Purpose of this notice
This notice outlines how I collect and use personal data about you, as required by the General Data Protection Regulation (GDPR).
Collecting and using personal data
As an Independent Consultant I work closely with individuals and client organisations to understand their needs and provide a range of services (for example, consultancy, training, facilitation or coaching). Sometimes I partner with other independent professionals and/or organisations in designing, delivering and evaluating these services.
In the course of my work I will collect and use your data for the purposes of my legitimate interests, in ways that you would reasonably expect in the context of our professional relationship. I will not gather or use your personal data for any other purpose unless I have first taken the steps required by the GDPR (such as notifying you, or seeking your consent).
Any personal data will be limited to what is necessary for initiating, carrying out and concluding our work together. For example, I may collect information about you:
- When you contact me for information about the services I provide, or related activities and events
- When we meet to discuss requirements
- As part of the process of engaging my services
- During the provision of services
- If you contact me with a query relating to the services I am providing
- From third parties and/or resources in the public domain
If you are a client, partner, supplier or a member of my professional network, the information I hold about you will normally include your personal contact details (such as your name, address, email address and telephone number). It may also include the following:
- Information about services that have been proposed and/or provided (or products if you are a supplier)
- Our correspondence and communications
- Information provided by you or your employer in the course of establishing and progressing our work together
- Information from research or surveys (which may include publicly available information)
I will share your personal data with third parties where required by law, where it is necessary to administer the relationship between us (for example, when partnering to deliver services) or where I have another legitimate interest in doing so.
If you have explicitly consented for me to do so, I will contact you with information relating to services, activities or events that may be of interest. You have the right to withdraw the consent that has been given in this specific respect (to do so, please use the unsubscribe facility in any marketing email you receive from me). I will not share your data with third parties for marketing purposes.
Data security, storage and retention
I have put in place reasonable and appropriate security measures to prevent data loss and to safeguard your information from unauthorised access, use, alteration or disclosure. Data is stored electronically; any paper notes I may take are subsequently converted into a digital format and the original copy is shredded.
Data at rest encryption has been enabled on the devices that I use. These are further protected by security and anti-virus software and also have lock screens (requiring user authentication) to prevent unauthorised access. I have implemented an additional layer of encryption for client notes.
The electronic systems I use to store and process data are designed using technologies from Microsoft and Google. My accounts with these providers are secured by 2FA (Two Factor Authentication) and provide cloud storage for additional resilience. If you would like to know more about how these organisations keep information safe please visit https://privacy.microsoft.com and https://policies.google.com.
I will retain your personal data for as long as is necessary to meet the purposes for which it is collected and to comply with legal obligations (for example, retention of financial records for tax purposes).
Queries and concerns
Please contact me if you have any queries relating to this notice, or if you would like more detailed information regarding my collection/use of personal data and your rights in this respect.
If you have any concerns or wish to make a subject access request please write to me in the first instance:
You also have the right to make a complaint to the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (https://ico.org.uk/concerns)
Changes to this notice
Any changes to this privacy notice will be updated on www.estherwaite.co.uk.
This notice was last reviewed on 06/03/20 and last updated on 06/03/20.