Anna Lake Insight (“We”) are committed to safeguarding the privacy of our clients and the customers of our clients, and anyone else who provides us with their personal data, such as website users.
1. DEFINITIONS
(Words and phrases in this policy shall be interpreted as having the same meaning as those in our Terms of Service and Service Particulars, unless mentioned otherwise throughout this policy.)
“privacy policy”
shall refer to this entire document, and shall also sometimes be referred to as “this policy”.
“data controller”
shall refer to Anna Lake Consulting Ltd and our clients insofar as they pass personal data to us about “the customers of our clients”. Both data processors are responsible for determining the means and purpose for processing your personal data.
“data processor”
shall also refer to Anna Lake Consulting Ltd. We will process your personal data for the reasons set out clause 4 and 5.
“Individual”
for the purposes of the PECR shall refer to non-corporate clients, including sole traders and non-incorporated
partnerships.
“third party data processor”
shall refer to any body processing personal data that is not Anna Lake Consulting Ltd, and may also be referred to
as “third party”.
“personal data”
shall refer to any data whatsoever we collect and store on you that can identify you as an individual. “personal data” may also be referred to as “data” throughout this policy.
“ICO
shall refer to the UK Information Commissioner’s Office, which oversees data protection compliance in the UK.
“EEA”
shall refer to the European Economic Area, which includes all European countries, as well as Iceland,
Liechtenstein, and Norway.
“clients”
shall refer to those individuals using our services.
“PECR”
shall refer to the Privacy and Electronic Communications Regulations.
“GDPR”
shall refer to the General data Protection Regulations. shall refer to the Privacy and Electronic Communications
Regulations.
“customers of our clients”
shall refer to any customers of our clients, whom we process personal data of on behalf of our clients in relation to our services.
“data subjects”
shall collectively refer to our clients, the customers of our clients, and anyone who provides us with personal data
by any other means.
2. GENERAL
2.1. This policy is for individuals or individuals within corporate bodies, such as directors and employees, but does not apply to corporate bodies as a whole.
2.2. This policy was last updated on 24th September 2020 and conforms to the change in data protection laws, as enacted through the GDPR, which came into force on 25th May 2018, accompanying and amending the existing data Protection Act 1998.
2.3. From time to time, we may update this policy, but we will notify you of any changes that materially affect the way in which your data is processed, and seek your express written consent if necessary, using the contact details we hold on file for you.
2.4. We do not collect ‘sensitive’ or ‘special category’ data on you, such as race, political opinion, physical or mental health, religious belief, trade union membership, sexuality, or criminal offences. In the event you disclose sensitive data to us, we will ensure all such additional rights of yours are protected, and the data is appropriately destroyed or held in accordance with clause 3.8.
2.5. We will seek your express written consent if we are required to process your data in ways not covered by this policy, or as required by law.
2.6. We will notify you and the ICO of any suspected breach of this policy by us or any third party data processors we have passed your data on to.
2.7. We do not use automated decision making using your personal data.
3. PERSONAL DATA WE MAY COLLECT AND STORE
3.1. We will collect the following types of personal data on all data subjects:
a) Full name;
b) Telephone number;
c) Email address.
3.2. We will collect the following additional types of personal data on our clients:
a) Job title;
b) Employer.
3.3. We collect the above types of personal data on our clients from you filling out the enquiry form on our website, or contacting us by any other means.
3.4. We collect the types of personal data in clause 3.1 on the customers of our clients when our clients provide us with that data upon our request. If they have not previously sought your consent or provided you with information about this, then you are hereby notified.
3.5. For customers of our clients, we additionally collect data on the recorded answers to interview questions about your experiences with our clients’ services for the purposes of transcription.
3.6. We ask clients to ensure the accuracy of personal data you disclosure to us, and to keep us updated on any such changes to avoid incorrect data.
3.7. Information on your options to control the way we process your personal data is detailed in clause 7 ‘Your Rights’.
3.8. Your personal data is securely held at our office address and as encrypted digital data in our computer systems. Using our best endeavours, and contractually binding all third party data processors to do the same, we take all necessary measures and precautions to afford you the utmost confidentiality to ensure no personal data obtained on you is stolen, damaged, lost, or accessed without our authority but subject to this policy, and to not, at any time, without your prior written consent, directly or indirectly, use, disclose, exploit,
copy or modify, any personal data, or authorise or permit any third party to do the same, other than as out in this policy.
