Last updated: May 2020
Previous Version: November 2018
We process the personal data of customers, prospects, enquirers, suppliers and workers. We may collect, store and use the following personal information about you which you provide to us:
- via the telephone, the website, the post, or face to face
- when subscribing to our e-newsletter
- when providing us with your business card
- when entering competitions, surveys or prize draws
- when buying from our online shop
The data you provide us includes only what we need to provide the service, product or information you have requested, and includes:
- User Name, email address, log-in details, purchases from our online shop
- User name, email address and log-in details for your employees who access our LMS
- Information relating to the services we have provided
- Information relating to the services you have provided to us
- Financial details for invoicing
- Information relating to customer surveys or offers
- Work experience and interview notes when you apply to work for us
- Any other personal information that you choose to send us
We collect information from your computer and about your visits to and use of this website. This includes collecting unique online identifies such as IP addresses, which are numbers that uniquely identify a specific computer or other device on the internet. Please see our Cookies section for more details.
Legal Basis for Processing
To provide you with services, and to deal with enquiries and requests about them.
To contract with you to help us provide or administer our services.
The processing is necessary to meet contractual obligations into which you have entered as a customer, supplier or worker. In other words, we use your personal information to fulfil the services you have asked us to provide, or which we have asked you to provide.
To process your online orders. For the avoidance of doubt, we do not collect or process credit card details.
The processing is necessary to meet contractual obligations into which you have entered as a customer.
To keep you informed and updated on relevant products and services in which you may be interested.
To maintain records of current, past and potential clients, suppliers and workers.
To improve our products and services.
For marketing research purposes, conducting customer satisfaction surveys and responding to your website visits to improve our services.
To invite you to be a guest speaker or sponsor one of our events or webinars.
To provide you with useful data news and information by post and email.
To maintain your contact preferences.
To administer our website and keep it secure.
To provide you with Data Compliant e-newsletters.
For marketing purposes such as prize draws and promotions.
For our legitimate business interests. We have conducted legitimate interest assessments in which our interests and those of our clients, suppliers, workers, business contacts and prospects are balanced.
For sending e-newsletters to sole traders, small partnerships, and private individuals.
We only send e-newsletters to those who have requested them on the legal basis of Consent.
We do not sell your data to any other company. Your information will be used by the following parties under our control:
- To workers and associate consultants who deliver our services
- Third parties who provide a service to us:
- Shopify who hosts our online store
- Kallidus, who hosts our online training LMS
- Mailchimp, who distributes our emails
- SurveyMonkey, who hosts our research questionnaires
- Microsoft who provides our office and email systems
- Sharefile who hosts our network
- Google who provides our website tracking and statistical services
We only keep your personal information for as long as we need to, so that we can use it for the reasons described above. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of securely.
- To make sure that you do not receive marketing from us after you have told us to stop sending it, we need to keep a record of that instruction with your contact details. We shall hold that information until you tell us otherwise.
- CVs and interview notes from unsuccessful applicants will be held for 6 months after notifying you that you have not been successful.
- Where necessary, we shall keep your personal data for as long as required to do so by law; and where required to establish, exercise or defend our legal rights.
Under the DPA 2018 and the GDPR, you have the right to:
- Access your personal data by making a subject access request: You have the right at any time to ask us what personal information we hold about you, and to ask us to update, amend or delete any data that is incorrect or out of date. To protect your privacy and security we may need to verify your identity before disclosing or deleting your data.
- Rectification, erasure or restriction of your information where this is justified: The accuracy of your personal data is important to us. You can rectify/update your personal data, including your address and contact details at any time by emailing email@example.com. If you find any inaccuracy in your data at any time, we will delete or correct it promptly at your request. Proof of identity may be required in some circumstances.
- Object to the processing of your information where this is justified: You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future. You have the right to object to your personal data being processed, for marketing and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing. You may unsubscribe from our e-marketing communications at any point by clicking on the unsubscribe link on any email you receive from us. You may opt out of marketing promotions such as offers and direct mailings by contacting us at the address below, or by emailing firstname.lastname@example.org
- The right to make a compliant to the data protection regulator: If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold your rights to data privacy. The ICO can be contacted at The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: +44 (0) 01625 545 745 Website: www.ico.org.uk
Your personal data may be stored, processed, and transferred outside the EEA so that we can use your personal data as described in this policy. Where this is the case, we will make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. European data protection laws include specific rules on transferring personal information outside the EEA. When transferring personal information outside the EEA, we will:
- include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties. These are the clauses approved under Article 46.2 of the General Data Protection Regulation (GDPR); or
- ensure that the country in which your personal information will be handled has been deemed "adequate" by the European Commission under Article 45 of the GDPR.
We are registered as a Data Controller with the UK Information Commissioner’s Office, under registration number ZA162251.
This website is owned and operated by Data Compliant Ltd, registered in England and Wales under company number 8850647, and our registered office is at 22 Friars Street, Suffolk CO10 2AA.