Last updated in June 2018
1. What types of information do we collect and use?
The types of information that we collect fall under two general categories: personally identifiable information (PII) and non-personally identifiable information (non-PII):
- PII consists of any information which can be used to specifically identify you as an individual;
- Whereas, non-PII consists of aggregate information or any information that does not reveal your identity.
The following sections describe how your PII is collected by us and how we use such information.
2. What types of personal information do we collect?
We collect information about you which enables us to send you communications, via email and other forms, about DWG services which may be relevant to your needs. This is collected in our capacity as an expertise business that provides digitally-led business transformation services to prospects and clients.
In order to do this we collect personal information which includes, but not limited to, your first name, surname, email address (both personal and business), telephone number, company job title, company name, job function, location, and sector.
We DO NOT collect sensitive personal data about you, in the form of health or medical information, racial or ethnic origin, sex life or sexual orientation, political opinions, religious beliefs, trade union membership and biometric data.
3. Where do we collect personal data about you from?
The following are the different sources we may collect personal data about you from:
- Directly from you. This is information you provide when communicating by email or meeting in person.
- From an agent/third party acting on your behalf. This may be your Company, own limited company, an umbrella company or other source.
- Through publicly available sources. We use the following public sources:
- Social media and networking sites, including LinkedIn
- Companies House (or equivalent in the relevant jurisdiction)
- Corporate websites
- By word of mouth.
Where we collect your information through publicly available sources as set out above, we may do this with the aid of software programmes. Where we use these programmes, their use is restricted to only searching for information (e.g. job title, location, skillset) from public sites where there is a reasonable expectation that such information may be collected and used by companies to conduct Marketing Communications to that individual.
4. How and why we use your personal data
We will use your data so that we can provide our services to you, including:
- Sending you marketing communications regarding DWG service which may be of interest to you.
- Responding to your requests or questions when you contact us.
- Carrying out our contractual obligations with you, including any contracts we intend to enter into with you.
- Managing our relationship with you and with our clients and perform administrative and operational tasks.
- Complying with our legal obligations and rights, under contracts and at law, and to cooperate with authorities and investigations.
5. What marketing communications do you send?
We may send marketing communications to you by email, through social media, SMS or by post.
You may opt out of receiving any further marketing communications by clicking the “unsubscribe” link in an email received from DWG or by contacting us at firstname.lastname@example.org.
6. How long do we keep your personal data for?
We keep your information for as long as you want us to and to use your information as described above. We may retain some of your information after you cease to use our services if it is necessary to meet our legal obligations.
Our standard policy is to retain personal information for 5 years but when determining the relevant retention periods, we will take into account:
- Our contractual obligations and rights in relation to the relevant information;
- Legal obligations under applicable law to retain data for a certain period of time;
- Our legitimate interest where we have carried out a balancing test;
- Statute of limitations under applicable law;
- Disputes, whether potential or actual;
- If you have made a request to have your information deleted;
- Guidelines issued by relevant data protection authorities.
If we determine that we can delete your data, we will do so securely.
7. Who do we share your personal data with?
Your personal data may be shared with certain third parties who will be subject to contractual obligations of confidentiality and compliance with relevant laws, including:
- Suppliers, contractors and agents who may perform services for us, including payroll providers, umbrella companies, professional advisers such as accountants or lawyers, insurance brokers, consultants, background check agencies, email marketing agencies, event organisers.
- Government or law enforcement authorities or any other third party in any jurisdiction, if we believe that we have an obligation to do so or that such action is necessary to protect, defend or enforce our rights.
- In the event of a sale, merger, liquidation, receivership or transfer of assets to any third party provided they are obliged to only use your personal data for the purposes that you have provided it to us.
8. What legal basis do we have for using your information?
We may rely on our processing being necessary to perform a contract for you if you are a client and we are negotiating or have entered into an agreement with you to provide services to you or receive services from you.
Processing may also be necessary to fulfil our legal and regulatory obligations, such as disclosure to public authorities, regulators and investigations. We may also use your information if we have to establish, exercise or defend legal claims or where the personal information is in the public domain. The legal basis for this processing activity is that it is in the public interest.
9. What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data we request or withdraw your consent for the processing of your personal data, we may not be able to provide useful marketing communications or provide services to you.
10. Do we transfer your data outside the EEA?
Which are the 27 Member States of the EU plus Norway, Liechtenstein and Iceland.
Yes, we do for transfer, storage and use. But in the case of ‘transfer and use’ this only happens for given client needs and only necessary information to the event or client is used.
Where these countries’ privacy laws are different from those in your home country and which has not been deemed to provide adequate data protection standards, we always have security measures and contractual clauses in place to protect your personal data.
By submitting your personal data, you agree to this transfer, storage or processing. To find out more about how we safeguard your information as related to transfers contact us on email@example.com.
11. What security measures do we have in place?
We have appropriate technical and organisational security measures in place to protect your personal information under our control and to prevent unauthorised access, destruction, transmission, misuse or alteration of it. However, we cannot guarantee that such unauthorised access, destruction, transmission, misuse or alteration will not happen.
Transfer of data via the internet is not completely secure and while we do our best to protect your personal data, any data you transmit to us is at your own risk. Once we have received your data we will follow our procedures and policies to protect it.
If we share any links to external websites operated by other organisations (such as clients, training providers etc) with you, any data you submit to those websites (including clicking on any link) is outside our control and will be subject to that third party’s data protection and privacy policies. We cannot guarantee that any third party will be compliant with relevant laws and best industry practice and accept no responsibility or liability for these third parties.
13. What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
13.1 The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
13.2. The right of access
This is so you’re aware and can check that we’re using your information in accordance with data protection law.
13.3 The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
13.4. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
13.5. The right to restrict processing
You have rights to ‘block’ or suppress the further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
13.6. The right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
13.7. The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing or if you no longer want to be contacted with potential opportunities.
13.8. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
13.9. The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
- Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
14. How will we contact you?
We may contact you by phone, email or via social media or networking sites. If you prefer a particular contact means over another please just let us know.
15. How can you contact us?
We will review your personal data to ensure it is up to date and accurate but rely on your cooperation to keep us informed if any such data changes. If you would like to change any information you have provided to us, please just let us know
If you are unhappy with how we’ve handled your information, or have further questions on the processing of your personal data, contact us here:
FAO Data Protection Officer: firstname.lastname@example.org
16. Who controls your personal data?
The controller of your personal data is: Digital Works Consulting Limited (t/as Digital Works Group) a company registered in England and Wales under registration number 07726470 whose registered office is at 1 Mountview Court, 310 Friern Barnet Lane, London. N20 0LD.
18. Personal data subject rights
Every person whose personal data is processed by us has the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Where the processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.