PRIVACY POLICY

In this privacy notice we will refer to ourselves as ‘we’, ‘us’ or ‘our’. You can get in touch with our organisation in any of the following ways: 

  1. By phoning us on 0203 633 0591

  2. By contacting us via sunita@collectiveinsight.co.uk

We take the privacy, including the security, of personal information we hold about our individual clients, client organisations and suppliers seriously.  This privacy notice is designed to inform you about how we collect personal information about you as a client or supplier and how we use that personal information.  You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you. 

If you have any questions about this privacy notice or issues arising from it then you may contact Sunita Harley, our Data Controller who is responsible for matters relating to data protection at our organisation, including any matters in this privacy notice.  You can contact Sunita using the details set out above. 

We may issue you with other privacy notices from time to time, including when we collect personal information from you.  This privacy notice is intended to supplement these and does not override them.

We may update this privacy notice from time to time.  This policy was created on 1 June 2018 and this version was last updated on 1 January 2020.

  1. Key Definitions

The key terms that we use throughout this privacy notice are defined below, for ease:

Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.  

Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. 

Personal Information: in this privacy notice we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified.  It does not apply to information which has been anonymised.

2. Details of personal information which we collect and hold about you

    • Set out below are the general categories and in each case the types of personal information which we collect, use and hold about you: 

General Category - Types of Personal Data in this category 

  • Identity Information - This is information relating to your identity such as your name (including any previous names and any titles which you use), gender, marital status and date of birth

  • Contact Information - This is information relating to your contact details such as e-mail address, addresses, telephone numbers

  • Client assignment information - This is information relating to any assignments, projects or services we will be delivering for you as an individual client or client organisation. Examples may include a list of attendees and their email addresses who are attending any training workshops or webinars or any other personal or client information related to professional development or diversity and inclusion projects we are designing or delivering for you.

  • Payment Information - This is information relating to the methods by which you provide payment to us such as bank account details, payment card details and details of any payments (including amounts and dates) which are made between us.

  • Transaction Information - This is information relating to transactions between us such as details of the goods, services and/or digital content provided to you.

  • Feedback and Survey Information - This is information which we have collected from you or which you have provided to us in respect of surveys and feedback.

  • Marketing Information - This is information relating to your marketing and communications preferences.

The types of personal data we collect about you may differ from person to person, depending on who you are and the form of client or supplier relationship between us.

3. Details of how and why we use personal information 

    1. We are only able to use your personal information for certain legal reasons set out in data protection law.  There are legal reasons under data protection law other than those listed below, but in most cases,  we will use your personal information for the following legal reasons: 

      1. Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you; 

      2. Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests. 

      3. Legal Obligation Reason: this is where we have to use your personal information in order to perform a legal obligation by which we are bound; and 

      4. Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specific reasons. 

    2. There may be more sensitive types of personal data which require higher levels of protection.  Where we process such sensitive types of personal data we will usually do this in the following circumstances: 

      1. We have your explicit consent; 

      2. Where it is necessary in relation to legal claims;

      3. Where you have made the personal data public.

    3. So that we are able to provide you with services we will need your personal information.  If you do not provide us with the required personal information, we may be prevented from supplying the services to you.

    4. It is important that you keep your personal information up to date.  If any of your personal information or contact details change, please contact us as soon as possible to let us know.  If you do not do this then we may be prevented from supplying the services.

    5. Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time.  If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice.  If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information, in which case, we will confirm that reason to you.  

    6. Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes.  Because this is grouped together with other personal information and you are not identifiable from that combined data we are able to use this.  

4. Under data protection laws we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) which we told you about.   If we want to use your personal information for a different purpose which we do not think is compatible with the purpose(s) which we told you about then we will contact you to explain this and what legal reason is in place to allow us to do this. 

5. Details of how we collect personal information and special information

    1. We usually collect identity information, contact information, payment or banking information, client transaction information, survey information, marketing information, and any other relevant information directly from you when we start working together and you may provide this information when you contact us by e-mail, telephone or video call, in writing or otherwise.  

6. Details about who personal Information may be shared with

    1. We may need to share your personal information with other organisations or people.  

      1. Third parties who are not part of our group.  These may include: 

        1. Suppliers: such as IT support services, payment providers, administration providers

        2. Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies who are based in  the UK;

        3. Our advisors: such as lawyers, accountants, auditors, insurance companies who are based in the UK;

        4. Our bankers who are based in  the UK; and

        5. Any other regulatory organisations where are required to provide information to comply with UK legal requirements.

    2. Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers.  In the event we share your personal information with a Data Processor we will ensure that we have in place contracts, which set out the responsibilities and obligations of us and them, including in respect of security of personal information.  

    3. We do not sell or trade any of the personal information which you have provided to us. 


7. Details about transfers to countries outside of the EEA (European Economic Area)

    1. If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information, as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including where relevant any exceptions to the general rules on transferring personal information outside of the EEA which are available to us – these are known as ‘derogations’ under  data protection laws).  


8. Data retention and how long we will hold your personal information

    1. We will only hold your personal data for as long as is necessary.  How long is necessary will depend upon the purposes for which we collected the personal information and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons).  We may also need to keep personal information in case of any legal claims, including in relation to any guarantees or warranties which we have provided with the goods or services provided.

9. Your rights under data protection law

    1. Under data protection laws you have certain rights in relation to your personal information, as follows:

      1. Right to request access: (this is often called ‘subject access’).  This is the right to obtain from us a copy of the personal information which we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used. 

      2. Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed. 

      3. Right to erasure: (this is often called the “right to be forgotten”). This right only applies in certain circumstances.  Where it does apply, you have the right to request us to erase all of your personal information. 

      4. Right to restrict processing: this right only applies in certain circumstances.  Where it does apply, you have the right to request us to restrict the processing of your personal information. 

      5. Right to data portability: this right allows you to request us to transfer your personal information to someone else. 

      6. Right to object: you have the right to object to us processing your personal information for direct marketing purposes.  You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 4 above) and there is something about your particular situation which means that you want to object to us processing your personal information.  In certain circumstances you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing). 

    2. In addition to the rights set out in this privacy policy, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. 

    3. If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice.  If you do make a request then please note:

    4. We may need certain information from you so that we can verify your identity;

    5. We do not charge a fee for exercising your rights unless your request is unfounded or excessive; and

    6. If your request is unfounded or excessive then we may refuse to deal with your request. 

10. Marketing

    1. You may receive marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes. 

    2. However, we will give you the opportunity to manage how or if we market to you. In any marketing emails or e-newsletters which we send to you, we provide a link to either unsubscribe or opt-out, or to change your marketing preferences. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes , you can always contact us on the details set out at the beginning of this notice. 

    3. If you do request that we stop marketing to you, this will not prevent us from sending communications to you which are not to do with marketing (for example in relation to products, services or digital content which you have purchased from us).

    4. We respect the privacy of your personal information and we do not pass your personal information on to any third parties for marketing purposes. 

11. Raising concerns 

    1. If you have any queries about the way that we have processed or used your personal information, you have the right to flag this to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO).  

    2. Please do contact us in the first instance if you wish to raise any queries in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position as soon as possible.  You can contact us using the details set out at the beginning of this privacy notice. 

12. Third Party Websites

    1. Our website may contain links to third party websites.  If you click and follow those links then these will take you to the third party website.  

    2. Those third party websites may collect personal information from you and you will need to check their privacy notices to understand how your personal information is collected and used by them.

This Privacy Policy was last updated on 1 January 2020.

Collective Insight
0203 633 0591
www.collectiveinsight.co.uk
sunita@collectiveinsight.co.uk