Privacy policy and GDPR statement – May 2020

It is the intention of Quality NI to always comply with the requirements of the General Data Protection Regulation (GDPR), and respect client, colleagues and all other stakeholders’ information during the course of our business in relation to privacy and data processing, by ensuring that we comply with this policy

Introduction

We encourage you to read this policy carefully and contact us with any questions or concerns about our privacy practices.

Who we are

We are a management consultancy and training provider. We take the control of information seriously and as such we have appointed a data protection officer who is responsible for ensuring this policy and applicable regulations are complied with and acts as the data protection officer – our data protection officer can be contacted through our usual contact means as detailed on our contact page of our website www.qualityni.com

What information we collect

We only collect personal information that relates to a person’s name, job title, organisation they work for or represent, postal address, email address and contact telephone number, which has been provided to us by them or their colleagues, or that we have collated when researching potential new business clients. We only collect business related information and do not collect personal private information on individuals.

We consider personal private data to include anything to do with the person’s life outside of their business life such as their home address, and do not collect such information. We consider sensitive information any information relating to financial transactions, personal private data or confidential information related to an organisation such as intellectual property when considered sensitive and secret, and do not collect this information by any means.

How we collect information

Enquires: we collect name, organisation name, email address and phone number when submitted via our contact website contact form or newsletter sign up form or when telephone enquires are received by us and these details left with us to contact the person.

Market research: we collect name, job role, organisation name and postal address, email address and phone number when conducting market research for potential clients on media such as websites, news articles, and business social media such as Linkedin, twitter and facebook, as well as business directors such as Yell or Thomsons.

Third parties: we do not collect data via third parties such as database companies; occasionally we might receive recommendations and details from mutual third parties such as business acquaintances and associates and add this to our potential clients’ information.

We do not process sensitive personal data or financial information. If payments are processed we do not retain any personal or banking details whatsoever as policy and card payments are only processed by the data protection officer who executes any transactions immediately and no account or debit/credit card records are retained, other than the name of the person authorisation payment, amount and date transacted.  Also when we might use an online payment applications whereby clients enter payment details directly, we do not have access or collect any related sensitive personal or financial data from these transactions.

How we use personal information

We use personal information related to a person’s role in an organisation in relation to the following activities in the day to day running of our business:

• personalisation of content, business information or user experience when sending marketing emails, newsletter or marketing literature and communications by post
• account set up and administration when providing training, consulting, or coaching and mentoring
• delivering marketing and events communication
• carrying out polls and surveys
• internal research and development purposes
• providing goods and services – training, consulting, or coaching and mentoring
• legal obligations such as performing checks and verifications for the prevention of fraud
• meeting internal audit requirements

The legal basis we have for processing your personal data

The relevant processing conditions contained within the GDPR that we consider applicable legal grounds for processing date are:
• consent – a person may contact us to engage in our products and services (and may subsequently withdraw that consent by advising us accordingly)
• contract – persons engaging in contracts with us for our products and services
• legitimate interests – including where we collect information and use it to make contact via marketing to increase awareness of our products and services (with the offer to remove their details from our marketing if they wish)
• legal obligation – to ensure we meet all regulatory laws and the person’s details are vital to this

We assume consent to contact a person when their details are in the public domain and or on business social media such as their organisations’ websites and other digital platforms (which is where we normally obtain any such personal information) and we highlight to individuals that we contact that they can withdraw and manage their consent by advising us of their wish to do so by email, our contact page or by phone. The same consent withdrawal process applies to persons that have engaged with us and provided us with their details

When we share personal data

We treat personal data confidentially and never share it with any third parties for their use in marketing or similar purposes. We will only share person information when legally obliged to do so by government agencies to comply with legal regulations.

When necessary to provide our services or conduct our business operations, we may be required to share limited personal data to make this effective, for example providing name and organisation for safety reasons at a training course venue. We will advise individuals when this sharing is required to occur, and we will ensure that any data shared is subject to safeguards by ensuring that third parties have suitable GPDR and privacy policies in place.

Where we store and process personal data

Data is only stored and processed in Northern Ireland in accordance with applicable NI law.  We do not intend to transfer data outside the UK or European Economic Area and will ensure this remains the case.

How we secure personal data

Our approach to data security and the technologies and procedures we use to protect personal information include:
• Use of secure electronic storage media that is always kept in a secure location to protect data against accidental loss – hard paper copies of details are not kept.
• Secure electronic password protected databases and spreadsheets to prevent unauthorised access, use, destruction, or disclosure, and to restrict access to personal information
• Secure electronic backup media to ensure business continuity and disaster recovery
• Auditing our policy and conduct privacy impact assessments in accordance with the law and our business policies
• Training staff and contractors on data security if they required be involved in processing or using personal data
• Managing third party risks through use of contracts and security reviews when applicable

How long we keep your personal data for

All personal records are retained for eight years following their last use in accordance with legal requirements such as retaining business records for HMRC purposes such as supporting evidence of contracts and customers.

When a person has requested their details to be removed form our mailing and marketing lists and databases, we shall retain only their name and organisation, as a check to ensure that we do not contact them again if their details are collected as a result of market research or any other means – these records shall be kept for 10 years from when the request is received.

Once records are beyond the retention period, or deemed no longer necessary, then they shall be removed by permanently deleting them from the electronic media.

We respect your rights in relation to personal data

In accordance with GDPR we respect the right of data subjects to access and control their personal data. Upon request we provide the following to individuals:
• access to personal information upon request – this will include what data is stored
• request for correction and deletion of personal data in our records
• request to withdrawal of consent when applicable
• restriction of processing and objection
• the right to lodge a complaint with the Information Commissioner’s Office if we have not satisfied their request or failed to meet the GDPR or applicable related protocols

Individuals can request us to provide details of personal information we retain that may relate to themselves, to correct or delete this and or restrict processing etc. as per the list above, by contacting us via our contact on our website.  We shall ensure that we reply to requests with five working days, and endeavour to comply with the request. Please note on occasion we may not be able to delete data such as that which we are required to keep by law.
As part of our data protection policy and to prevent fraud, we reserve the right to apply identity verifications when requests are received before we engage with any individual or organisation on details of the associated information.

Use of automated decision-making and profiling

We do not use profiling or other automated decision-making processes and do not intend to do so.

Use of cookies and other technologies

Our website uses normal website analytical tools such as cookies, tracking and similar technologies to store and manage user preferences on our website, for potential advertising, enabling content or otherwise analyse user and usage data.  When this is in place these can be controlled and managed when a popup appears when you are browsing our site.

Links to other websites / third party content

Occasionally we will have links to external websites and resources from our website that we recommend or have commented on.  We do not take any responsibility for the content or information contained within any linked website or recommended wesbite, and their control of cookies and other technologies.

How to contact us

You can get in touch with us if you have questions or concerns about our privacy practices, your personal information we might have, or if you wish to register a complaint with us.  Our details and ways to contact us are on the main contact page of our website QualityNI.com