Our contact details:
Email of our Data Protection Officer: email@example.com
Personal Data we collect:
We only collect information we need for business purposes and to provide our consulting services. We currently collect and process the following personal information:
c. Telephone number
d. Email address (including business email address).
e. Bank account and payment card.
f. Feedback and personal quotes you provide to us including by phone, email, post, at events or when you communicate with us via social media.
g. Information about whether or not you want to receive marketing communications from us.
h. Contracts and agreements with service providers and clients.
i. Photographs and video from events.
j. IP address
You are under no obligation to provide any information but if you do not then it might be more difficult to provide you with certain services or information.
How we obtain and use personal data:
Most of the personal information we process was provided directly by you for one of the following reasons:
a. To provide advice and our services.
b. To provide a quote for our services.
c. To perform an agreed contract.
d. To respond to enquiries or correspondence.
e. To receive marketing emails from us.
Legal Basis for processing personal data:
We always process personal data legally as required by legislation. The different legal bases we rely on are:
a. Consent: You gave permission to process the data for a specific purpose. Consent can be removed at any time by contacting our Data Protection Officer.
b. Legitimate Interests: The processing is necessary for us to achieve our business objectives and provide our consulting services.
c. Performance of a Contract: We must process personal data in order to be able to meet our contractual obligations.
d. Vital Interests: In an emergency we might provide personal data to save someone’s life.
e. Legal Obligation: We are required to process your personal data by law.
f. Public Interest: To carry out a task in the public interest.
What we do with the information:
We use personal data in the following ways:
a. To provide consulting services on policies, audits and for staff training.
c. To send our newsletter if you have signed up to receive it.
d. To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about.
We do not share information with third parties unless you have given your permission and we have notified you. We do not transfer personal data outside of the EEA and if such a transfer might become necessary, we will ensure that standard contractual clauses or other safeguarding measures are used and that you are aware of this transfer.
How we store your information:
Your information is securely stored on password protected hardware and in secure filing cabinets. We keep personal data for only as long as necessary. In most cases, our retention period will come to an end 6 years after the end of your relationship with us but we review personal data we hold every two years to establish if it is still necessary for us to store and that the information we hold is accurate. In some cases, we are required to keep personal data for longer to comply with our legal obligations. When we no longer need your personal data or have a legal obligation to store the data, we will dispose of your information by deleting it from all our systems and securely disposing of paper files.
Please contact our Data Protection Officer for more information on our Retention Policy.
Our website is hosted by Go-Daddy and information that we collect is stored on a Microsoft hosted instance of Office365 and on Dropbox. This is necessary to process the information and send you any information you have requested. These service providers have very strong control environments and have appropriate controls to ensure adherence to the GDPR. However, given our size and the services we consume we have no real control over where this information is stored, and it may be situated outside the European Union. For more information about the service providers please see:
Your data protection rights:
Under data protection law, you have rights including:
a. Your right of access - You have the right to ask us for copies of your personal information.
b. Your right to rectification- You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
c. Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
d. Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
e. Your right to object to processing- You have the the right to object to the processing of your personal data in certain circumstances.
f. Your right to data portability- You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. We might require you to provide proof of your identity.
Please contact our Data Protection Officer if you want to exercise any of your rights.
How to complain:
In the first instance please send complaints to our Data Protection Officer. If you are not happy with the response you received from us or how we used your data, please send your complaint to the Information Commissioner’s Office.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
Last updated September 2019.