This privacy notice covers ethicalbusinessmentoring.co.uk and the data we collect from you when you use our site, together with the personal data we process when you contact us using our online form, and the personal data we process when we deliver our services to you.
These are our reasons for collecting it, what we do with it and what your rights are.
Who are we?
We are Ethical Business Mentoring Ltd., 375 Tonge Moor Road, Bolton, England, BL2 2JR, company registration number 10181281.
You can email us at firstname.lastname@example.org, and call us on 07496 833803.
We are the data controller for this processing and are registered with the Information Commissioner’s Office (ICO). Our registration number is ZA871886.
Purpose of processing
We occasionally act as a Data Processor when we are delivering services on behalf of our clients, however we do act as a Data Controller when we are marketing our services to prospective clients or managing any subsequent contracts.
Where we are acting as the Data Controller we process your personal data:
- to respond to enquiries about our services,
- to take the necessary steps to enter into a contract with you or your organisation,
- to deliver our services to you or your organisation once we have a contract with you or your organisation,
- to market our services to you or your organisation,
Lawful basis of processing
Where we are acting as the Data Controller we must tell you what lawful basis we are using when we process your personal data.
Where we are responding to enquiries about our services we process your personal data because it is in our legitimate interest to do so in order to deal with your enquiry.
Where we are negotiating with you to provide our services to your organisation then we process your personal data because it is in our legitimate interest to do so in order to take the necessary steps to provide our services.
Where we have a contract to deliver services to your organisation we process your personal data because it is in our legitimate interest to do so in order to provide our services under that contract.
Where we are directly marketing our services to your organisation we process your personal data because it is in our legitimate interest to do so and you have not opted out of receiving direct marketing or because we have your consent to do so (if you have opted in to receive our direct marketing).
Where we are relying on your consent to process your personal data you are free to withdraw that consent at any time. Where we are relying on our legitimate interests to process your personal data you may object to that processing at any time.
What personal data do we collect?
We will collect and process the following data from our website’s contact form or when you get in touch with us to make an enquiry. We will also retain these personal data when we are providing our services to you.
- Your name
- Your email address
- Your telephone number
- Your organisation name & address
Special category data
There are additional rules we must follow if we collect certain types of more sensitive data, known as Special Category Data. These include details of your ethnicity, beliefs, health and sexuality.
We do not process any special category data about you.
Do we ever share personal data?
We will share your data if required to do so by a legitimate law enforcement agency.
When you submit your personal data online your data is held by our partner who hosts our website. We also share your personal data with our cloud based business software provider (for email, storage etc.)
If you consent to the use of analytics and tracking cookies from our website we will share data with those third party cookie providers.
If we are communicating with you via email or social media channels we will be sharing your personal data with those email and social media providers.
Where we are using a data processor to process personal data on our behalf, for example our website hosting supplier, then we ensure that a valid data processing agreement is in place between us and that any international transfers of data have a lawful mechanism.
We will never share or sell your data to any other third parties without your permission.
How do we keep your data secure?
We take sensible steps to keep your data secure:
- All data sent between your browser and our website are encrypted in transit,
- We delete personal data when we no longer need to retain it,
- Access to personal data is password protected and we use multi-factor authentication where available
You have a number of rights relating to the processing of your data, if you would like to use them or have any questions then please contact us. Where we are processing your personal data on behalf of one of our clients we will ask you to contact our client as the Data Controller for this processing.
We won’t charge you for doing any of the following, however we may make a charge in the case of excessive our unfounded requests:
- Awareness: You have the right to be fully informed about why and how we process your information. This privacy notice is intended to meet that requirement, but please do contact us if you have any questions
- Access: You have the right to a copy of the data we hold about you
- Rectification: If you think some of the data we hold is wrong then you have the right to ask us to correct it
- Erasure: You have the right to ask us to delete the data we hold about you. Where we are holding the data to fulfil a contract with your organisation or for a lawful basis other than consent then we will need to retain the data in accordance with the data retention requirements shown below
- Restriction: You have the right to ask us to restrict the processing of personal data whilst we check its accuracy, if you think the processing is unlawful, if you believe we no longer need to process the data but you need us to store it due to pending legal claims, or when you object to our processing based upon our legitimate interests and we are assessing the validity of that.
- Object: Where we are processing your personal data based upon our legitimate interests you have the right to object to that. If your objection is valid (for instance in the case of any direct marketing activity) then we will stop processing your personal data for that purpose.
- Data portability: You can request a copy of your data in a digital format which you can then supply to another provider.
- Automated decisions and profiling: You have the right, in certain circumstances, not to be subject to decisions based on automated processing (including profiling) if it has a significant or legal impact on you. This doesn’t apply if the processing is necessary to fulfil a contract with you, or if you have given us your consent to do so. We do not currently use your personal data for any kind of automated decision making.
How long do we keep your data for?
Where we are relying on your consent or our legitimate interests to process your data then we will keep your personal data until you withdraw your consent for us to use it, or object to the processing in our legitimate interests and we agree with your objection.
Where we are processing your data for the purposes of performing a contract with you or your organisation, or taking the necessary steps to do so, then we will keep the personal data for 3 years after the end of the contract.
We do not currently use any cookies on our website.
Should we decide to deploy any cookies in the future, for instance to collect analytics data, then we will ask for your consent, and we won’t deploy any non-essential cookies without your consent. We will also update this privacy notice to describe the cookies being used.
What happens when I follow links to other sites?
If you follow a link from our site to another site then you should read the privacy notice on the other site prior to providing your data to them.
Where do we process data?
We process data at the address shown above.
Our data processors also process data on our behalf, they are detailed below together with where they process data and the protections in place for international transfers:
- Microsoft – USA (Using Standard Contractual Clauses)
- Our Website – UK
Our contracts with our data processors include the necessary provisions required by GDPR to further protect your rights.
Making a complaint
Please contact us at the above address. You can also contact the Information Commissioner’s Office (ICO) on their helpline 0303 123 1113 or online at www.ico.org.uk. If you should contact the ICO they will normally ask you to contact us first.