Commetric’s privacy notice

1. About this policy

 Commetric is committed to protecting the privacy of its data subjects by handling data it collects in a safe and responsible way.

This policy sets out how Commetric will do this.

2. Types of data Commetric collects

Commetric will collect and process personal data and, in limited cases, sensitive personal data.

Personal data includes information relating to living individuals where they can be either:

  • directly identified from a piece of information; or
  • indirectly identified from a combination of information.

The personal data we collect includes:

  • name, address, email address, and telephone number
  • job title and company name
  • qualification details, skills, and employment history (for job applicants)
  • recruitment information including right-to-work documents, CVs, and covering letters
  • bank account details and tax status (for employees and contractors)
  • information about next of kin and emergency contacts
  • IP address and browser information collected through our website
  • preferences and interests relating to our services

The sensitive personal data we collect (only where strictly necessary) includes:

  • health and sickness records (for employees)
  • information relating to equal opportunities monitoring, such as ethnic origin, disability, and religion

3. Why Commetric collects this data

Commetric collects this information so it can comply with its legal and health and safety obligations as well as the following:

  • to provide and improve our media analytics and consultancy services
  • to manage client relationships and communications
  • to maintain internal records and comply with accounting requirements
  • to respond to enquiries and deliver requested information about our services
  • to manage recruitment and employment processes

4. Legal basis for processing data

There are 6 grounds for lawfully processing personal data. These are:

  • consent
  • contract
  • legal obligation
  • vital interests
  • public task
  • legitimate interests

Commetric processes the data it collects on the following bases:

  • Contract – to fulfil obligations under contracts with clients, employees, and suppliers
  • Legal obligation – to comply with employment, accounting, and tax laws
  • Legitimate interests – to operate, improve, and promote our services
  • Consent – when individuals sign up for newsletters or marketing communications

With regards to processing special category (sensitive) data, Commetric processes this information on the grounds of employment and social security law obligations, as well as Article 9(2)(b) of the UK GDPR.

5. Data retention

Commetric follows the UK GDPR rules on data retention. This means it:

  • only keeps data for as long as it’s needed – all data is retained for the shortest length of time necessary
  • will securely delete or anonymise documents no longer needed
  • complies with requests for data to be changed or deleted as long as there are no other legal grounds or overriding legitimate grounds to not do so
  • complies with an individual’s request to see data held on them unless there are exemptions under the UK GDPR that apply
  • carries out data audits to make sure it doesn’t keep data for longer than necessary and to help responses to subject access requests

For more information, please contact Commetric using the details below.

6. Sharing data

Commetric may share data internally with relevant departments such as the HR team, managers or supporting staff. However, this will only be done if it is required.

There may be occasions where Commetric shares data it has collected with third parties. These instances may include but are not limited to:

  • payroll and accounting providers;
  • IT and cloud service providers;
  • professional advisers such as auditors or legal counsel.

Commetric regularly shares data with third parties outside of the organisation. To ensure that data is processed and properly retained we have a formal agreement, called an information sharing agreement (ISA) which sets this out. This includes:

  • what data is shared
  • which laws allows the sharing of this data
  • how the data is shared
  • who the agreement is between
  • necessary security requirements

Where necessary, Commetric, may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. For further information or to obtain a copy of the appropriate safeguard we use, please contact us using the contact information provided in number 9 (“Making a complaint”) below.

7. Data subjects’ rights

Commetric is obligated to inform data subjects of their data protection rights. Data subjects have the right to:

  • access – data subjects can request Commetric provide them with the personal data it holds on them
  • rectification – data subjects can request Commetric correct information on them that they believe to be incorrect
  • erasure – personal data can be deleted under certain conditions
  • restrict processing and is where Commetric restrict processing of personal data under certain conditions
  • object to processing – this is where data subjects can object to their personal data being processed under certain conditions
  • data portability – data subjects can request Commetric transfer data it collects on them to a third party or to them under certain conditions
  • rights related to automated decision-making and profiling – data subjects have the right to not be subject to decisions based solely on automated processing (including profiling) that have legal or significant effects, and can request human intervention or challenge such decisions

8. Withdrawing consent

Data subjects have the right to withdraw consent if they change their mind about Commetric having access to their personal data. If this arises, please contact Commetric by info[at]commetric.com.

9. Making a complaint

If a data subject wishes to complain about how Commetric have handled their personal data they should contact Commetric’s data protection lead Mihail Minkovski. Their contact details are e-mail: info[at]commetric.com.

If data subjects remain unhappy with how Commetric used their data after raising a complaint with Commetric, they can complain to the Information Commissioner’s Office.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

The ICO’s helpline number is 0303 123 1113 or you can make a complaint online.

10. Changes to this notice

This notice will be reviewed regularly to ensure Commetric continues to comply with the law.  Any changes will be communicated via our website at https://commetric.com/.

11. Last updated

6 November 2025