This is our Privacy Notice and this sets out the basics. In some cases you may have an additional documents – contract, agreement, terms – with more details specific to you.
This Privacy Notice applies to Adapt Consulting Company and Tim HJ Rogers
Information which is collected will be the responsibility of the Adapt Consulting Company who will act as data controller in relation to your personal data. If you have any questions in relation to this policy or data protection within please contact the Data Processing Representative (DPR) TimHJRogers@AdaptConsultingCompany.com Mob +44 (0)7797762051
WHAT DATA WE COLLECT
When visiting our website we collect basic contact information about you for the purpose of telling you about Adapt Consulting Company or our services, for example to send a brochure or arrange a visit.
We hold confidential information necessary for us to be able to provide services. This includes for example information for contact, delivery and billing. We provide a full description of that data and our safeguards in our contract with you.
Pretty much the same stuff as above, except we’ll probably be receiving the services and invoices rather than providing them.
If you have special needs, like anonymity, we can do that. We have private encrypted email and data in Switzerland if that’s a service you need
WHERE AND WHEN WE COLLECT YOUR DATA
When visiting our website we collect basic contact information which you submit using our on-line forms. This is used to be able to respond to information request about products or services. One of the tools we use is mailchimp [https://mailchimp.com/]. If you do subscribe to any services you can also unsubscribe. You can do this via an unsubscribe option at the bottom of emails, or contact us TimHJRogers@AdaptConsultingCompany.com Mob +44 (0)7797762051
Some customers connect with us via Social Media, in which case we will follow the “rules” of Social Media, which include giving you the option to unlike, unfollow, unfriend or disconnect (depending on whether you are using LinkedIn, Twitter, Instagram or something else)
Our services include Business Analysis, Projects, Processes, Programmes. In the course of a customer contract we may hold data about people including project participants and stakeholders. You can decide what we should see (or not) as part of our engagement.
For some engagements the Client/Customer may choose to provide us with a laptop, phone, secure-folder, cloud-drive or other combination of tools to ensure that Client/Customer data stays under the control of the Client/Customer with access controlled by the relevant people, policy, procedures and technology.
This is recommended as a robust approach to commercial confidentiality and data-protection.
Generally during the period of the engagement the Client/Customer will be the “controller” and we will be the “processor” for any data that falls into the scope of the project. As such it will fall to the Client/Customer to define their requirements, in the absence of which we will act with appropriate due diligence with regard to commercial confidentiality and data-protection.
Where necessary we can provide a full description of that data and our safeguards in our contract with you.
A cookie is a small text file that a website saves onto your device when you visit the site. It enables our website to remember your actions and preferences over a period of time, so you don’t have to keep re-entering them when you come back to the site or browse from one page to another. It makes your experience with us more seamless.
- Your display preferences, such as colour settings or font size.
- If you have already replied to any pop-ups that appear so that you won’t be asked again;
Any videos embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited.
Enabling these cookies is not strictly necessary for the website to work, but it will provide you with a better browsing experience. You can delete or block these cookies through your browser, but if you do that some features of this site may not work as intended. The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
WHAT PURPOSES USE YOUR PERSONAL DATA FOR
We need to know information about you to be able to provide services (which include Business Analysis, Projects, Processes, Programmes) and only use personal-data where there is a legitimate interest in doing so. In most cases beyond early introductions or information requests we will agree a contract which sets out the terms by which we will work, including data protection.
We rarely do direct marketing. If we ever do decide to do newsletters, mailings or anything like that we will seek your consent. This means you will be invited to opt-in, but you can opt-out. This may be as simple as sending an email, or we might use a subscribe / unsubscribe form.
STATUTORY OR CONTRACTUAL REQUIREMENTS
Unless otherwise specified on contract or agreement, information is only for the purposes of provision of Adapt Consulting Company services. Where we work for the States of Jersey we are bound by their Freedom of Information FOI, and will act in accordance for States of Jersey Contracts.
However we never share data unless there is legislation or regulation or express agreement to do so.
We have no automated decision making or profiling of personal-data.
