This policy covers the use of information by Northlandcontrols.com.
Privacy and Personal Information
Northland Controls Privacy Notice
Please read this Privacy Notice (“Notice”) carefully as it contains important information related to your Personal Data under Data Protection Laws.
This Notice applies to all of our legal entities which operate globally as a part of our group, Northland Controls and detailed as followed:
Northland Control Systems Inc, USA
Northland Control Systems Inc (Taiwan)
Northland Control Systems Inc (India)
Northland Controls Limited, UK
Northland Controls Ireland Ltd
Northland Controls Information Technology (Shanghai) Co Ltd
Northland Controls Pte Ltd (Singapore)
Northland Controls Sdn Bhd (Malaysia)
Norhtland Controls (HK) Ltd
Northland Controls (Japan) K.K
Northland Controls (India) Private Limited
Northland Controls Germany GmBH
PT Northland Controls Indonesia
This Notice explains how and why we collect, store, use, and share your Personal Data. It also explains your rights related to your Personal Data, including how to contact us in the event you have a complaint.
1. Glossary
To help you understand our Privacy Notice, we have put together a glossary of the key terms we use and their meanings.
Consent: Refers to when an individual gives agreement which is freely given, specific, informed and is an unambiguous indication of their wishes. It is done by a statement or by a clear positive action in respect of the Processing of any Personal Data relating to them.
Business: Refers to any legal entity that operates for profit in California and determines the purposes and means of the Processing of Personal Data and meets one of three thresholds outlined by the California Consumer Privacy Act 2018 (“CCPA”) (and as amended by the California Privacy Rights Act 2023 (“CPRA”)).
Data Controller: Refers to any legal entity that determines when, why and how to Process Personal Data. It is responsible for establishing policies and procedures in line with Data Protection Laws.
Data Processor: Refers to any legal entity that Processes Personal Data on behalf of a Data Controller. It is responsible for establishing policies and procedures in line with Data Protection Laws and also its contractual obligations with Data Controllers.
Data Protection Laws: Refers to the CCPA, CPRA, UK GDPR, UK Data Protection Act 2018, UK Privacy and Electronic Communications Regulations, the European Union’s General Data Protection Regulation (GDPR) 2016/679, Privacy and Electronic Communications (EC Directive) Regulations 2003, Singapore Personal Data Protection Act 2012, China Personal Information Protection Law 2021, Indonesia Personal Data Protection Law 2022 and India Digital Personal Data Protection Act 2023 as well as any other applicable laws relating to Personal Data.
Data Subject: Refers to a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
Legitimate Interest: Refers to when an organization’s interests are legitimate (as they need to do something to operate) and these interests do not override an individual’s interests or fundamental rights and freedoms.
Personal Data: Refers to any information identifying an individual or information relating to an individual that an organization can identify (directly or indirectly) from that data alone or in combination with other identifiers that it Processes. Personal Data includes Special Category Data and pseudonymised Personal Data. Personal Data excludes anonymous data or data that has had the identity of an individual permanently removed.
Process, Processing and Processed: Refers to any activity that involves the use of Personal Data. It includes obtaining, recording or holding the Personal Data, or carrying out any operation or set of operations on the Personal Data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Service Provider: Refers to any legal entity that operates under a service provider contract and fulfils the following characteristics: operates for profit, receives consumers’ personal information from a business and Processes the Personal Data on behalf of a business under the CCPA and CPRA.
Special Category Data: Refers to more sensitive information including that which reveals racial or ethnic origin, religious or similar beliefs, physical or mental health conditions and biometric or genetic data of an individual.
UK GDPR: Refers to the retained version of the European Union’s General Data Protection Regulation 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419).
2. What is our approach to data protection compliance?
As we believe that protecting the confidentiality and integrity of Personal Data is a critical responsibility that we must take seriously at all times, we have built a robust data protection compliance program. Our data protection compliance program includes a governance framework, record of processing of activities / data register, notices, policies and procedures, technical security controls as well as training and communications material for employees.
Our data protection compliance program is built on the following principles:
• Personal Data must be Processed lawfully, fairly and in a transparent manner.
• Personal Data must be collected only for specified, explicit and legitimate purposes.
• Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
• Personal Data is accurate and where necessary, kept up to date.
• Personal Data should not be kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the Personal Data is Processed.
• Personal Data must be Processed in a manner that ensures its security using appropriate technical and organizational measures to protect it against unauthorized or unlawful Processing and against accidental loss, destruction or damage.
3. How is Northland Controls categorised under Data Protection laws?
Data Protection Laws have created the concepts of a Data Controller (also known as a Business) and a Data Processor (also known as a Service Provider). All of the entities within the Northland Controls act as Data Controllers and Businesses as defined under Data Protection Laws.
