Website Fair Processing Notice
Under data protection law, we have certain legal responsibilities about how we collect, use and share your personal information.
This policy explains our privacy practices and covers the following:
The type of individuals whose personal information we collect
What personal information about you we collect and use
Sources of personal information
How we use your personal information
Who we share your personal information with
How long we retain your personal information for
Any transfers involving your personal information
How we legally justify using your personal information
Your legal rights in relation to your personal information
Other relevant information, including how to contact us
1 Whose personal information do we collect
We collect and use personal information relating to the following types of individuals:
Contacts at our existing clients and associates - we collect and use contact details of people who we liaise with at organisations who are our existing clients or associates i.e. organisations who appoint us to deliver services.
Contacts at our potential clients – you may express an interest in our services, for example by phoning us or registering an interest via an email or on our website, or we may contact you where we consider that you may be interested in our services.
Claimants – we collect and use certain personal information about individuals who make a claim directly against us. Occasionally, the claim may relate to children or a vulnerable person, with the claim being brought by a parent or other adult with responsibility for them.
Visitors to our offices or sites - We also collect certain information about people who visit our offices, sites or places where we are working.
Contacts at our advisors and other third party suppliers - we collect and use certain personal information about contacts who work at organisations who provide goods and services to us, i.e. our suppliers and organisations with whom we partner to provide our services, as well as advisors who provide legal, financial services and other advice to our business.
2 What personal information about you we collect and use
Depending on whose personal data we collect and use (as indicated above) the information will generally consist of:
(a) Clients, associates and potential clients and associates ► name, job title, email address and work address.
(b) Claimants ► name, address, email, date of birth, any relevant medical details (as appropriate, including for claims brought on behalf of children);
(c) Visitors to our sites and other people who come into our offices and sites and places where we work
(i) CCTV recordings from static cameras placed around the buildings – these face exits and entrances;
(ii) details of your name, place of work, your contact details – which guests provide when they visit our sites/offices for appointments or meetings,
(iii) video images of people who are in the immediate vicinity when we record video images – for example, this may unintentionally involve us
recording people in the vicinity at that time.
(d) Advisors / thirty party suppliers ► name, job title, email address, phone number and work address.
3 Sources of personal information
(a) Information you provide ► the information you provide where you or your organisation provides to us or receives a services from us; or when you get in touch with us, for instance registering an interest by emailing us, have a telephone conversation with our call centre, or if we meet at a networking event and you provide your business card; or when you get in touch directly in the event of a complaint or claim.
(b) Information from your employer ► your employer may pass us your contact details, for instance if you are to act as someone who we will be liaising with regarding a project.
(c) Information from a solicitor or insurer ►if you are a member of the general public and you make a claim against us, your solicitor or insurer may pass us your contact details.
(d) Information from publicly available sources ►we may occasionally obtain limited personal information from the internet or from sources such as LinkedIn.
(e) Information collected by CCTV or other video cameras ►if you are a member of the public or other individual who visits or comes into close proximity with our sites, we may collect personal information about you via CCTV. We also record images – for example at events we host – this may unintentionally involve us recording people in the vicinity at that time.
4 How we use your personal information
(a) Day to day communications with customer, suppliers and other third parties who we work with – we need to communicate effectively and efficiently with our members, clients, advisors, journalists and third party suppliers, in order to facilitate our provision of high quality and timely communications and services, including service delivery, newsletters, insights, press releases, invitations to attend or speak at events or to senior individuals and compliance with all operational, technical, health, safety, environmental & governance standards. Similarly, where your organisation provides services to us, we will need to know which individuals at your organisation we need to communicate with and keep details of your personal information on our systems, including for selection, health & safety and compliance requirements. Therefore, we use personal information for day to day communications with such parties. Our communication methods include written correspondence, email, telephone, online video conferencing and face to face meetings.
(b) Assessment of Claims – we need to assess and process personal information relating to a claim that someone may make against us. This may involve us using a claimant’s personal information in our defence or other legal documentation and for obtaining legal advice or insurance etc..
(c) Safety and Security of our offices and sites - we collect personal information about you via CCTV at our offices and certain sites where we operate. We record images in this manner for security reasons, to protect our assets and staff, but also to ensure compliance with operational health and safety standards and general governance standards. In more limited occasions, we may also use body worn cameras at particularly sensitive sites where we operate, again for security reasons and to protect the integrity of our business. Where we unintentionally record images of passers-by we do not actually use the personal information contained in such recordings.
(d) Business development – as a business, we do not conduct major marketing campaigns using personal information. We do however from time to time use limited personal information (business contact details) to get in touch with existing and potential clients, in order to promote our services and build relationships and to develop and manage existing relationships. For instance, we use LinkedIn, phone calls and emails to invite clients to events.
(e) Managing accounts and other internal administrative purposes – we process personal information for other internal administrative purposes, including in relation to setting up and managing accounts with our clients and suppliers, paying and raising invoices etc..
