What is your personal data and how does the law regulate our use of it?
“Personal data” is information relating to you as a living, identifiable individual. We refer to this as “your data”.
Data protection law requires Bridge House as data controller for your data:
- To process your data in a lawful, fair and transparent way;
- To only collect your data for explicit and legitimate purposes;
- To only collect data that is relevant, and limited to the purpose(s) we have told you about;
- To ensure that your data is accurate and up to date;
- To ensure that your data is only kept as long as necessary for the purpose(s) we have told you about;
- To ensure that appropriate security measures are used to protect your data.
Bridge House Contact Details
If you need to contact us about your data, please contact:
Data Protection Officer
Telephone: (+44 or 0) 1865 858540
What personal data we hold about you and how we use it
Whenever you use a website, mobile application or other Internet service, certain information is created and recorded automatically.
In addition to the data we gather via web forms placed on our site (the handling of which will be governed by the relevant data protection notice covering the circumstances and context), we collect and generate a variety of data via our website(s).
Categories of data that we collect, store and use include (but are not limited to):
- Log data: Whenever you use our website, our servers automatically record information (“log data”) regarding that access, including:
- Any data sent by your browser or mobile app to enable you to access the site.
- Location data of users (if provided by the connecting device).
- Internet Protocol (IP) address of the connecting device or other unique device identifiers.
- Browser type and setting for the connecting device.
- The date and time of access.
- Details of any attempts to log on to closed systems.
- Crash data.
- Cookie data: We may use “cookies” (small text files sent by your computer each time you visit our website, unique to your visit or your browser) or similar technologies to record additional information.
Most data collected is statistical data about our users' browsing actions and patterns, and does not identify any individual. However, there may be occasions where browsing patterns are connected to IP addresses or location data such that the data as a whole is personal data.
Whether we collect some of the above information often depends on your device type and settings. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider
Other sources of your data
Apart from the data that you provide to us, we may also receive data about you from other sources:
We may get information about you and your activity outside EJ Palmer Consulting from other third parties we work with. For example:
- Google Analytics shares information with the websites or apps where it runs to provide statistics. We also receive this information, which may include information such as whether clicks on other sites led to visits to our site. For more information about Google Analytics see http://www.google.com/analytics/.
The lawful basis on which we process your data
The law requires that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).
Data that you provide to us and the possible consequences of you not providing it
The data that we collect via our website in the course of your accessing it, is provided by you on a voluntary basis. If you elect to adjust your browser settings to reject cookies, it may affect your experience in using the site, in the event that any blocked cookies support functionality.
How we share your data
We do not, and will not, sell your data to third parties. We will only share it with third parties if we are allowed or required to do so by law.
Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to:
|UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.||We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms. [in cases where the law places a duty on us to report]|
Examples of bodies to whom we may voluntarily disclose data, in appropriate circumstances, include but are not limited to:
|Related parties||Data from cookies may be shared in pursuit of our legitimate interest in maintaining the proper function and security of our website, or where the other party has a legitimate interest is receiving the data for similar purposes. Data may also be shared in an anonymized and/or statistical format.|
|Legal advisers and auditors||To support our legal and financial obligations and objectives.|
|Third party service providers||To facilitate activities of EJ Palmer Consulting. Any transfer will be subject to an appropriate, formal agreement between EJ Palmer Consulting and the processor.|
|UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.||We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms.|
Where website information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies, and are only permitted to process your personal data for specific purposes in accordance with our instructions. We do not allow our third party providers to use your personal data for their own purposes.
Sharing your data outside the European Union
The law provides various further safeguards where data is transferred outside of the EU.
When you are resident outside the EU in a country where there is no “adequacy decision” by the European Commission, and an alternative safeguard is not available, we may still transfer data to you which is necessary for performance of your contract with us .
We will not transfer your data outside the European Union without first notifying you of our intentions and of the safeguards that apply to your data.
We do not envisage that any decisions will be taken about you based solely on automated means. We will update this notice if this position changes.
How long we keep your data
We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, regulatory, disciplinary or reporting requirements.
Please note that we may keep anonymized statistical data indefinitely, but you cannot be identified from such data.
We adopt data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Your legal rights over your data
Subject to certain conditions and exception set out in UK data protection law, you have:
- The right to request access to a copy of your data, as well as to be informed of various information about how your data is being used;
- The right to have any inaccuracies in your data corrected, which may include the right to have any incomplete data completed;
- The right to have your personal data erased in certain circumstances;
- The right to have the processing of your data suspended, for example if you want us to establish the accuracy of the data we are processing.
- The right to receive a copy of data you have provided to us, and have that transmitted to another data controller
- The right to object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
- The right to object to the processing of your information if we are relying on a “legitimate interest” for the processing or where the processing is necessary for the performance of a task carried out in the public interest.
- The right to object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
Where the lawful basis for processing your data is consent, you have the right to withdraw your consent at any time. This will not affect the validity of any lawful processing of your data up until the time when you withdrew your consent. You may withdraw your consent by contacting EJ Palmer Consulting Data Protection Officer.
If you wish to exercise any of your rights in relation to your data as processed by EJ Palmer Consulting please contact our Data Protection Officer. Some of your rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
Further guidance on your rights is available from the Information Commissioner’s Office (https://.ico.org.uk/). You have the right to complain to the UK’s supervisory office for data protection, the Information Commissioner’s Office at https://ico.org.uk/concerns/ if you believe that your data has been processed unlawfully.
Future changes to this privacy notice
We may need to update this notice from time to time, for example if the law or regulatory requirements change, if technology changes or to make EJ Palmer Consulting’s operations and procedures more efficient. If the change is material, we will give notice of the change so that you can exercise your rights, if appropriate, before the change comes into effect.