PrivacyWord Consulting Ltd
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Financial (for example: account details including account number and sort code, IBAN, employment status, income details, source of funds, credit reference information, tax data)
- Publicly available information or received from other sources (we may collect and use information which is in the public domain, for example to help verify your address or to trace you via trade directories, online forums, websites, Facebook, Twitter, YouTube or other social media. We also collect information you asked us to)
- Online chats and email communications (we monitor and record our conversations on Facebook, Whatsapp and Viber apps. We will have information that you have provided to us when filling in forms, making a claim or when communicating to us whether that is in person, by letter, email, online or otherwise)
- Criminal convictions (on occasion we collect information about any criminal convictions)
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made a complaint or enquiry to us.
- You have made an information request to us.
- You wish to attend, or have attended, an event organised by us.
- You subscribe to our e-newsletter.
- You have applied for a job or secondment with us.
- You are representing your organisation.
We also receive personal information indirectly, from the following sources in the following scenarios:
- We have contacted an organisation about a complaint you have made and it gives us your personal information in its response.
- Your personal information is contained in reports of breaches of data protection law (‚breach reports‘) given to us by organisation.
- A complainant refers to your in their complaing correspondence.
- Whistleblowers include information about you in their reporting to us.
- We have seized personal information as part of an investigation.
- From other public authorities, regulators or law enforcement bodies.
- Where you have made your contact information available on your organisation‘s website and we use this to contact you and your organisation in our role as a regulator.
- An employee of ours gives your contact details as an emergency contact or a referee.
- We undertake personal or corporate credit reference agency checks as part of the process to determine the amount of a penalty to be issued for serious breaches of the Data Protection Act 2018 and the Privace and Electronic Communications Regulations, or in seeking to recover payment of a penalty or Court order. Checks undertaken on individuals will not leave a footprint on the individual‘s credit file. Where we are setting the amount of a penalty we may seek to validate financial information already provided. We may therefore advise individuals directly that credit reference checks will be undertaken, providing it is not considered prejudicial to the Commissioner‘s regulatory functions.
It is is not disproportionate or prejudical, we‘ll contact you to let you know we are processing your personal information.
We do not share or sell your personal information to third parties for marketing purposes. The only time we may disclose your personal data to a third-party is when we are legally requires to do so, or we are required to do so by our regulators.
We will only use your personal data when the law allow us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We may share this information with the parties set out below:
- Law enforcement and regulatory agencies in connection with any investigation to help prevent activity or as otherwise required by law.
- HMRC and other authorities where we are required to do so.
- An alternate appointed by us in the event of incapacity or death.
- Third parties in the event of an actual or proposed sale, transfer, or meger of our business, parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same ways as set out in this privacy notice.
- Others, where you have specifically agreed.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You have given your consent for Word Consulting Ltd to process your personal data for a specific purpose. You are able to remove your consent at any time. You can do this by contacting by email: firstname.lastname@example.org
(b) We have a contractual obligation. The processing is necessary for the performance of a contract that you have with Word Consulting Ltd, including for the purposes of entering a contract with Word Consulting Ltd.
(c) We have a legal obligation. The processing by Word Consulting Ltd is necessary to comply with the law.
(d) We have a vital interest.
(e) We need it to perform a public task. The processing is necessary to enable Word Consulting Ltd to perform a task in the public interest or an official function, and the task or function has a clear basis in law.
(f) We have a legitimate interest. The processing in necessary in your legitimate interests or the legitimate interests of Word Consulting Ltd, unless the need to protect your personal data overrides those legitimate interests.
How we store and how long we hold your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Word Consulting Ltd will retain your personal data in a live environment for as long as necessary to fulfil the purposes for which it was collected (including as required by applicable law or regulation, typically more than 7 years).
We may keep your data for longer to establish, exercise, or defend our legal rights and yours. Where such a need exists, your personal data will be securely archived with restricted access and appropriate safeguards applied to ensure the security and confidentiality of your information.
Word Consulting Ltd is required to keep details of financial transactions for seven years to meet accountancy and HMRC requirements. We will anonymise or delate personal data, if, after a period of seven years, we have not had any contact or communication from you (this will be measured on a rolling seven-year period).
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s helpline: 0303 123 1113