The reasons for which our entities are Data Controllers are outlined below:
• We decide what to collect in respect of the Personal Data, whether it be from our websites or from third parties where we source data including Personal Data.
• We determine what the purpose and outcome of the Processing will be and do this through our bespoke and value-driven consultancy services for our customers.
• We decide which Data Subjects to collect Personal Data about and on what specifically. We do this again, through our bespoke and value-driven consultancy services whereby we engage with customers and identify how best to support them in growing their business.
• We make decisions about the Data Subjects as part of the Processing in that we determine whether those Data Subjects would find benefit and interest in a specific campaign that we are supporting our customers with at the time.
• We exercise professional judgement in the Processing of the Personal Data as we are not a data broker and instead a thought-driven consultancy service which evaluates, assesses and critically considers Personal Data that it has obtained and formulates a strategy on how to utilize relevant part of that Personal Data for the benefits of our customers and Data Subjects.
• We have complete autonomy as to how the Personal Data is Processed. This is because we have built proprietary tools and determine how to operate our business and how to support and advise our customers in the best manner possible. We are not directed by our customers in how we must Process the Personal Data.
• Where applicable, the Northland Controls has registered with the appropriate data protection supervisory authorities. Examples of the authorities which govern the Northland Controls are listed as follows - Federal Trade Commission in the United States of America (“USA”) and Information Commissioner’s Office (“ICO”) in the United Kingdom (“UK”).
4. What Personal Data do we collect about you?
(a) Applicants for employment
Personal Data Categories
• Identification Data (including Special Category Data under some Data Protection Laws)
• Name
• Address
• Telephone number
• Email address
• Social security number (USA or Canada), National Insurance number (UK) or Personal Public Service number (Republic of Ireland) or other such government or tax identification number (where applicable)
• Drivers license number (where applicable)
• Passport number and information
• Date of birth
Special Category Data
• Disability, biometric (such as photographs and video footage) and genetic information where you choose to provide it as part of the recruitment process (such as in order to inform of us of any reasonable adjustments that we need to put in place during the interview process)
Pre-Employment Data
• Background screening information (including checks on criminal offences and convictions, credit, drug screening results/toxicology and past employment checks)
• Academic and professional qualifications and certificates (including dates)
• Current and past employers (including dates)
Technical and Usage Data
• Internet protocol (“IP”) address (if you are submitting your application via our website)
• Google Advertiser ID or other identifiers for advertising
• Browsing history on our website, application or advertisement
• Search history on our website, application or advertisement
(b) Potential and existing customers
Personal Data Categories | Examples of Personal Data Processed
Identification Data (including Special Category Data under some Data Protection Laws)
• Name
• Address
• Telephone number
• Email address
• Online account name
Financial Data
• Bank account details
• Tax numbers
• Invoices
Invoices
• IP address
• Google Advertiser ID or other identifiers for advertising
• Browsing history on our website, application or advertisement
• Search history on our website, application or advertisement
(c) Potential and existing third-party suppliers
Personal Data Categories | Examples of Personal Data Processed
Identification Data (including Special Category Data under some Data Protection Laws)
• Name
• Address
• Telephone number
• Email address
• Online business account name
Financial Data
• Bank account details
• Tax numbers
• Invoices
Technical & Usage Data
• IP address
• Google Advertiser ID or other identifiers for advertising
• Browsing history on our website, application or advertisement
• Search history on our website, application or advertisement
5. Why do we Process your Personal Data?
Under Data Protection Laws, we can only use your Personal Data if we have a proper legal reason for doing so.
Data Subject Type
Applicants for employment, legal reasons:
• For the performance of our contract with you or to take steps before entering into a contract with you.
• For our Legitimate Interests or those of a third party.
• Where you have given Consent.
Potential and existing customers, legal reasons:
• For the performance of our contract with you or to take steps before entering into a contract with you.
• For our Legitimate Interests or those of a third party.
• Where you have given Consent.
• To comply with our legal and regulatory obligations.
Generated leads, legal reasons:
• For our Legitimate Interests or those of a third party.
• Where you have given Consent.
Website visitors, legal reasons:
• For our Legitimate Interests or those of a third party.
• Where you have given Consent.
Potential and existing third-party suppliers, legal reasons:
• For the performance of our contract with you or to take steps before entering into a contract with you.
• For our Legitimate Interests or those of a third party.
• Where you have given Consent.
• To comply with our legal and regulatory obligations.
