for the purposes of providing your reviewing services.

We also use third-party recruiters. If you have reached us via such a recruiter they will have provided you with details about how they process their data. For the purposes of this privacy policy, your data will be handled by us in the same way as anyone we have recruited directly.

Research Participant Activity
If you are selected to carry out review activities for us, we will contact you to arrange for you to participate. Part of the process, prior to the review activity will be to complete a screening survey which will collect further information for the purposes of making sure you are appropriate for the activity, for example we may ask you about specific requirements, demographical information, etc. The information collected on these forms will be used to make sure you are good fit to the research activity and to enable us to carry out our research services to our client. The information you provide during the screening will be destroyed once the activity is complete.

We will be clear if there may be instances that you will need to provide personal data about yourself during the research process. Where you choose to do so, we cannot guarantee that this information will not be made available to our client either directly (because they are part of the review process) or because we provide video recordings or photographs which may include your details.

Our clients are under strict instructions not to use this information for any purpose other than reviewing our reports and findings.

If you are at all concerned about this, you should discuss this with us before you take part in the research activity. We may suggest you use “dummy” information, but this may not be possible or appropriate in all circumstances and it may mean you will not be able to take part in the research activity.

6. Event attendees

We usually manage sign-ups to any events we run (online or in-person) via Eventbrite. We may store your name and email address for the purposes of keeping you up to date about the event you register for and any future events that may be of interest (where you have indicated you would like to receive such information). You can unsubscribe from these emails at any time by clicking the “unsubscribe” link or contacting us directly.

7. Supplier or contractor data

If you are one of our suppliers we will collect the minimal information about you and your services as required to make use of your services and deal with invoices and payments for your services. Such information will be stored within our accounting package for the purposes of our accounts and will be retained accordingly.

Individual employees within our business may also retain your contact details within their email application or via business cards that you may provide to us.

8. Job applicants

Experience UX is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at hr@experienceux.co.uk.

If you are successful in your application you will be provided with a separate privacy policy for employees which sets out how we use your data for the purposes of your employment.

What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the UK or European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

Application stage
We ask you to send in a CV and cover letter to hr@experienceux.co.uk.

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all this information.

You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.

Shortlisting
Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.

Assessments
We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by Experience UX.

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of twelve months. If you say yes, we would proactively contact you should any further suitable vacancies arise.

Conditional offer
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • You will be asked to complete a criminal records declaration to declare any unspent convictions.
  • We will provide your email address to the Government Recruitment Service who will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, which will verify your declaration of unspent convictions.
  • We will contact your referees, using the details you provide in your application, directly to obtain references

If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments
  • Emergency contact details – so we know who to contact in case you have an emergency at work
  • Membership of a Civil Service Pension scheme – so we can send you a questionnaire to determine whether you are eligible to re-join your previous scheme
  • A medical questionnaire for health and safety and employment law purposes

Post start date
Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest, or if they are active within a political party. If you complete a declaration, the information will be held on your personnel file.

Use of data processors
Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file and in accordance with our employee privacy policy.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 12 months from the closure of the campaign.

Information generated throughout the assessment process, for example interview notes, is retained by us for 12 months following the closure of the campaign.

Equal opportunities information is retained for 12 months following the closure of the campaign whether you are successful or not.

How we make decisions about recruitment?
Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account.

You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing hr@experienceux.co.uk

9. Security and performance

We adhere to the principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).

We ensure that:

  • the data can be accessed, altered, disclosed or deleted only by those we have authorised to do so (these people only act within the scope of the authority we give them);
  • the data we hold is accurate and complete in relation to why we are processing it; and
  • the data remains accessible and usable, i.e., if personal data is accidentally lost, altered or destroyed, you are able to recover it and therefore prevent any damage or distress to the individuals concerned.

10. Retention of personal data

Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).

11. Third-party processors

We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you. We also use a number of third-party organisations, e.g. accountants, HR and IT support, etc.

In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.

We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data.

12. Your rights

Under the GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here, on the Information Commissioner’s Website – https://ico.org.uk/for-the-public/

If you would like to exercise any of your rights, or if you have any questions, please contact us via dpo@experienceux.co.uk.

Complaints or queries
Experience UX endeavours to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you want to make a complaint about the way we have processed your personal information, we would rather you contacted us in the first instance, but of course, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns

Access to personal information
Experience UX endeavours to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to Experience UX for any personal information we may hold, we would prefer it if you put the request in writing via email to DPO@experienceux.co.uk or use the contact details provided below.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone or by email.

How to withdraw consent and object to processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom or the email or by contacting us.

You should also contact us, if you wish to raise concerns about the way we are processing your data or would like to raise an objection to the processing.

Keeping your data up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us with your updated details.

Erasure of your data (the “right to be forgotten”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems.

Portability
Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them).

13. Sharing your information

We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.

14. Changes to our privacy notice

We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website at https://www.experienceux.co.uk/privacy-policy/

15. How to contact us

Experience UX
4 Upper Hinton Rd
Bournemouth
BH1 2HH

hello@experienceux.co.uk
01202 293652

Data Privacy: DPO@experienceux.co.uk

Last updated: April 2023