This privacy notice sets out how we, Data Protection 4 Business Limited, a company registered in England and Wales, number 10982621, uses and protects any personal information we collect or generate in relation to you whilst using this site.
As a passionate professional Privacy organisation, we have reviewed and updated our policies, processes and procedures to comply with the General Data Protection Regulation (EU) 2016 / 679 (“GDPR”) and UK Data Protection Act 2018.
What we collect and the purpose of processing
We act as Data Controller for these types of personal data we collect when your use our website:
- Contact Data – when you use our ‘contact us’ form
- Email address
- Company name
- Session cookies – which do not store Personally Identifiable information (see ‘Cookies Section’ below)
We act as Data Controller for these types of personal data we collect when you become a valued client:
- Additional Contact data
- Email address
- Phone number
Legal basis for processing data
When you use our ‘Contact us’ form, you are agreeing to us using your data in order to contact you for the reason specified on the form.
By using our site, without disabling session cookies (using your browser settings) you are agreeing to us using session cookies to gather information.
Performance of Contract
When you become a client, we require certain personal information in order to provide services to you under our contractual agreement.
What we do with the information we gather
Is used to respond to your queries, requests or questions and to deliver services to you.
This data is stored for as long as you may be a client with us and for 18 months thereafter unless we are required to keep the data for legal or regulatory purposes.
We use the information to understand which pages were accessed and how regularly in order to provide you with a better online browsing service. The cookie information we collect is aggregated and anonymised for our internal use and not passed onto any third parties. We only use that information to inform any changes to the website.
This data is used to perform contracted services to you. This data is stored for as long as you may be a client with us and for seven years thereafter for legal reasons.
When you become a supplier, you provide us with your contact and payment details for the performance of our contract together. This data is stored for as long as you may be a supplier with us and for seven years thereafter for legal reasons.
We use Google analytics in a very limited way. The session cookie data that is collected is used to collect information about how visitors use our site.
The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. This information is stored for 26 months.
Controlling your personal information
You can choose to delete and block cookies and opt out of being tracked by Google Analytics. More information on this is shown in the Cookies Section below.
Links to other websites
Our site contains links to other social media sites we use, such as Twitter and LinkedIn. We also have links to client and partners websites.
As you probably realise, once you use these links we do not have any control over that external site, so we cannot be responsible for the protection and privacy of any information you provide whilst visiting those sites.
Please do exercise caution and look at the privacy statement applicable to external sites.
Source of your data and recipients of your data
- Your Contact data is provided by you when you complete the ‘Contact Us’ form on our site.
- The cookie data comes from your use of our site.
- Client Data is provided by you when you become a client.
We do not allow adverts on our website, hence we do not allow any advertising companies to apply tracking pixels or any cookie type tracking devices.
Automated decision making
No automated decisions are made using any personal information collected using this site.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Data Transfers outside the EEA
We do not send any Personally Identifiable data outside the EEA.
Data Processor agreements
The only third parties who process any data from our website are:
- Our web hosting company – Big Fish Internet
- Our Online training platform – eLamb (click here for more info)
- Our email platform – Microsoft Corporation
We have ensured they have committed to implementing appropriate technical and organisational measures in place to meet their obligations under the Data Protection regulations.
You are entitled to ask about the data that is held about you, subject to certain exceptions. This is called a Subject Access Request (SAR). These should be made by email or in writing to our Data Protection Manager at the following addresses:
Address: Data Protection Officer, 3 Vicarage Drive, London, SW14 8RX
We will acknowledge receipt within 24 hours and attempt to respond within 5 days. We are confident about our target because we practise the minimisation principle and only capture the bare minimum of data on our clients.
In addition, the Data Protection regulation provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If you would like to exercise any of your rights, please email our Data Protection Officer on firstname.lastname@example.org.
We will make every attempt to ensure you are satisfied with our handling of your data queries or requests. However, you have the right to complain to the Information Commissioners Office (ICO) if you are not satisfied with our handling of your requests about the protection of your data. Follow the link below to report a concern to the ICO.
Online Training Platform
Our online training platform provider uses browser cookies in order to send the user to the correct backend server and to keep the sessions linked.
No cookies contain users’ personal data. They are never used for the purpose of advertising and/or marketing related user-profiling nor do any cookie-generated data ever serve the purpose of providing any user-related information to third parties.
Further information about Cookies
These cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
First and third-party cookies – not used by us
Whether a cookie is ‘first’ or ‘third’ party refers to the domain placing the cookie. First-party cookies are those set by a website that is being visited by the user at the time (e.g. cookies placed by www.floreatgroup.com). Third-party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a site and another entity sets a cookie through that website, this would be a third-party cookie.
Persistent cookies – not used by us
These cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
How to delete and block our cookies
You can choose to accept or decline cookies. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. We do not expect this to affect your use of the site due to the limited type of cookies that we use.
How to opt out of Google Analytics
To opt out of being tracked by Google Analytics across all sites visit http://tools.google.com/dlpage/gaoptout.
How to opt out of sending Personal Identifiable Information to Google
To ensure you are not sending PII to Google, following this link:
Last updated: August 2018