6. Where do we collect your Personal Data from?
We collect most Personal Data directly from you when you provide such information directly to us and when such information is collected in connection with your application for employment, through our lead generation techniques – in person, by telephone, text, email, web applications, and/or via our websites.
Other sources from which we may collect your Personal Data are outlined below:
• From publicly accessible sources (e.g., property records).
• Directly from our third-party suppliers (e.g., background screening providers).
• Our subsidiaries and affiliates.
• From our Information Technology (“IT”) systems, including automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems, CCTV and security systems.
7. Where do we store your Personal Data?
Personal Data may be held at our offices and those of our representatives, agents, and third-party suppliers including Service Providers. For generated leads, your Personal Data may also be held at the offices and technology of our customers that purchased your generated lead data.
If you are a Data Subject of the UK or EEA, the Personal Data that we collect from you and Process as a result of an application for employment, lead generation, use of our services, or use of our websites may be transferred to, and stored at, a destination in the UK, Ireland, the USA, India, Singapore, China, Indonesia or other countries. It may also be Processed by staff who work for us or our third-party suppliers operating in the UK, Ireland, the USA, India, Singapore, China, Indonesia or other countries.
8. Who do we share your Personal Data with?
We routinely share Personal Data and have explained more information on who we share itwith below.
Data Subject type
• Our third-party applicant tracking system.
• Our HR team including, but not limited to, our hiring managers, operational leaders responsible for any role(s) that you have applied and for future positions that may become available, and other employees that may interview or consider you for employment for either a position that you have applied or future positions that may become available.
• Service Providers necessary for pre-employment screening.
• Other third parties we use to help run our business and necessary for pre-employment screening, including customers in the instance where we plan to place an employment applicant at a customer’s location for a significant time. However, when we share your Personal Data with customers for pre-employment screening purposes, we only share the applicant’s name and employment history — we do not share any Special Category Data.
• Our subsidiaries and affiliates.
Potential and existing customers
• Our employees necessary to provide our services and customer support.
• Service Providers necessary to provide and help deliver our services.
• Other third parties we use to help run our business and necessary to provide our services and support customers.
• Our subsidiaries and affiliates.
Generated leads
• Our employees to generate leads, provide leads to our customers, provide our services and customer support.
• Service Providers necessary to provide and help deliver our services.
• Customers if they are Qualified Leads.
• Other third parties we use to help run our business and necessary to provide our services and support customers.
• Our subsidiaries and affiliates.
Website visitors
• Service Providers we use to help deliver our services and maintain our website.
• Other third parties we use to help us run our business, such as social media sites, search engines, marketing agencies or website hosts.
• Our subsidiaries and affiliates.
Potential and existing third party suppliers
• Our employees necessary to engage with you and utilize your services.
• Our subsidiaries and affiliates.
We may also share Personal Data with the organizations listed below:
• External auditors.
• Law enforcement agencies including national security agencies such as the Federal Trade Commission in the United States or other U.S authorized statutory bodies.
• Courts as required by court order or required by litigation.
• Regulatory bodies to comply with our legal and regulatory obligations.
9. How long do we store your Personal Data?
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.
We will hold Personal Data for the period we are required to retain this information by applicable tax and contract law plus one year (currently 7 years). In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
10. Where do we transfer your Personal Data?
We may transfer your Personal Data to other Northland Controls businesses which are located outside the European Economic Area (EEA) in order to respond to any queries submitted to us via our website or social channels.
You can see the full list of the countries where Northland Controls operates using the country sites selector in the top navigation of our website.
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where required, we may use Standard Contractual Clauses approved by the EU Commission, or similar contractual clauses in other jurisdictions, along with other appropriate supplemental measures to protect the data being transferred. This includes transfers to suppliers or other third parties.
11. What are your rights relating to your Personal Data?
Under Data Protection Laws, you have rights including:
• Your right of access – you have the right to ask us for copies of your personal data.
• Your right to rectification - you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – you have the right to ask us to erase your personal data in certain circumstances.
• Your right to restriction of processing – you have the right to ask us to restrict the processing of your personal data in certain circumstances.
• Your right to object to processing – you have the right to object to the processing of your personal data in certain circumstances.
• Your right to data portability – you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
• Your right to withdraw consent – when we use consent as our lawful basis you have the right to withdraw your consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the bottom of this privacy notice.
12. Where can I make a complaint regarding the use of my Personal Data?
If you are a resident of the European Economic Area or United Kingdom or Switzerland, in the event you consider our processing of your Personal Data not to be compliant with the applicable data protection laws, you can lodge a complaint directly with us by sending an email to dpo@northlandcontrols.com and providing specific details of the complaint, including the name of your company if applicable.
