PRIVACY POLICY
Introduction
This privacy policy sets out how The James Truscott Consultancy Limited (JTC) collect, retain, use and protect any information that you give or provide to us. We are aware that many contacts are made by both ‘conventional’ methods such as telephone, letters and financial transfers, in addition to digital means which include but are not exclusive to ‘email’, website browsing and search engine enquiries. Therefore this Privacy Policy relates to all methods of communication, how contact and identity information is identified, collected, stored, used and protected. For the purposes of the General Data Protection Regulations we confirm that the company and employer who is also proprietor and operator of the website at www.thejamestruscottconsultancy.com (the ‘Website’) is -"The James Truscott Consultancy Ltd" (SC589758) a company registered at 505 Great Western Road, Glasgow, Scotland, G12 8HN (‘we’, ‘us’, ‘our’ or ‘JTC’). JTC can be contacted via email, telephone, mail or the contact section on the Website. JTC respect the privacy of each person or user contacting us via email or accessing the Website (‘you’, ‘your’) and is committed to protecting your privacy. JTC has structured the Website so that, in general, you can visit and browse the Website without identifying yourself or revealing any personal information. JTC ensure that any personal information provided by you to us will be processed in accordance with the principles of the General Data Protection Regulation (GDPR) and the JTC Privacy Policy set out below. This policy is effective from 25 May 2018.
Data Protection Policy
This Data Protection Policy explains how we, at JTC, deal with personal data under the General Data Protection Regulations, whether we are in the process of dealing with an enquiry, working together on a project, continuing our ongoing customer relationship, receiving a service, requesting feedback, or dealing with visitors to our website. It describes how we collect, use and process personal data, and how, in doing so, we comply with our legal obligations. Privacy is important to us, and we are committed to protecting and safeguarding people’s data privacy rights. This Policy applies to the personal data of Employees, Existing and Potential Clients, Consultants, Contractors, Suppliers and any Potential Employees.
What kind of personal data do we collect?
Client Data
To provide the high-quality services we aspire to, we require to process certain information. JTC will only ask for details that will assist us in the delivery of our service, such as; name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and a work address details. If a private client, then we may also ask for a home address.
Consultant/Contractors/Supplier Data
We collect a minimum amount of data from our consultants/contractor/suppliers to ensure that we can easily communicate and process transactions. We will collect contact details for the main contact and any associate contacts within the business that we feel will assist us in processing transactions and delivering projects. Other information such as bank details so that we can pay for the services provided (if this is part of the contractual arrangements between us) will also be obtained.
Employee Data
We collect a minimum amount of data from our employees, to ensure that we can easily communicate and process transactions. We require information such as your name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and your work address details. Other information such as your NI number and bank details may be requested and securely retained so that we can pay you and reimburse you for expenses.
How do we collect personal data?
Client Data
We collect client data directly from our clients.
Consultant/Contractor/Supplier Data
We collect consultant/contractor/supplier data directly from our consultants and suppliers.
Employee Data
We collect client data directly from our employees.
How will we use your personal data?
Client Data
The main reasons for retaining our clients’ personal details are to keep them informed of their project, keep them advised on any potential projects and to keep them informed about our business through marketing and media updates.
Consultant/Contractor/Supplier Data
The main reasons for retaining consultant/contractor/supplier personal data is to ensure that we can fulfil any contractual arrangements between parties, keep them advised on any potential projects and to keep them informed about our business through marketing and media updates.
Website Users
If a potential employee sends us an application form, a CV or contacts us with personal information for employment purposes, we may store that information for 6 months. We do not share that information with any third parties and would only contact the potential employee within that 6 month period should a suitable post arise. Thereafter the information be removed from the system.
Employee Data
The main reasons for retaining your personal details are to pay you and keep you informed about the business.
How do we safeguard personal data?
Protecting personal information is important to us which is why we put in place appropriate measures designed to prevent unauthorised access to, and misuse of, personal data. These processes include but are not limited to; restricted server access, password protected Laptop and Tablet devices, and all antivirus and gateway security settings are regularly updated and monitored.
How long do we keep personal data for?
Data stored and processed in our Electronic Document Management system. If we have not had meaningful contact with the individual for a period of six years, we will remove their personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
How can an individual access, amend or remove personal data that has been given to us?
The individual has the right to access, amend or have their personal data removed by emailing us at info@thejamestruscottconsultancy.com. We will process the changes/removal of the personal information within 10 days.
The individual’s rights also include:
Right to Object
Right to Erase
Right to Restrict Processing
Right to be Informed
Right to Data Probability
Right not to be subject to Automated Decision Making
Our legal basis for processing your data
Legitimate interests Article 6(1)(f) of the GDPR states that we can process personal data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
Client data
We think it reasonable that if the individual has communicated with us in the past or we have had meaningful contact with the individual within the past 5 years that there is legitimate interest that the individual will continue to benefit from our continued communication. We want to provide potential clients with the opportunity to hear about our services and to have the ability to request additional information from ourselves.
Contractor/Contractor/Supplier data
We store and process the personal information of individuals within interested organisations to facilitate the receipt of services from them as one of our consultants/contractors/suppliers. We may also hold financial details, so that we can pay for services provided. We deem all such activities to be necessary within legitimate interests.
Contractual Article 6(1)(b) of the Data Protection Act 2018 (GDPR) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” In this context, a contract does not have to be a formal signed document, or even written down, if there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).
Customer data
Where we have entered into a contractual agreement to deliver products and services with an individual we will process the appropriate and required information to do so. i.e. address details of the business.
Security of Personal Data
Transmission of data and information via the Website or by email is not a secure or encrypted transmission method for sending your personal data, unless otherwise indicated on the Website or otherwise arranged between us. Accordingly, your attention is drawn to the fact that any information and personal data carried over the Internet is not secure. Information and personal data may be intercepted, lost, redirected, corrupted, changed and accessed by other people. We set security standards to prevent any unauthorised access to your personal data once we have received it and wherever possible we will use adequate software and working procedures to ensure the security of your personal data. To prevent unauthorised access, maintain accuracy, and ensure proper use of personal data, we have employed physical, electronic, and managerial processes to safeguard and secure the information we collect online.
Third Party Websites
The JTC website may contain links to third party websites not owned by JTC (‘Third Party Websites’) for your convenience and information. If you use these links, you will leave the Website. When you access a Third Party Website, please understand that we do not control the content of that Third Party Website and are not responsible for the privacy practices of that Third Party Website. We suggest that you carefully review the privacy policies of each Third Party Website that you visit. The JTC Privacy Policy does not cover the information practices of those Third Party Websites linked to our Website. Third Party Websites may send their own cookies to users, collect personal data, or solicit personal information. Third Party Websites may operate very different privacy practices to this Website. Links to Third Party Websites on the Website do not imply that JTC endorse those Third Party Sites or agrees with any of the views or information set out on such Third Party Websites.