4. HOW WE PROCESS THE PERSONAL DATA OF OUR CLIENTS
4.1. Subject to Article 6 GDPR, we and our third party data processors will only process your personal data with your consent, or to the extent necessary, to:
a) Enter into or perform a contract with you, such as the services identified in our Terms of Service and Service Particulars, or;
b) Send relevant marketing, such as our newsletter and notifications in full compliance with the PECR to our corporate client contacts, or individuals who have ‘opted-in’ to receive marketing, under our legitimate interests, via phone or email based on our services that you have expressed an interest in, or;
c) Remember your preferences or your interests. For instance, if you request not to receive marketing material from us, we will keep a record of this, or;
d) Keep and collate our records of your personal data in order to maximise efficiency and provide you with the best possible service, in line with our legitimate interests.
5. HOW WE PROCESS THE PERSONAL DATA ON CUSTOMERS OF OUR CLIENTS
5.1. Subject to Article 6 GDPR, we will only process your personal data with your consent, or to the extent necessary, to:
a) Provide services to our clients as a third party under their legitimate interests;
b) Provide services to our clients as a third party under our legitimate interests;
c) Remember your preferences. For instance, if you would prefer not to take part in an interview.
5.2. We will not send any marketing material to customers of our clients.
6. WHAT THIRD PARTY DATA PROCESSORS PROCESS YOUR DATA?
6.1. We may only pass client personal data under strict confidentiality to our insurers, accountants, professional advisers, and internet server providers, as necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice, managing legal disputes, and ensuring the proper operations of services to you.
6.2. We do not pass personal data on the customers of our clients to any third parties other than our clients.
6.3. Further to clause 5.2, some of the third party data processors to whom we may send your personal data, may be based, or have links, to other data processors outside the EEA, but we will endeavour to take all necessary precautions to ensure such parties comply with the requirements of the European Commission.
7. YOUR RIGHTS
7.1. Once you have disclosed to us any of your personal data, your principal rights under data protection laws are as follows:
a) Request access to know what personal data we hold on you, the purposes for processing, and any third party recipients. Please note that upon such requests we will verify your identity by asking you to confirm some information we already hold on you;
b) Request rectification or erasure of your personal data;
c) Impose restrictions on processing your personal data. Please note that should you choose to do this, it may prevent us from performing our services;
d) Opt-out of any marketing, direct or otherwise;
e) Data portability. This means you can request your data be transferred to another body or organisation;
f) The right to complain about the way we process your personal data to a supervisory authority, like the ICO.
7.2. Please note that we may not be able to comply with such requests in clause 6.1 if you are yet to fulfil any contractual obligations or agreements, such as paying an invoice, or if we can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, or if the processing is for legal claims.
7.3. If you have any disabilities which may prevent you from complying with any formalities of making such a request in clause 6.1, then please let us know and we will try to accommodate you.
7.4. If you have received what you believe to be ‘spam’ emails or any other communications sent by any third party masquerading as Anna Lake Consulting Ltd, then please notify us immediately by using our contact details in clause 9.
7.5. We may have to disclose some of your personal data to third parties to uphold our legal obligations, protect your vital interest or the vital interest of others, or for debt recovery purposes. This is something you cannot opt-out of without us being unable to provide you with services.
7.6. If you are unsatisfied with the way we have dealt with any of your complaints about the way your personal data has been collected or processed, then please contact the ICO.
8. DATA RETENTION
[8.1. We and any third party data processors we pass your personal data to, in line with clause 6, only hold essential personal data for a necessary period in order to uphold legal obligations and vital interests. This is likely to be 3 years8.2. For any personal data relating to our accounting records, such as payment transactions, we will retain this for 6 years. For any other type of data, such as correspondence, the retention period could be significantly less.
8.3. Once we transcribe any recorded conversation described in clause 3.5 and send these to our clients, this personal data is destroyed.
8.4. When the time comes to destroy your personal data, we do so in a controlled and secure manner, strictly upholding clause 3.8
9. CONTACT
9.1. Should you have any questions regarding this policy, together with your rights and obligations under this policy, please do not hesitate to contact us on 07738 728221 or via email at anna@annalakeconsulting.com, or write to us at:
Anna Lake Consulting
62 Oak Road
Tavistock
Devon
PL19 9EZ