You may also be eligible to lodge a complaint with the competent data protection authority in the following jurisdictions:
Jurisdiction | Competent Authority
European Union countries | Various http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
United Kingdom | Information Commissioner’s Office https://ico.org.uk/global/contact-us/.
United States of America | Federal Trade Commission https://www.ftc.gov/ or to the State’s Office of the Attorney General
Singapore | Personal Data Protection Commission https://www.pdpc.gov.sg/
China | No single authority (sectoral regulation.) The PIPL notes that the Cyberspace Administration of China (CAC) is responsible for planning and coordination of personal information protection and related supervision
India | Data Protection Board of India (yet to be established)
Indonesia | PDP Agency ( in the process of being established)
13. Links to and from our website.
Our website has external links to press releases and other relevant webpages and resources provided by third parties. These are provided for information only. We have no control over the content of these websites or resources and do not accept responsibility for them, or any materials found upon them. Northland Controls will not be liable for any loss or damage that may arise from your use of these external links.
14. Our contact details
Write to us at: Northland Controls Ltd, Northland House, Fifth Avenue, LETCHWORTH GARDEN CITY, SG6 2TS, UK
Email us at: dpo@northlandcontrols.com
Cookie Statement
Northland Controls believes in being transparent with the use of your data and data related to you. This Cookies Notice provides details about how Northland Controls uses cookies. If you would like further information regarding the way we use, Process and collect Personal Data, please visit the Northland Controls Privacy Statement for further information.
By continuing to visit or use our website, you are agreeing to the use of cookies and similar technologies for the purposes described in this Cookies Notice.
If you have any questions about our Cookies Notice, please contact our Data Protection Officer at dpo@northlandcontrols.com.
*Glossary *
*Cookie *A cookie is a small text file that is downloaded onto ‘terminal equipment’ (any device such as a computer, smartphone or electronic device that accesses the internet) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.
Session Cookies Cookies which last while you are active on the browser. These cookies are deleted from your device when you close the browser.
Persistent Cookies Cookies that stay on your device when you close your browser.
Strictly necessary cookies Necessary cookies are essential to provide you with the services you request on our website so that we can comply with legal obligations such as our security obligations under data protection law. We do not need to ask for your consent to use these cookies as without them we would not be able to provide the services requested by you. These are always active on the website.
Functional cookies These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Analytical or performance cookies These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Advertisement cookies These cookies are used to provide you with access to content and information that you may be interested in.
Consent Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to them.
Our use of Cookies
Strictly Necessary Cookies
We use strictly necessary cookies on our website that are required for us to run our website. These cookies allow you to move around the website and use essential features like secure areas. Without these cookies, we cannot provide these services.
Functional Cookies
We use functional cookies to enable us to provide you with enhanced functionality and personalisation while accessing our website. Some of our functional cookies may be set by third-party providers whose services we have added to our pages.
Analytical Performance Cookies
These cookies do not collect any information that could identify you and are only used to help us improve how our website works, understand what interests our users, and measure how effective our content is.
We use analytics cookies to produce anonymous statistics on how our website is used and to assist our improvement of the website by measuring any errors that occur. Some of our analytics cookies are managed for us by third parties. However, we don't allow the third party to use the cookies for any purpose other than those listed above.
Advertisement cookies
We use advertising cookies to provide you with access to content and information that you may be interested in, for example, we have links to our presence on social media sites such as YouTube, where the sharing of our content on those sites is facilitated by our advertisement cookies.
Cookies and Personal Data
Cookies alone cannot be used to identify individuals. However, when combined with other information, such as a name held by the online provider or a third party, they may be linked to an individual and considered Personal Data. This means there is a possibility that we may be able to identify you and have your Personal Data in our systems.
Northland Controls is committed to ensuring transparency surrounding our use of your Personal Data. If you would like to find out more about how Northland Controls handles Personal Data, please visit the Northland Controls Privacy Statement.
Shared Devices
If multiple people use your device, their settings will apply to you unless you change them while using the device. For example, if you share a computer with family or friends, you may see ads based on websites they have visited in addition to those you have visited.
Refusal of Cookies
You can choose to turn off or delete cookies in your browser entirely. However, doing this may affect other websites that use similar cookies, as your browser settings will override any cookie preferences set on individual websites.
If you use your browser settings to block all cookies (including Strictly Necessary and Essential cookies), either generally or specifically on our website, you may not be able to access all parts of our site or enjoy its full functionality.
*Contact Information *
If you have any questions about our use of cookies, please contact our Data Protection Officer at dpo@northlandcontrols.com.
This Cookies Notice was last updated in July 2024 and is regularly kept under review and updated as and when necessary.
Last Revision: August 2024