This policy summarises the key points about how Coherence Consulting Ltd collects, uses and discloses personal data and ensures compliance with the laws and regulations throughout jurisdictions where we operate.
What is personal data?
Personal data is information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which the company has or is likely to have in its possession. These individuals are sometimes referred to as data subjects and include clients and employees.
Mark Gracey is the Data Protection Officer of the personal data we process and is therefore ultimately responsible for ensuring our systems, processes, suppliers and employees comply with data protection laws and regulations in relation to the information we handle. Our Data Protection Officer provides guidance and advice to the company as required.
As a company, we believe it is the responsibility of the whole team to ensure that any personal data sent or received is handled in the correct manner as outlined in our Data Security Policy and IT and Communications Policy.
All Coherence Consulting employees must abide by this policy and the policies mentioned above when handling personal data and must take part in any required security and data protection training. Any breach will be taken seriously and may result in disciplinary action.
Principles of data protection
The company has adopted the following principles to govern our use, collection and disclosure of personal data. These principles have been established to create a uniform standard across our offices and our partnerships in London and Edinburgh, UK and Jaipur and Mumbai, India taking account of the laws in the jurisdictions where we operate.
The company’s core principles provide that personal data must:
- be processed fairly and lawfully and to the extent required under local law with valid and informed consent;
- be obtained for specific and lawful purposes;
- be kept accurate and up to date;
- be adequate, relevant and not excessive in relation to the purposes for which it is used;
- not be kept for longer than is necessary for the purposes for which it is used;
- be processed in accordance with the rights of individuals;
- be kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
- not be transferred to, or accessed from, another jurisdiction where these core principles cannot be met unless it is adequately protected.
As a company the type of data we collect and process falls into one of the following categories:
- personal data relating to our employees and obtained during the recruitment process;
- participants in our events and other promotional activities;
- personal data obtained and used in relation to providing digital services during the course of an engagement.
Participants in our events and other promotional activities
TYPES OF DATA
- Information such as name and business information (email address, job title, who you work for).
- Additional information may be processed where it is provided by you, for example in correspondence, in connection with an event or in letting us know what areas you are interested in and when you wish to be contacted by us. This may include access or dietary requirements which may reveal information about your health or religious beliefs.
- Our websites may also collect your device’s unique identifier, such as an IP address.
- Information is collected via forms on our website or via email/call only.
- Personal data will be used to:
- complete any request you may make;
- contact you with communications event or marketing updates in line with your preferences.
- Personal data:
- will not be transferred to our partners, or to service providers who support the operation of our business;
- which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected;
- will not be given to other third parties, apart from in limited circumstances such as, where we run a joint event and you book onto it.
- We do retain data collected via our promotion activities for 1 year since the last interaction with you.
- You may request the removal of your information at any time.
Personal data obtained and used in relation to providing digital services during the course of an engagement
TYPES OF DATA
- Information processed for relationship management and service opening procedures such as name, business information and identification documentation.
- We do not encourage the use of personal email addresses and will insist that our clients only provide work alias during the course of an engagement.
- Additional personal data may be collected for a specific digital delivery but must be encrypted in transit.
- Relationship management and service opening information is collected from you directly and further information (e.g. to verify your identity) may be collected from third parties, such as publicly available sources.
THIRD PARTY PROCESSORS
- Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
- Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.
- Relationship management and service opening data is used for providing digital services administration, commercial purposes (eg creditworthiness) and as required by law (eg anti money laundering).
- All other personal data will be used for the purposes of providing digital services and to comply with our statutory/ regulatory obligations.
- In relation to our digital services we will monitor and record information relating to use of the services. This will include how and when the system is accessed and how data is uploaded.
- Personal data:
- will not be transferred to our partners, or to service providers who support the operation of our business unless it is required for engagement purposes (eg: data migration). In this case, all data that is transferred between Every Interaction, our clients and third party suppliers will be encrypted and deleted after use.
- which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected.
- Once an engagement completes we will remove all personal subject data from our systems after one month of completion/termination.
Personal data must be processed in line with individuals’ rights, including the right to:
- request a copy of their personal data;
- request that their inaccurate personal data is corrected;
- request that their personal data is deleted and destroyed when causing damage or distress; and
- opt out of receiving electronic communications from the company.
Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Officer.
Employees people must notify or inform the Data Protection Officer immediately if they receive a request in relation to personal data which the firm processes.
How to make a complaint
You should direct all complaints relating to how the firm has processed your personal data to the Data Protection Officer.
Employees must inform the Data Protection Officer immediately if they receive a complaint relating to how the company has processed personal data so that the company complaints procedure can be followed.
Information security is a key element of data protection. The company takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
Data Protection Officer, Mark Gracey, Towngate House, Parkstone Road, Poole, BH15 2PW
Email: [email protected]