FAIR PROCESSING NOTICE

This Fair Processing Notice explains what data we process, why we process it, our legal basis, how long we keep it and your rights.

We will always make sure that any personal data is protected and treated securely. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other UK or EU data protection legislation.

Our contact details

Company registration number: 10427754

Registered office: Central Point, Beech Street, London EC2Y 8AD.

Email: info@sapphireconsulting.co.uk

Tel: 01726 247047

How and why do we process your data?

1. When you contact us:

We process your personal data (name, phone number, email and message) when you make an enquiry using our ‘Contact us’ form or if you call or email us.

We keep email enquiry details for 12 months to enable us to contact you. The legal basis that we rely on to process your personal data is consent when you choose to contact us and legitimate interest to hold your data for 12 months for business purposes.

2. Website visitors:

We will collect your IP address when you visit our website. An IP address, or simply an “IP,” is a unique address that identifies a device when it is accessing the internet.  

We use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

We use a cookies tool on our website to gain consent for the optional cookies that we use. Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.

Our purpose is to maintain and monitor the performance of our website. The legal basis that we rely on to process your personal data is either your consent for any optional cookies and legitimate interest to maintain the integrity of our website.

We hold the IP address for 30 days.

3. When you are a client:

In order to provide our services, we collect and process your personal data. We process information about you when you begin using our services and we process it on an on-going basis.

We will process the following:

  • name, address, phone number, email;
  • billing information;
  • a record of the information that you provide to us;
  • the date on which you started using our services; and
  • the date on which you ceased to use our services.

We need to process personal data about our clients in order to provide an effective and high-quality service and to fulfil our legal obligations. 

We will process your data to:

  • provide you with the services or information that you have asked for;
  • keep a record of your relationship with us;
  • send you correspondence and communicate with you;
  • meet our legal obligations;
  • respond to or fulfil any requests, complaints or queries that you may have; and
  • understand how we can improve our services or information.

We will process your data using the legal basis of contract, legal obligation and legitimate interest.

We process the following data because we have a contract:

  • name, address, phone number, email;
  • a record of the information that you provide to us;
  • the date on which you started using our services; and
  • the date on which you ceased to use our services.

We need to hold your data for seven years due to HMRC requirements and this is a legal obligation.


Marketing

We will send helpful information and marketing communications to our current clients using the legal basis of legitimate interest and contract for our DPO clients. 

We will also send marketing information to someone who downloads any of our information papers using the legal basis of legitimate interests. The Privacy and Electronic Communications Regulations permit marketing to someone who has entered into ‘negotiations for sale’ and downloading a ‘gated product’ where you have to fill out your details to receive it falls within the definition. 

We will continue to send you communications either until you opt out or we see that you are no longer opening our emails.

We will always give you the opportunity to opt-out and will hold your email address in a suppression list so that we don’t email you again by accident. This is also a legitimate interest.  We hold emails in our suppression list for 5 years, after which they are deleted. 


Who do we share your information with?

  • Our software and cloud service providers;
  • Advisors and insurers, if necessary; and
  • HMRC, if required.

Data transfers out of the EU or EEA

We do not transfer any personal data out of the EU or EEA.


Your rights under GDPR

 You have rights in respect of our processing of your personal data which are:

  • To access to your personal data and information about our processing of it.  You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    • we no longer need it;
    • if we are processing your personal data by consent and you withdraw that consent;
    • if we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

If you want to exercise any of these rights, please contact us.

If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance.  You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.