Djinn Consulting Ltd Data Privacy Notice
The Data Protection Act 2018 which incorporates the GDPR (General Data Protection Regulation) obliges any organisation that stores personal data about natural living persons to ensure that those people understand: what data is being stored about them; why it is being stored and what is done with it.
This privacy notice explains what Djinn’s data processing activities are. It explains what information is stored about you and for what that data is used for.
Djinn only collects and store data for which we have a legitimate and proportional use.
We will undertake to store personal data securely in accordance with UK Law and EU data security principles.
Data controller and data processors
Djinn Consulting Ltd is the data controller of data pertaining to: customers, suppliers, subscribers to our newsletters and staff (hereafter “you”, “your”). Djinn Consulting Ltd (hereafter “we”, “our”) may make use of third-party service providers (processors) such as online databases, online forums, email management services, course delivery services, print and mailing houses and online backup/storage facilities.
Using these processors may require the transfer your personal information outside of the UK or EU. We are required to ensure that when we need to do this, we comply fully with all aspects of the GDPR to ensure your data is suitably protected.
Information Commissioners Office
We recognise the Information Commissioner’s Office (ICO) in the UK as our nominated lead authority. Djinn is registered with the ICO as a data controller reg No: ZA446780
Our legal bases for processing your data are:
Fulfilment of contract
By agreeing to use our consultancy services, you have entered into a contract with us. We may store relevant data prior to this in the process of negotiating a contract.
As a UK Limited company, we are bound by law to hold suitable records of financial transactions and make these available to relevant authorities on request.
You will be asked to consent to us storing your data for marketing purposes. You will be informed of the data we store and the purpose for which it is used at the time. You may withdraw this consent at any time. If we wish to use this data for another reason, we will contact you to explain this change and ask you to renew this consent. We will contact you periodically to renew this consent.
We may share your details with 3rd parties should we need to recover monies or goods etc., or to defend any legal action.
You have the following rights:
- The right to be informed (this is the purpose of this document along with any consent you give).
- The right of access (you may request a copy of your data. We will deliver this within one month unless your request is very complex. We will inform you if this is the case).
- The right to rectification (you may ask us to correct your data at any time).
- The right to erasure (where consent is the legal basis of processing).
- The right to restrict processing (you may ask us not to process your data but not erase it).
- The right to data portability (you may ask us for a copy of the data in an appropriate format).
- The right to object (where data is being processed for marketing or legitimate interests).
- Rights in relation to automated decision making and profiling. (We do not engage in this).
We will erase your data in a timely fashion, subject to UK legislation and guidance from UK government agencies in respect of company record retention.
Why we need your data
We use data collected to: deliver: consultancy, Interim management, training courses, place orders, collect monies due and maintain contact electronically and via printed publications.
We may, on occasion, process and produce anonymised data for the purposes of statistical analysis for our own uses or to make public.
Sources of data
Most of the data we collect will be given by you, but we may also record data such as event attendances.
Who we share data with
Business partners. If you wish to use one of our recommended suppliers, we may share your contact details with them for the purposes of negotiation. We will tell before we do this.
We not disclose, sell or rent your personal data to third parties for marketing purposes whatsoever
Microsoft: We use MS-Office 365 for data storage and backup. Our data is stored in UK and EU datacenters.
ConsentEye Ltd: We use ConsentEye to manage consent given by you to be on our marketing list. ConsentEye stores our data in the UK and EU
Mailjet email marketing platform – We use this platform to manage our marketing emails to you. We receive performance information based on you opening or forwarding any emails sent via this method. Mailjet stores our data in the UK and EU.
Legal representatives and collections agencies: Sometimes we may share specific and proportional data to pursue our legitimate interests or defend any action.
Your right to complain
If we fail to comply with any of your requests within the prescribed time limits you may complain to the ICO.
We have appointed a data protection officer (DPO) who will be the point of contact for data privacy related enquiries. Our DPO can be reached at DPO@djinn-consulting.co.uk or by writing to us at: Djinn Consulting Ltd, 10 Arundel road, Brighton, BN2 5TD. We may take steps to ensure your identity before responding to you. Normal updates and requests may still be directed to the relevant contacts at Djinn.
V 1.2 Feb 2019