Data is gathered on the basis of…
The processing is necessary for the purposes of legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed. For example we monitor technology for the purposes of security, which is a legitimate business need. Generally (unless otherwise specified on contract or agreement) the legal basis for processing data is legitimate interests since data is necessary for the purposes of providing information, products and services.
The processing is necessary for – (a) the performance of a contract to which the data subject is a party; or (b) the taking of steps at the request of the data subject with a view to entering into a contract.
Where our processing is based on consent (eg for optional newsletter or sports and social activity), you may withdraw your consent by unsubscribing from the service or emailing us. In the case of Social Media you may unfriend, unlike, unfollow, or otherwise remove the connection.
In summary: we need to know information about you to be able to provide services and only use personal-data where there is a legitimate interest in doing so
HOW LONG WE HOLD DATA
Adapt Consulting Company will retain your personal data for as long as necessary to fulfil the purpose for which it was collected.
As a guide, we keep contractual documents for 10 years, and for most other things we remove 1 year after your last interaction with us. So if we don’t hear from you for a year we remove your data (unless we need to retain it for legal or regulatory reasons)
Adapt Consulting Company uses up-to-date data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss.
We have a Data Protection Policy and Information Security Policy and Training Policy ensuring high standards of governance for your data.
The security measures we have in place include:
- Policies All staff adhere to the Acceptable use policy.
- Training There is a mandatory Data Protection training for all the new staff and annual updates for existing staff.
- Physical Security/Access Permissions There are access controls to all data held which are appropriate to staff requirements. To ensure security in the work place staff have their own access key for perimeter doors to prevent unauthorised access.
- Destruction process All personal data is securely removed after it has reached the retention period. Paper waste is sent to secure disposal in designated confidential waste bins.
- Encrypted email Can be used for email data transfer outside of the network
As noted above, if you prefer us to use your systems and follow your policies and procedures we are happy to do that.
DATA SHARING AND DISCLOSURE
Your information will only be accessed and processed by authorised who are directly involved in the management and administration of your business, or the provision of products or services and have a legitimate need to access your information.
Generally (unless otherwise specified on contract or agreement) no data is shared with any other organisation, except with explicit agreement. Where we work for the States of Jersey we are bound by Freedom of Information FOI, and will act in accordance for States of Jersey Contracts.
However we never share data unless there is legislation or regulation or express agreement to do so.
THIRD COUNTRY TRANSFERS AND SAFEGUARDS
Adapt Consulting Company operate in Jersey. However we do use technology which may transfer data to another jurisdiction, for example use of Microsoft and Cloud-based back-up of data (eg Office 365 and MS-Teams)
Where such transfers do not offer the same level of protection of personal data as may be enjoyed within Jersey or the EU (for example United States) we will ensure that your data is appropriately protected (for example by reference to IT security standards)
GDPR is a key consideration when selecting a service provider and we seek those that demonstrate that they will keep data private, safe and secure by reference to ISO27001, Cyber Essentials or other similar standards. If the use of Microsoft Office, GMail, Hootsuite, Zoom, Otter is a concern for clients we can work on the client site, using client systems, and no data will leave the client site. In such circumstances we will operate under the client data-protection, information security or other relevant standards as an explicit term of the contract.
Under the GDPR, individuals will have the right to obtain:
Confirmation that their data is being processed;
Access to their personal data; and
Other supplementary information (A.15 https://gdpr-info.eu/art-15-gdpr/).
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from the data subject, any available information as to their source;
- The existence of automated decision-making, including profiling, referred to in A.22 https://gdpr-info.eu/art-22-gdpr/ (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
More details can be found here https://ico.org.uk/for- organisations/guide-to-the-general-data-protection-regulation- gdpr/individual-rights/
CONCERNS OR QUERIES
If you have any questions in relation to this policy or data protection within please contact us Data Processing Representative (DPR) is TimHJRogers@gmail.com Mob07797762051
If you would like to make a complaint to the Information Commissioner, or learn more about data protection in Jersey please visit their website at www.dataci.je.
The Commissioner is an independent statutory authority, with a mission to promote respect for the private lives of individuals through ensuring privacy of your personal information. Please bear in mind that the Office of the Information Commissioner (OIC) as referred to in this Policy and on our website is that in the Bailiwick of Jersey and not the United Kingdom.