This policy explains
1. Who we are and how to contact us
- our dealings with a person (e.g. if someone attends one of our events, or provides data during the course of providing services or during correspondence);
- our own research;
- word of mouth referrals from existing clients and business contacts; and
- third parties from whom we receive details of businesses who might be interested in our services.
- before making marketing calls we screen numbers against the Telephone Preference Service (TPS) and Corporate TPS lists;
- we always clearly identify ourselves and the number we are calling from;
- not emailing individual subscribers (including sole traders and general partnerships) without prior consent.
- contact information (such as name, address, telephone and email address); and
- bank details (for when we receive or make a payment).
- to perform a contractual obligation we owe to an individual;
- in order to comply with our legal obligations; or
- to pursue our legitimate interests in operating and promoting the success of our business (for example, it is in our legitimate interests to use marketing to promote our business to new clients and build business relationships), and also to perform our contractual obligations to third parties (such as paying our suppliers).
- you provide to us (such as in CVs, application forms, and through correspondence);
- you provide during an interview;
- obtained from previous employers and referees; and
- provided to us by recruitment agencies.
- assess your skills, qualifications, and suitability for a role;
- carry out background and reference checks;
- communicate with you about your application; and
- keep records related to our hiring process.
Personal data you provide to us will be kept private and confidential, and we will not disclose or share it with other data controllers without your permission or as set out in this policy.
We will disclose data when legally required to do so. For example, to comply with an order from a court or regulator (including the Information Commissioner’s Office).
We share personal data with some of the third parties who provide services to our firm. This includes software and cloud service providers and IT support services. However, these third parties will only process personal data (which may include your information) on our behalf for specified purposes and in accordance with our strict instructions and a contract which protects the data and meets the requirements of data protection law.
In some cases we may share data with your consent, for example, if you have responded to a survey or participated in a market research project. Where we do this, we will let you know who your data will be shared with and why.
We only retain personal data for as long as is necessary for the specific purpose(s) it was collected for (or for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements).
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. This includes both physical security measures (such as keeping paper files in secure, access-controlled premises) and electronic security technology (such as digital back-ups and sophisticated anti-virus protection).
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to legal and contractual confidentiality obligations.
We have put in place reporting procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
We normally only store personal data within the UK or the European Economic Area . However, some of the technology and support services we use are provided by international organisations and/or companies which are based outside these areas.
Before using such service providers, we take steps to make sure that any personal data they process is adequately protected by:
- ensuring the recipient is in a country which the UK has deemed provides adequate protection for personal data; or
- implementing appropriate safeguards such as requiring the recipient to enter into Standard Contractual Clauses approved by the appropriate data protection supervisory authorities; or
- other measures approved under data protection laws as a means of protecting personal data.
The law provides you with certain rights in relation to your personal data. These are as follows:
- The right to access your personal data. This enables you to receive a copy of the personal data we hold about you.
- The right to request correction or completion of personal data. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- The right to request erasure of your personal data. This enables you to ask us to delete or remove personal data (though this may not apply where we have a good, lawful reason to continue using the information in question). You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to processing of your personal data. You can object to us processing personal data for legitimate interests purposes or for direct marketing.
- The right to restrict how your personal data is used. You can limit how we use your information (primarily to storage or for use in legal claims).
- The right to have a portable copy or transfer your personal data. We will provide you, or (where technically feasible) a third party, with a copy of your personal data in a structured, commonly used, machine-readable format. Note this only applies to automated information we process on the basis of your consent or in order to perform a contract.
- The right to withdraw consent. If we are relying on consent to process your personal data you have the right to withdraw that consent at any time.
We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
If you want to exercise any of the rights described above, please email firstname.lastname@example.org or write to Data Protection Requests, Concilio Comms Limited, 1 Fore Street, EC2Y 9DT.