OPERANDI CONSULTING LTD PRIVACY POLICY

1. INTRODUCTION

This policy explains how we control, process, handle and protect your personal information through the business and while you browse or use this website https://operandiconsulting.uk/. If you do not agree to the following policy you may wish to cease viewing / using this website, and/or refrain from submitting your personal data to us.

Definitions

  • Operandi consulting ltd (UK) is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

  • You, or the user, refers to the person(s) using this website.

  • PECR means Privacy & Electronic Communications Regulation.

  • ICO means Information Commissioner's Office.

  • Cookies mean small files stored on a user’s computer or device.

Key principles of GDPR

Our privacy policy follows the key principles of [Article 5(1) and Article 5(2)]:

(a) lawfulness, fairness and transparency,

(b) purpose limitation,

(c) data minimisation,

(d) accuracy,

(e) storage limitation,

(f) integrity and confidence, and

(g) accountability.

Contact details

Name: operandi consulting ltd Email: tracy.operandi@gmail.com

Address: 15 Brooke End, Redbourn, St Albans, AL3 7GA, UK

2. THE DATA WE COLLECT, WHY AND HOW WE PROCESS IT

Personal data means any information capable of identifying an individual. It does not include anonymised data.

Legal bases

The law on data protection sets out a number of different reasons for which an organisation may collect and process your personal data, including:

  • Consent: we can collect and process your data with your consent. For example, when you use the online contact form. You are able to remove your consent at any time. You can do this by contacting tracy.operandi@gmail.com

  • Contractual obligation: we need your data to deliver services that have been contracted for.

  • Legitimate interest: we need your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedoms or interests. For example, if you are a potential client interested in contracting for business services, or a contact from a related business.

Data categories

We may process the following categories of personal data about you:

  • Client data: includes data such as your name, title, company name, billing address, email address, phone number, and purchase details relating to any contracting of services.

  • Communications data: includes use of any media, including the contact form on our website, through email, text, social media messaging, social media posting or any other communication to send data to us.

  • User data: includes data about how you use our website together with any data that you provide for publication on our website or through other online services, such as testimonials or reviews.

  • Technical data: includes data from our analytics tracking system about your use of our website and may include your IP address, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website.

  • Marketing data: includes data about your preferences in receiving marketing from us and our third parties and your communication preferences.

  • We may use client, user, technical and marketing data to deliver relevant website content and advertisements to you (including display advertisements) and to measure or understand the effectiveness of the advertising we serve you.

Sensitive data

We do not collect any sensitive data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sexuality, political opinions, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Data use

We use your personal data:

  • to communicate with you

  • to provide services to you

  • to maintain records

  • to tailor website content

  • to administer and protect our business and website

  • to grow our business

  • for the establishment, pursuance or defence of legal claims

Where we are required to collect personal data by law, or under the terms of the contract between us, and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver services to you). If you don’t provide us with the requested data, we may have to cancel a service you have ordered but if we do, we will notify you at the time.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

We do not share your personal data with third parties, without your consent and where required to deliver contracted services. We do not pass it on for third-party marketing.

We do not carry out automated decision making or any type of automated profiling.

3. DATA SECURITY

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions, and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

4. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

For tax purposes the law requires us to keep basic information about our customers for six years after they stop being customers (including contact, identity, financial and transaction data).

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

5. YOUR DATA PROTECTION RIGHTS

Under data protection law, you have the right to:

  • access: ask us for copies of your personal information.

  • correct/update: ask us to amend or update personal information you think is inaccurate or incomplete.

  • erasure: ask us to erase your personal information in certain circumstances.

  • restrict: ask us to restrict the processing of your personal information in certain circumstances.

  • object: to the processing of your personal information in certain circumstances.

  • data portability: ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please contact us at tracy.operandi@gmail.com if you wish to make a request.

6. DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below:

  • Service providers who provide IT and system administration services.

  • Professional advisers including lawyers, bankers, auditors and insurers.

  • Government bodies that require us to report processing activities.

  • Third parties to whom we sell, transfer, partner, or merge parts of our business or our assets.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

7. INTERNATIONAL DATA TRANSFER

We are subject to the provisions of the GDPR that protect your personal data. Where we transfer your data to third parties outside of the European Economic Area (EEA), we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:

  • we may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or

  • if we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or

  • where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

8. THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

9. COOKIES

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our COOKIE POLICY.

10. HOW TO COMPLAIN

If you have any concerns about our use of your personal information, you can make a complaint to us at tracy.operanid@gmail.com.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline number: 0303 123 1113. ICO website: https://www.ico.org.uk

Updated: July 2023