Privacy Policy

We take your privacy seriously. Please read our privacy notice carefully as it contains important information about what to expect when we collect personal information about you. Learn more.

1.     Introduction

1.1 NorthRow takes your privacy seriously. We ask that you read this Privacy Notice carefully as it contains important information about what to expect when we collect personal information about you, and how we, and members of the NorthRow Group, will use and look after your personal data, and tell you about your privacy rights and how the law protects you. It is important that you read this privacy policy together with any other privacy or fair processing policy or notice that we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data.  This privacy policy supplements (but does not replace) other notices relating to privacy that we may issue from time to time.

1.2 This privacy policy is issued on behalf of the NorthRow Group. The NorthRow Group comprises NorthRow Limited (trading as “NorthRow”) and its wholly-owned subsidiary Working Status Limited (together referred to as ‘we’, ‘us’ or ‘our’). Further details for each entity are in paragraph 17. If you have any questions about this privacy policy, including any requests to exercise your legal rights (as described in paragraph 14), please contact our Data Protection Officer (or, if you are based in the EU, and prefer to do so our EU representative) using the contact details at the end of this policy. NorthRow Limited is the controller and responsible for this website.

1.3    

This Notice applies to information we collect about:

  • Visitors to our website or other third party websites or platforms where our material is made available 
  • Those who contact us in relation to our services, or as a potential employee or supplier
  • Those who access gated content on our website or other platforms
  • Suppliers; and
  • Customers using or trialling NorthRow or Working Status Services.

Please note that this policy only covers information that we collect about customers and prospects in order to provide services to them, where we act as a data controller. It does not cover how we use information that customers input into the services, where we act as a data processor for the customer. The terms and conditions for the services set out the way in which we use information that customers input into the services.

2.  Visitors to our website

When you visit www.northrow.com we use Cookies to collect standard internet log on information and details of visitor behaviour patterns. (e.g. to find out the number of visitors to different parts of the site; the duration of visits; details of the site a visitor may have arrived from; and the network location of our visitors). This enables us to analyse and improve the content of our site and the navigation experience of our users. We do not use this information to attempt to find out the identities of those visiting our website. You can disable or delete the cookies in your browser settings, although this may affect some parts of the site’s functionality.

3. Contacting us through our website and other platforms 

When you contact us through our website using the ‘Contact Us’ page, we collect your name, phone, business email address, and any message. If you contact us through our instant messaging pop-up, we may collect your IP address, and we will collect any information you provide in the message.  If you contact us through a third party website or platform (such as LinkedIn), we collect your name, job title, company name and business e mail address. 

We only use this information to respond to your message, and as further provided in this policy.

4.  Access to gated content on our website and from other platforms

To enable you to better understand our services, we provide access to Client Case Studies and White Papers through our website and through other third party websites or platforms (such as LinkedIn). To access this content, you will be asked to provide contact details for your organisation and we may contact you after your visit to discuss your organisation’s requirements and any questions you may have about our services.

5.  Clients and Prospective Clients

5.1    If you contact us in relation to our services, we will use the information you provide for the purpose of contracting with you to provide, and performing, the requested service; to manage and administer our business, including carrying out checks with credit reference agencies; and to fulfil any legal or regulatory requirements. By law, we have to keep basic information about our customers (including contact details, financial information and transactional details regarding payments made for services, and other details of products and services that you purchased from us). If you become a customer of NorthRow Group, we will retain this information for six years from the conclusion of the services or termination of the contract.

Please note that this privacy policy only describes how NorthRow Group processes your personal data when it acts as a data controller. It does not cover how we use information that customers input into the services, where we act as a data processor for the customer. The terms and conditions of our customer contract for the services set out the way in which we use information that customers input into the services.

5.2    If we have previously provided you with services, we may, from time to time, provide you with information on similar services unless you opt-out from receiving these. You can do this at any time by clicking on the link at the bottom of any of our communications.

5.3    In any other case where you provide contact details to us through our website or via a third-party website or platform (including LinkedIn) on behalf of your business, we may, from time to time, provide our newsletter and other information to you (as a representative of your business) in relation to our services. You may opt-out from receiving these communications at any time by clicking on the link at the bottom of any of our communications.

6.  Prospective Employees

If you contact us in relation to prospective employment we will only use the information you provide for the purpose of progressing your application and to fulfil legal or regulatory requirements. We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. We will use the contact details you provide to progress your application and the other information you provide to assess your suitability for employment with us. If we make a conditional offer of employment we may ask you for further information to carry out any required pre-employment checks.  If we employ you, we will retain the information you have provided during the application process as part of your employee file for the duration of your employment plus six years after the end of your employment. If we do not employ you, the information you have provided in your application, or at a later stage of the recruitment process, will be retained for six months.

