Whilst our offices are temporarily closed due to COVID-19, we are still offering our full range of services as normal using online and video conferencing technology.
Your privacy is of the upmost importance to us. This privacy notice explains in detail what information we collect and retain about you and how we store, process and keep it safe. It also explains your rights in relation to Data Protection and how to exercise them.
For the purposes of the Data Protection Act (1998) the data controller is Headstogether Consulting Ltd of 2-4 Gray’s Lane, Holywood BT18 9AU.
There are four legal bases on which we may collect and process your personal data (express consent, contractual obligation, legal compliance or legitimate interest).
In certain circumstances we need your explicit consent to collect and process your personal data and in others we do not. Details of these different situations are outlined below in sections 2.1 to 2.4 along with some examples that illustrate the sort of scenarios we are describing. Please note this is not an exhaustive list and if you are in any doubt about the basis for your personal data being collected, stored or processed you should contact us directly for further information at firstname.lastname@example.org.
2.1 Explicit Consent
In certain circumstances we can only collect and process your data based on your explicit consent to do so. This is generally when we do not have a specific contractual, legal or legitimate interest reason to do so. Examples of when we will seek your explicit consent include:
In these circumstances we will contact you directly and you will be required to tick a box to opt into these services. If you chose not to opt into these services, you are free to decline. We will also provide details of how you can opt out, should you choose to do so, at a later stage.
2.2 Contractual Obligations
In certain circumstances we need to process your personal data to comply with our contractual obligations or prospective contractual obligations to you. Examples of this include:
2.3 Legal Compliance
If the law requires us to, we may need to collect and process your personal data for legal compliance reasons. Examples of this include:
2.4 Legitimate Interest
In certain circumstances we collect and store your personal data in order to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. Examples of this include:
When we rely on our legitimate interests as a reason for processing your personal data we will carry out a balancing test. You can obtain more information about our balancing tests by contacting us at email@example.com.
We treat our client’s data with the utmost care and take all appropriate steps to ensure this protection. We do this by:
In all circumstances when we collect your personal data we will not keep the information for longer than is necessary for the purpose for which it was collected.
When processing personal data for the performance of a contract, or prospective contract, the information will be retained for a period of 6 years.
Where we process your personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period of time after this (to allow us to implement your request).
We do not share your personal data with any third parties other than subcontractors or partners working directly on our behalf and under our control.
Your data will only be processed by Headstogether Consulting Ltd both within, and on occasions outside, of the EU.
Should your personal data for any reason need to be processed or transferred outside of the EU we will take all reasonable steps to ensure that data is adequately protected to EU standards.
Your rights include the following:
To access any information we hold on you, or to correct any information we hold please contact firstname.lastname@example.org.
If we choose not to action your request or believe we are unable to do so, we will explain to you the reasons for our refusal.
You can request that we stop the collection, storage and processing of your personal data by writing to us at email@example.com.
If you chose to opt out of our marketing communication we will ensure you do not receive this communication in future (once we have had a chance to process this request).
If you feel that we have handled your data incorrectly or you are unhappy with our response to any requests you have made regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 03031231113.
Or go online to www.ico.org.uk/concerns.