Cookie and privacy policy
General information
This policy summarises the key points about how Coherence Consulting Limited collects, uses and discloses personal data and ensures compliance with applicable data protection laws and regulations throughout the jurisdictions where we operate.
What is personal data and data protection?
Personal data is information (including opinions) which relates to an individual and from which he or she can be identified either directly, or indirectly through other data which the company has or is likely to have in its possession. These individuals are sometimes referred to as data subjects and include our clients and employees.
UK data protection legislation (currently UK GDPR and the Data Protection Act 2018) govern how we can process and use this personal data.
Contact details
If you have any questions or comments about our privacy policy, please contact Mark Gracey, who is our Data Protection Officer. He can be contacted via hello@coherence.digital or by post to: Data Protection Officer, Mark Gracey, Towngate House, Parkstone Road, Poole, BH15 2PW.
Personal data we collect and process
As a company the type of data we collect, and process will depend on how you interact with us. You will therefore find in this section of the privacy policy details about how we handle the different types of personal data we collect and process. If you cannot find information about how we might handle your personal data, please contact us using the contact details above.
Visitors to our website
Our use of cookies
We use a range of cookies to enhance the functionality of our website and to help improve the website experience.
Cookies are pieces of information that are stored on your device, and which records certain information related to the functionality or your use of the website. Some cookies are essential (“strictly necessary cookies”) to the functioning of the website or provide us with certain functionality whilst you use the site, others are optional and can be selected in the cookie settings we provide on the website.
When you visit the website for the first time you will see a cookie banner which enables you to opt in to the various cookies we use. By default, only essential cookies are selected. You can find out about the cookies we use in the “Details” section of the banner. Once you have selected the cookies you are happy for us to use, you can change your settings by clicking the button in the bottom left of the webpage.
It is possible to turn cookies off in your browser however this may affect the functioning of our and other websites, which is why we provide you with the options to choose which cookies are used when you visit.
We do use Google Analytics cookies for the purposes of statistical analysis about visitors to the site and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit: developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage. You can also opt out of the use of Google Analytics across all websites: tools.google.com/dlpage/gaoptout.
Clients
If you are a client, we will typically collect from you your name, email address, contact details and details about the business you work for. We will also record details of what services you take and any associated project details.
We need this data to service you as a customer and to deliver our services. As such, we will rely on the lawful basis of contract for this processing.
The information is stored with our client files and is only accessible to those employees who need access. We will also store certain information in our accounting package for the purposes of invoicing you for the work.
We will need to store this information whilst you are still a client, but we also need to keep it due to legal obligations such as for tax and VAT purposes. This means if you are no longer a client, we will keep some of your information for up to 6 years plus the current financial year. We will securely delete any information we no longer need.
Potential clients and leads
As part of our marketing activities we may contact you about our services. This may be because you have previously expressed an interest in our services, or we have found your information online (via LinkedIn, via your business’s website, etc.) and contact you as we believe our services can be of use to your business.
Where you have contacted us, the section below will apply. Where we have contacted you for the first time, we do so relying on the lawful basis of legitimate interest, in that it is lawful for us to carry out this marketing activity for the purposes of growing our business.
Once we have your information, we will contact you to explain who we are and why we are contacting you, so it will be obvious from our messages. You can opt-out or object to such processing at any time either by contacting us or by selecting the “unsubscribe” option in any emails we send you.
Your details will be stored in our CRM system enabling us to monitor our engagement. The information will be kept for as long as you continue to engage with us and have not opted out of our messages. Once you have opted out of our messaging, we may keep minimal information to prevent us contacting you in future.
Individuals who contact us
If you contact us via email, we will store your name, email address and the content of the email within our email systems. The email may be directed to a specific employee which means it may also be stored on our employees’ devices.
We collect and process your emails, relying on the lawful basis of contract as we need the information to be able to consider your email and if necessary, respond to your enquiry.
Depending on the nature of the email and whether you are a client, we may keep your email with our client files, otherwise we will typically delete it either immediately or within 6 years of being sent (as a legitimate interest to protect our business from legal claims).
Employees
We have a separate privacy policy for our employees. If you do not have a copy of our employee privacy policy, you should contact the HR manager for a copy.
Job candidates
If you apply to work with us, we will collect your name, contact details, your CV and any other relevant application details.
We will use this information to consider you for the position. We will need this information otherwise we will not be able to consider you for a position. We rely on the lawful basis of contract for this processing.
We will store your details within our email and calendar (for interview invites) service and via an applicant tracking system. This information will be stored for as long as you are being considered for a position. If you are unsuccessful, we may ask your consent to keep your information for future opportunities, otherwise we will keep your data for up to 6 months as a legitimate interest to protect our business from any legal claims.
Suppliers
If you provide us with services, we will keep your name, contact details and details of your services and payment details within our accounting software for the purposes of processing your invoices and paying for your services. We do so under contract with yourselves and your information will be kept for up to 6 years plus the current year to meet our legal obligation to retain tax and VAT information.
Backups
For the purposes of effective running of our business we take backups of our systems and storage. This means that your personal data may be stored in such a backup, in which case we will rely on legitimate interest as our lawful basis. However, we only keep backups on a 3-day rotation.
Our use of messaging services
Internally, we use several messaging services for internal communication. As such, whilst we minimise this as much as possible, your personal data may be exchanged between our employees via such services. We rely on the lawful basis of legitimate interest for doing this.
Security
Information security is a key element of data protection. The company takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
Retention of personal data
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
Third party processors
We use several third-party cloud-based services for the purposes of effectively running our business and providing our services to you. We also use several third-party organisations, e.g. accountants, HR support, etc.
In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.
We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data.
Your rights
Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website: ico.org.uk/for-the-public.
If you would like to exercise your rights, or if you have any questions, please use the contact details at the top of this page.
Your right of access to your data (a so-called Data Subject Access Request)
You have the right to ask us about what data we hold about you, how we process it and to ask us to provide you with a copy of the information, free of charge and within one calendar month of your request.
We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.
Keeping your data accurate and up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your details but if you wish to update or correct any information we hold about you, please contact us with your updated details.
Erasure of your data (the “right to be forgotten”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If it’s not possible for us to delete your data, we will explain the reasons why.
Your right to restrict our processing
In some circumstances you can ask us to stop processing your data in a particular way. This will typically only apply if you are contesting the accuracy of the data we process about you, you believe our processing is unlawful or if we no longer need your information, but you wish for us to keep it (i.e. you are restricting the processing purely for your own purposes).
How to withdraw consent and object to processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom of the email or by contacting us.
You should also contact us, if you wish to raise concerns about the way we are processing your data or would like to raise an objection to the processing. This will typically only apply if we are processing your data for our legitimate interests, and you wish to object to that processing.
Portability
Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them).
Your right to complain
If you feel this privacy notice does not go far enough in explaining how we have used your personal data, we are happy to provide any additional information or explanation needed. Any requests for this should be sent using the contact details above.
If you want to make a complaint about the way we have processed your personal information, we’d rather you brought it to us in the first instance, but of course you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law in the UK – ico.org.uk/make-a-complaint.
Sharing your information
We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.
More information
For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: ico.org.uk.
Changes to our privacy notice
We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website at coherence.digital/privacy-policy.