7. Prospective Suppliers

If you contact us in relation to your services, we will use the information you provide for the purpose of considering and, if relevant, contracting for your services; to manage and administer our business; and to fulfil any legal or regulatory requirements.

8. Access to Customer Support Services 

If you are a staff member of a NorthRow Customer, you may access Customer Support in relation to our services through secure.contego.com or workingstatus.com.  We collect identification and authentication information to enable you to use this service. We will only use such information for the purpose of providing the support service and to fulfil any legal or regulatory requirements.

9. Information collected from third parties

Occasionally we may receive and use information about you from other sources (such as credit reference agencies, referees, professional advisors or other similar bodies) which we will add to the information which we already hold about you in order to help us provide the required services or comply with our legal and regulatory obligations, in particular regarding anti-money laundering, bribery or criminal finances legislation.

10. How we use and share your information within the NorthRow Group 

If you apply for a position, request a service, contract with us as a supplier, or otherwise contact us, your personal information will be used and shared within the Northrow Group in accordance with your requirements and our operational arrangements.

11. How we use and share your information with other parties

We may share your information with third parties if this is required by law or our insurance requirements. We may also share information with third parties who provide data processing services for Northrow, but only where such third parties are subject to a contract that prevents them using the data other than as instructed by us, restricts the sharing of the data, and requires them to hold the data securely and for the period we instruct. If we use third party data processors outside the UK or European Economic Area (EEA) we only do so where they have safeguards in place that meet the requirements of UK or European data protection laws (as applicable).

12. Transfers of personal data out of European Economic Area (EEA)

We will only transfer your personal data to data controllers outside of the UK or EEA where this is specifically authorised by data protection law, such as for the exercise of legal claims or for important reason of public interest.

13. How we protect your information 

13.1    We have put in place various security procedures and technical and organisational measures to safeguard your personal information e.g. we are ISO27001 certified, and Cyber Essentials plus certified. Our security and privacy policies are regularly reviewed.

13.2    We will use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.

14. Your Rights

14.1 You have the right to request details of the information that we hold about you. If you would like a copy of some or all of your personal information, please send an email or letter using the contact details provided below. We are entitled to charge a fee for this service if requests are manifestly unfounded, repetitive or excessive.

14.2 We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email address or name, please let us know the correct details by contacting us at the details below. You may ask us, or we may ask you, to correct information you or we think is inaccurate.

14.3    You may have other rights in relation to the personal data we hold about you, including, in some circumstances, a right to restrict or object to processing, to seek erasure of your data or transfer your data to another provider. Full details of these rights, and the conditions in which they are available, can be viewed here.

14.4 You have a right to complain at any time to the Information Commissioner’s Office, the UK regulator for data protection issues, or your local supervisory authority for data protection matters (if based overseas) if you do not believe we are respecting your rights. However, we would appreciate the chance to deal with your concerns before you approach your national regulator, so please contact us (or our European representative, whose details are also listed below) in the first instance to discuss any concerns you may have.

15. Changes to our privacy policy 

We keep our Privacy Notice under regular review. If we change our Privacy Notice we will post the changes on this page, and place notices on other pages of the website, so that you may be aware of change. This Privacy Notice was last updated on 7th May 2021.

Our website may contain links to other websites. Clicking on those links or enabling any connection to them may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. This Privacy Notice applies only to our website so when you access links to other websites you should read their own privacy notices.              

17. Details for the NorthRow Group

How to contact us:

Entity / Address / ICO Registration No.


NorthRow Limited: 99 Park Drive, Milton Park, Abingdon, Oxfordshire, OX14 4RY / Z2957505


Working Status Limited:99 Park Drive, Milton Park, Abingdon, Oxfordshire, OX14 4RY / ZA043090 


 How to contact us

NorthRow: Data Protection Officer, Northrow, 99 Park Drive, Milton Park, Abingdon, Oxfordshire, OX14 4RY

Email:  dataprotection@northrow.com

NorthRow’s EU Representative (for individuals based in the EU)*: please contact European Data Protection Office (EDPO) at Avenue Huart Hamoir 71, 1030 Brussels, Belgium, or complete EDPO’s online request form: https://edpo.com/gdpr-data-request/

* NorthRow is required (under Article 27 of the General Data Protection Regulation) to appoint a representative in the EU, as it may process personal data of individuals based in the EU in the course of its business activities.