Privacy Policy (website)

Introduction

The purpose of this policy is to provide any person (or ‘data subject’) in relation to whom Sue Egan Associates Limited (SEAL) holds personal data, with details of the information that we collect, how we process it and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.

Certain key terms are used in this policy such as ‘personal data’, ‘processing’, ‘data protection law’ and these are defined in the Key Definitions section included at Annex 1.

This policy applies to anyone who uses SEAL’s website.

How we use information

We use the information that we collect via our website to quickly and accurately process requests regarding our products and / or services, and to help improve our site.

The information we collect

When you access our website, we do not collect any personal data unless you use our contact page. We will, through the use of cookies, automatically collect certain anonymised data in relation to your use of the website, such as its IP address and how you interact with the website, including pages visited.

When you contact us via our website, we will ask for your name and email address so we can respond to your message.  We also gather anonymous statistical data to enable us to make general improvements to our website.

Emails about our Products and / or Services

We may occasionally send you emails about our products and / or services that we feel may be of interest to you. You can choose not to receive emails from us at any time by contacting us via this website, or by writing to our office address below. Only SEAL will send you these direct mailings.

Legal Basis for Processing Your Information

We process your personal data to provide you with our services and to assist us in the operation of our business. Under data protection law we are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.

There are various options under data protection law, but the primary bases on which we process your personal data are:

Performance of a contract or agreement with you – we collect and use your information primarily to manage our working relationship with you, for example, to provide services, to arrange payment for the provision of your services or to collect payment for our services, to communicate with you, and otherwise to fulfil any contractual obligations owed to you.

Where required by applicable law – SEAL is required under local laws to maintain records that can include personal information, such as mandatory reporting, tax and accounting requirements.

To fulfil our legitimate business interests – SEAL may also process your personal data to pursue our legitimate business interests, which includes planning for, conducting and monitoring the services delivered by us.

SEAL will only use your information for the purposes for which it was collected, unless we reasonably consider that we need it for another purpose that is compatible with the original purpose.  If we need to use your information for an unrelated but compatible purpose, we will notify you in advance of our use of your information and explain the legal basis for this.  Note that we may process your information without your knowledge or consent where this is required or permitted by applicable law.

Sharing Data

SEAL will share clients’ business contact details with our contractors and associates as required to deliver the services requested by you. We will ensure that any contractors / associates with whom we need to share your business contact details are aware of, and agree to comply with, this policy. We will always notify you in advance of sharing your business contact details with our contractors / associates.

SEAL will also disclose your personal information in response to a valid, legally compliant request by a competent authority or in response to a court order or otherwise in compliance with any applicable law, regulation, legal process or enforceable governmental request or other statutory requirement; to detect, prevent or otherwise address fraud, security or technical issues; or to protect against imminent harm to the rights, property or safety of SEAL, its employees, contractors, associates and / or directors, or the public as required or permitted by law.

SEAL will ensure through contracts and data processing agreements that third parties, including contractors / associates, with whom your personal data is shared apply appropriate security measures to protect your data from loss, misuse, unauthorised access and / or disclosure.

We reserve the right to disclose to third parties aggregate information about usage of our website and any related services, including information gathered during your use of our website.

Transfers outside of the European Economic Area (EEA)

SEAL does not transfer personal data outside the European Economic Area.

Automated processes

SEAL does not carry out automated decision-making processes with personal data.

Retention of personal data

SEAL will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data. For further information about the criteria that we apply to determine retention periods, please see below:

Statutory and regulatory obligations – we have certain statutory obligations to retain personal data for set periods of time.

Business requirements – As we only collect personal data for defined purposes, we assess how long we need to keep personal data to enable us to meet our reasonable business purposes.

SEAL will permanently delete your personal data when the relevant retention period has expired.

Data breaches

All breaches of personal data held by SEAL will be reported to the UK Information Commissioner’s Office within 72 hours, unless the data was anonymised or encrypted.

Breaches of this policy by employees, contractors, associates or officers will be dealt with under the SEAL Grievance and Disciplinary Policy within the SEAL Staff Handbook and may lead to a disciplinary sanction.

Safeguards

SEAL takes the security of your data very seriously and has implemented reasonable security measures, including secure password protected networks and physical security measures to protect your data from loss, misuse and unauthorised access or disclosure. SEAL also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current.

Employees, contractors, associates and directors who handle personal data covered by this policy are aware of this policy and have been given training in how to correctly collect, process, store and delete data.

Your rights

You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data including the right to:

Right to access the data – You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.

Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.

Right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the ‘right to be forgotten’.

Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.

Right to complain – You have the right to lodge a complaint with the Data Protection Authority if you are unhappy with our processing of your personal data.

Right to withdraw your consent – When we process your personal data on the basis of your consent, you are free to withdraw that consent at any time by contacting us using the contact details below. Please note that if you withdraw your consent we may not be able to continue providing you with the service to which the consent related.

To exercise any of these rights, please contact us using the contact details set out below.

Changes to this policy

The provisions of this policy may be altered by SEAL from time to time.  Any alteration or addition will be posted on our website at www.sueegan.co.uk.

Queries and complaints

If you have any queries or complaints in connection with our processing of your personal data, you can get in touch with us using the following contact details:

Post: Sue Egan, Director, Sue Egan Associates Limited, Haresway, Nags Head Lane, Great Missenden, Buckinghamshire, HP16 0HD, UK

Via the Contact page on our website.

Complaints may also be submitted to the UK Information Commissioner’s Office via their website (www.ico.org.uk), or you can contact them by phone on 0303 123 1113.

Your use of this website signifies that you consent to our Privacy Policy as described in this document. We reserve the right to change or update our Privacy Policy at any time.

Annex 1 – Key Definitions:

“Data Protection Law” means the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in Ireland and any successor legislation to the GDPR or the Data Protection Act 2018.

“Consent” of the data subject means any freely given, specific, informed an unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her – such as a written / electronic statement or an oral statement.

“Data Controller” means the legal person or company who determines the purposes and means of the processing of personal data, e.g. SEAL.

“Data Processor” means a person or company who processes personal data on behalf of the data controller, e.g. SEAL’s payroll provider.

“Data Subject” means an identifiable natural person who is the subject of the personal data, e.g. an employee, contractor, associate, director, or client of SEAL;

“Personal Data” means any information relating to an identified or identifiable natural person (data subject).

“Processing” means any operation which is performed on personal data, where automated or not, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction.

“Special Categories of Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data and data concerning health or a person’s sex life or sexual orientation.

Last update June 2018.