info@sapphireconsulting.co.uk             London – 020 305 68855         Cornwall – 01726 247047

FAIR PROCESSING NOTICE

FAIR PROCESSING NOTICE FOR WEBSITE USERS, POTENTIAL CLIENT AND CLIENTS

 

 Sapphire Consulting Group collect data about our website users, potential client and clients. This Fair Processing Notice explains what data we process, why we process it, our legal basis, how long we keep it and your rights.

We will always make sure that any personal data is protected and treated securely. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other UK or EU data protection legislation.

Our contact details

Sapphire Consulting Group Ltd

Registration number: 10427754

Registered office: Central Point, Beech Street, London EC2Y 8AD.

 

WHEN YOU USE OUR WEBSITE

 

When you use our website, we will process the following personal data about you:

  • name, email, phone and your enquiry via our ‘Contact Us Form’
  • IP address/ MAC address when you use the website
  • your email when you sign up to our ‘DPO Review’

 

Why do we need it?

We need your name and contact details in order to answer your enquiry and we process this data with your consent.

We need your IP address and MAC address for security reasons.

We will send you the DPO Review when you consent for us to do so. You have the right to unsubscribe to marketing at any time. If you do choose to unsubscribe, we will keep your name and email address on a suppression list so that we don’t email you again by accident.

 

WHEN YOU ARE A CLIENT OR A POTENTIAL CLIENT

 

When you use are a potential client or a client, we will process the following personal data about you:

In order to provide our services, we collect and process your personal data. We process information about you when you begin using our services and we process it on an on-going basis, should you become a client.

We will process the following:

  • name, address, phone number, email;
  • a record of the information that you provide to us;
  • the date on which you started using our services;
  • the date on which you ceased to use our services;
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliments.

 

 Why do we need it?

 Sapphire Consulting Group needs to process personal data about our clients in order to provide an effective and high-quality service and to fulfil our legal obligations. We will process your data to:

  • provide you with the services or information that you have asked for;
  • keep a record of your relationship with us
  • send you correspondence and communicate with you;
  • meet our legal obligations;
  • respond to or fulfil any requests, complaints or queries that you may have; and
  • understand how we can improve our services or information;

 

OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

 By law, we need a legal basis for processing the personal data of a website user or client. We will process your data using the legal basis of consent, contract, legal obligation and legitimate interests.

Contract

Contract is where we either have a contract with you or you wish to enter into a contract with us.  For example, we have a contract for our services.

 

Consent

Consent is given where we ask you for permission to use your information in a specific way and you agree to this.  Where we use your information for a purpose based on consent, you have the right to withdraw consent for this purpose at any time. For example, you consent to receive our DPO Review by email.

Legal obligation

We have a basis to use your personal information where we need to do so to comply with one of our legal obligations.  For example, we need to hold your data for seven years due to HMRC requirements.

Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights). For example, Sapphire Consulting Group has a legitimate interest to keep your personal data on our systems in order to keep it secure, process it and to provide you with a service.

 We only rely on legitimate interests where we have considered any potential impact on you, whether or not our processing is excessive and that our processing does not override your rights.

 

 

We process the following data because we have a contract:

  • name, address, phone number, email;
  • a record of the information that you provide to us;
  • the date on which you started using our services; and
  • the date on which you ceased to use our services.

 

We process the following data because we have a legitimate interest:

  • the IP address and the MAC address when you visit our website enables us to keep our website secure
  • keeping your data in our system in order to keep it secure
  • your email in a suppression list so that we don’t email you again by accident
  • the date on which you started using our services;
  • the date on which you ceased to use our services;
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliments.

 

We will process the following personal data with your consent:

  • your email when you consent to receive our DPO Review
  •  your name, phone, email and message when you submit an enquiry via our ‘Contact Us’ form

 

We process the following personal data due to our legal obligation to store it:

  • store your records for 7 years after you cease to be a client for HMRC requirements

 

 

HOW LONG DO WE HOLD YOUR PERSONAL DATA?

 We hold your data:

  • for enquires – 6 months
  • for marketing – until you withdraw consent or until we see that you are no longer opening the emails. We review our consents every year.
  • for security – 1 year
  • after ceasing to be a client – 7 years

 

WHO DO WE SHARE YOUR INFORMATION WITH?

  • Our software and cloud service providers.

 

DATA TRANSFERS OUT OF THE EU OR EEA

We do not transfer any personal data out of the EU or EEA.

 

YOUR RIGHTS UNDER THE GDPR

 You have rights in respect of our processing of your personal data which are:

  • To access to your personal data and information about our processing of it.  You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    • we no longer need it;
    • if we are processing your personal data by consent and you withdraw that consent;
    • if we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

If you want to exercise any of these rights, please contact us.

If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance.  You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.

 

Sapphire Consulting Group Ltd is a limited company registered in England and Wales.

Registration number: 10427754. Registered office: Central Point, Beech Street, London EC2Y 8AD.

VAT Registration number: 285986235