GDPR DATA PROTECTION
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. The GDPR takes effect on May 25, 2018. It replaces the 1995 EU Data Protection Directive, strengthening the rights that EU individuals have over their data, seeking to unify data protection laws across Europe.
Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information.
This is the privacy notice of Brindle Consulting LTD.
In this policy, “we”, “our”, or “us” refer to Brindle Consulting LTD.
We are company number 08381665 registered in England.
We are registered with the Information Commissioner’s Office Reference No. ZA349706
Our registered office is at; 1 Westbury Terrace, Dunkerton, Bath. BA2 8BE
- This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
- We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
- We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
- Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
- The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at knowyourprivacyrights.org
- Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
Where do we stand?
We recognise that our various work streams will use and generate personal data differently.
The majority of work is with corporate clients, where Personal Data is restricted to items such as Name and E-Mail addresses that are transferred to us as part of processing reports and coursework etc.
This data may be retained in email clients or marked coursework records. Your personal data is also likely to be processed under the GPDR procedures of our corporate client. Your personal Data will still be processed in line with the principles below when in our care.
Dyslexia work poses the greatest potential for Personal Data processing and transfer. We have identified how we use and transfer data as part of that activity. The information below explains this, and gives you information to make an informed decision on the management of your personal data, and ultimately the decision to consent to its use.
The bases on which we process information about you.
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
We use data under one of the Lawful Basis that match our method of trading need.
- We will use your personal data as part of any Contract we enter into with you to provide you, any services or advice in relation to the enquiry or requested work.
- We will use your personal data as part of any contract with a third party, with Legitimate Interests, operating on your behalf, (such as your employer), to provide any services or advice in relation to the enquiry or requested work, in relation to you.
- We will use your personal data as part of any contract with a third party with Legitimate Interests operating on behalf of Brindle Consulting, for any services or advice in relation to the requested enquiry or requested work. (such as where we employ external specialists for Dyslexia Testing).
- We will release your data where we are under a Legal Obligation to do so and the processing is necessary for us to comply with the law. We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request, or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.
Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our policy.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
Sometimes you might give your consent implicitly, whilst you still retain the control of your own personal data, such as when you use our social media sites, that allow you to select your own privacy settings, and delete posts or accounts when you choose to.
Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally.
We continue to process your information on the basis of your consent, until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us by emailing email@example.com
Use of Personal Data
Brindle Consulting Ltd routinely uses personal data, with your consent, in the following ways:
- To communicate with you as part of our normal Contractual business activities, such as emails and invoices, used in delivering contracted services, pro-bono work, or general advice.
- To provide, with your express permission, your personal information to agreed third parties with Legitimate Interest, to access specific professional services in the course of the services requested on your behalf, such as Dyslexia Tests.
- To communicate, with your expressed consent, the results of tests to you and/or any third party with Legitimate Interest and specifically identified and approved by you, such as your employer.
- We only seek to obtain your personal information that is essential for our agreed work activity.
- Confidential test results are not retained by us. They may be retained by the tester, and may transferred by us to you, or your authorised third party with Legitimate Interest. We may retain our conclusions or recommendations in reports relating to the work activity.
- Where information is transferred electronically by email file transfer etc, the third party service provider, (email clients) may as part of their activity access or monitor emails sent to you.
- On your request we will access, erase, or rectify any data, or data errors without delay.
Brindle Consulting Ltd will NOT use personal data in the following ways:
- We do not export your data overseas for third party processing, except where this is related to computer software or hardware. Our websites are hosted in the United Kingdom. We use a commercial email provider, ‘British Telecom’. We use commercial software packages, and social media platforms developed in the United States of America, and other territories. Where those organisations process your personal data it is with the controls provided by the European Union where there is a legally binding agreement or administrative arrangements approved by a supervisory authority in the European Union relating to their protection of your information.
- We do not sell, release or provide your personal data voluntarily to other organisations, for third party profit, reward or marketing activities, except as outlined above as part of our direct business activity for you, or your third party.
- We do not deliberately release your personal data to anyone, except as outlined above as part of our direct business activity for you, or your third party, except were required to do so by law.
- We do not employ direct marketing techniques for existing clients, you will receive no automated mailshot type activities.
- We do not conduct any type of additional profiling of an individual’s interests and preferences from any of the data provided, except as part of our direct business activity for you, or your third party.
- We do not require, and will not request, or process, Special Category data.
- We do not require, and will not request, or process Criminal Offence data.
Retention of Personal Data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- To provide you with the services you have requested.
- To comply with other law, including for the period demanded by our tax authorities.
- To support a claim or defence in court.
Where do you stand?
The GDPR provides the following rights for individuals:
- The right to be informed
- Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
- The right of access
- Individuals have the right to access their personal data and supplementary information.
- The right of access allows individuals to be aware of and verify the lawfulness of the processing.
- The right to rectification
- The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
- The right to erasure
- The GDPR introduces a right for individuals to have personal data erased.
- The right to erasure is also known as ‘the right to be forgotten’.
- The right to restrict processing
- Individuals have the right to request the restriction or suppression of their personal data.
- This is not an absolute right and only applies in certain circumstances.
- The right to data portability
- The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object
Individuals have the right to object to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific / historical research and statistics.
- Rights in relation to automated decision making and profiling.
The GDPR has provisions on:
- automated individual decision-making (making a decision solely by automated means without any human involvement); and
- profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
You will be asked by us to positively consent to the use of your data, and you may withdraw that consent at any time by emailing us directly at firstname.lastname@example.org using the title ‘Data Protection’
At any time you may review or update personally identifiable information that we hold about you.To obtain a copy of any information you may send us a request using the title ‘Data Protection’ to email@example.com.
If you wish us to remove personally identifiable information from our files, you may contact us at firstname.lastname@example.org using the title ‘Data Protection’
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
You should observe our GPDR data protection Policy and Statements on our website brindleconsulting.co.uk
You should complete our GPDR Data Protection form that we send you and return it to us.
You should consult the Information Commissioners Office for further advice or clarification on GPDR or Data Protection Issues.
We may update this privacy notice from time to time as necessary.
The terms that apply to you are those posted here on our website on the day you use our services. We advise you to print a copy for your records.
Policy effective: 20:00hrs – 25th April 2018