5 Parties who we share your personal information with
We share your personal information with the following parties:
a) From time to time we may share personal information internally, with other entities in our group. These entities may include:
a) A Denham Consulting Limited– as required in relation to the provisions of consulting services;
b) Sarik FD Services Limited – as required for the audit of financial statements, tax compliance and advice and in relation to the provision of consulting services;
c) Robertson Macintosh Ltd– as required in relation to the provisions of consulting services;
d) Client(s) - to ensure the employee of a subcontractor meets the technical, behavioural, health and safety requirements of the client to the client’s or member’s satisfaction, where relevant;
e) IT service providers – suppliers who provide hosting of our IT services or who provide support and maintenance services for our IT systems may occasionally have supervised access to parts of our IT systems which contain personal information for maintenance and support purposes;
f) Providers of CCTV – we CCTV in house;
g) The police – we may be contacted by the police asking for CCTV footage, for instance relating to incidents;
h) Solicitors, insurers and the courts – where we have obtained personal information from claimants we may need to share such information as part of defending a claim; and
Where we share personal information with third parties, where possible, we generally have contracts in place with such third parties, which ensures that they will protect your personal information and not use it for any purposes beyond delivering their services to us.
6 How long we retain your personal information for
The length of time that we may retain your personal information for varies, according to the type of individual whose personal information we have collected, and what this is being used for:
Type of individual Applicable retention period
Existing clients, associates For the duration of the contract between us plus 6 years.
Claimants Until the claim is resolved
Personal information in CCTV 28 days unless we have reasonable grounds to
recordings and telephone consider that we may need to retain the information for longer,
call recordings for instance if it contains evidence relating to a potential legal
claim or criminal act.
Our advisors and other For the duration of the contract between us and
third party suppliers such third parties plus 6 years.
7 Transfers of your personal information
Unless you request us to do so, we will not actively transfer your personal information outside the European Economic Area (EEA), it will be stored on servers based in the United Kingdom and Ireland. If you use an email service provider whose servers are based outside of the EEA then please note that any related transfer of your personal information is outside of our control.
8 Legal grounds for processing your personal information.
Every use that we make of your information must meet a legal ground in the list set out by data protection law. The legal grounds which we rely on are as follows:
i. enabling us to provide effective communications with our clients, associates, advisors, suppliers and where applicable members of the general public;
ii. managing accounts and relationships with clients and third party suppliers;
iii. to operate our services efficiently and effectively.
b) Dealing with claims: When we handle personal information in relating to public liability or other claims that are brought directly against us, the legal grounds which we rely on are as follows:
i. When this involves handling medical details - the establishment, exercise or defence of a legal claim.
ii. Where we are subject to liability claims on behalf of a child or other vulnerable person - we will always seek to obtain the explicit consent of their parent or legal guardian or independent advocate, as appropriate, before processing personal information relating to the child or vulnerable person.
iii. Generally for other personal data – to achieve our legitimate business interests, in a situation where your rights are not jeopardised so as to override this. Our legitimate interests would be to defend ourselves from a claim.
c) CCTV – the legal grounds which we rely on are as follows:
i. Where the images are just of people’s faces, bodies’, cars, clothing etc., then the legal ground we rely on is that such use is necessary to achieve our legitimate business interests, in a situation where your rights are not jeopardised to as to override our interests. The specific legitimate interests are for security reasons, to protect our staff, offices, assets and sites from vandalism and theft and other criminal acts.
ii. Where the images are of a more sensitive nature – our justification for recording such images are where relevant:
iii. that the personal information is manifestly made public by the individual; or
iv. that we will need to collect, use and retain such information for the establishment, exercise or defence of a legal claim.
d) Marketing – where we do send marketing communications to clients and /or potential clients, we will only do so if we have first obtained their prior consent to receiving such marketing communications.
i. enabling us to provide effective communications with our clients, advisors, suppliers and where applicable members of the general public;
ii. managing accounts and relationships with clients and third party suppliers;
iii. to operate our services efficiently and effectively; and
iv. to protect our assets and our staff.
9 Your rights in relation to your personal information
If you have any questions in relation to our use of your personal information, you should first contact us using the contact details in paragraph 10 below. Under certain conditions, you may have the right to:
(a) require us to provide you with further details on the use we make of your personal information;
(b) require us to provide you with an electronic copy of personal information that you have provided to us;
(c) require us to update any inaccuracies in the personal information we hold;
(d) require us to transfer a copy of your personal information to another data controller, in a structured, machine readable and commonly used format;
(e) require us to delete any personal information that we no longer have a lawful ground to use;
(f) require us to restrict our use of your personal information;
(g) where the processing of your personal information is based on us receiving your consent, the right to withdraw your consent at any time;
(h) if we indicate that we use your personal information for direct marketing purposes, a right to object to receiving any further direct marketing from us at any time;
(i) complain to the Information Commissioner at any time;
(j) object to our uses of your personal information which are based on the 'legitimate interests' legal ground, as indicated above. If any of our uses of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that purpose.
Your exercise of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at paragraph 10 below.
10 Other Information
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to your personal information, by contacting us as set out below.
We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure. However, no transmission of personal information can ever be guaranteed as secure. Consequently, please note that we cannot guarantee the security of any personal information which you transfer to us or which we transfer to you.