It is important that you read this policy and contact us if you have any questions or concerns about how your data will be used. You have the right to ask us to remove your personal data from our records at any point and we will cease to contact you immediately.
This policy will cover the following;
- Our details
- How we collect your data
- Type of personal data we collect
- How we use your data
- How long we keep your data on our records
- How we keep your data secure
- Automated decision-making
- Portable electronic devices
- Transfers of your personal information
- Your personal data rights
- Acting on data breaches
- Consequences of not providing personal data to us
- Changes to your personal data
The data controller for our website (www.changeandtransformation.co.uk) and mailing lists is Laura Mack (Change & Transformation, Company no: 09050369). You can contact Laura by;
- Writing to Change & Transformation, Fusion Hive, North Shore Road, Stockton-On-Tees, TS18 2NB
- Sending an email to firstname.lastname@example.org
The data controller/ processor for any data collected by Google Analytics, Facebook, Twitter, LinkedIn, and Google+ is the independent platform, not Change & Transformation. We do use these platforms but we do not collect, store or use any personal data from them and cannot control how they use your data.
How we collect your data
When you provide us with it directly by contacting us first, providing us with it in person (for example by giving us your business card) or by signing up to receive information from us through our website, via our ‘Want to hear more from us?’ form or our ‘Contact Us’ form. We may also contact you via details which are displayed for public use, for example on your company website, or via a third party introducer where you have given them consent.
Type of personal data we collect
We may collect any of the following forms of personal data; name, email address, company.
We may also, with your permission, take photographs of you to use on our social media and advertising materials.
We use Google Analytics, MailChimp and social media platforms (Facebook, Twitter, LinkedIn, and Google+) who may collect additional data, such as your IP address and other information about your computer. Change & Transformation do not have control over this data and will not collect, store or use it. If you do not want these websites to collect your data, you will need to alter your settings (for your social media or Google accounts) or ask us to remove you from our mailing list (MailChimp), which will result in you no longer receiving updates from us.
How we use your data
Your data may be used for administrative and business purposes, for advertising and analytical purposes, or for purposes relating to our legal obligations. We will only use your data for additional purposes if you have given us explicit consent to do so. We will only disclose personal data to third parties to the extent necessary to run our business, to fulfil any contracts we have with you, or where we are required by law. We do not sell personal information to third parties. You have the right to restrict the ways in which we use your data, by informing our data controller in writing.
How long we keep your data on our records
We keep your personal data on our records for as long as necessary with regards to any legal obligations we have (e.g. to maintain records for tax purposes) and any other legal basis we have for using your personal information, which includes your consent and also to be able to carry out terms of a contract with you. We will not keep your data if you ask us to remove it from our records, unless we have a legal obligation for which we need to use it. We will not keep your data on our records for any longer than we think it is necessary to keep it for.
How we keep your data secure
We take appropriate measures to ensure that your personal data is secure. All of our computers which have access to the data are password protected, as are any accounts where the data may be stored. We keep our office locked when we are not using it, so any personal data contained in our paper files cannot be accessed by anyone who is not employed Change & Transformation. We ensure that any personal data that we no longer need in hard copy is shredded before we discard it.
We do not use automated decision-making or automated profiling to process the personal data that we hold. All personal data will be organised and processed by employees of Change & Transformation.
We use strong passwords to protect all of our computers and any accounts through which your data can be accessed. These passwords are only known to Change & Transformation employees and will not be shared with anyone else. If we believe that someone else may have gained access to one of our passwords, we will immediately reset the password for that account. Where we are logged in to password protected accounts, we do not leave our electronic devices unattended, unless they are locked away in the office.
We occasionally send out email updates to our contacts, with updates on Change & Transformation and anything we think might be interesting or useful to them. If we have had your personal data on our records since before 25/5/18 you should have been asked to give us your consent to continue receiving these emails. You always have the right to opt out of these emails, by contacting our data controller. If you would like to receive these email updates from us, please contact our data controller and we will add your data to our list.
Portable electronic devices
Where we have access to accounts which hold your data via portable electronic devices, such as mobile phones, we ensure that the device is protected by a password or PIN code to prevent anyone outside of Change & Transformation from accessing it. We also make sure that any information held on memory sticks is protected by keeping them locked away in the office. Only individuals employed by Change & Transformation can gain access to the data.
Transfers of your personal information
We will not transfer your personal data outside of the European Economic Area.
Your personal data rights
You have the right to access your data at any time and to be informed about its use. You have the right to correct, update or delete your personal data at our records at any time. You may ask us to restrict the use of your personal data, object to its use, or withdraw your consent to its use at any time. You also have the right to complain to a supervisory authority if you feel that we are misusing your personal data or breaking the terms of this policy.
Acting on data breaches
Examples of data breaches include the loss of a memory stick, data being sent to the wrong address, the theft of a laptop, hacking etc. If we suspect that personal data we hold has been breached we will inform the ICO at the earliest opportunity, and certainly within 72 hours.
Consequences of not providing personal data to us
In cases where we have agreed a working contract with you and you have not been able to provide us with the relevant details to fulfil that contract, the consequences could possibly affect our ability to deliver the work and/ or make payment. If we do not have a working contract with you and you do not provide us with your personal data, we will not contact you and you will therefore not receive any of our email newsletters or updates.
Changes to your personal data
Please let us know about any changes to your personal data to keep our records relevant. Where we are aware of changes to your data (such as the change of a company name and/or email addresses) we may update our records, but you will be informed of this and can ask us to remove your data from our records if you wish.