PURPOSE OF THIS NOTICE
This privacy notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
The Openside Group may change this notice from time to time by updating this page. You should check this page regularly to ensure that you are happy with any changes.
This notice is effective from 25th May 2018.
SUMMARY IN PLAIN ENGLISH
As a firm, The Openside Group are committed to being open with you about how we collect and use your data and your rights to control your personal information.
We are committed to ensuring data privacy and security. We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In all of our communications we aim to provide insights, strategies, research, learning reminders and/or points of view that we believe are useful, engaging and relevant to you in your role, and that could add significant value to your organisation. We will never send an email to you that doesn’t meet this strict standard.
However, we understand if you no longer want to hear from us and we never want to send you unwanted communications.
At any time, you have the right to change your preferences regarding how we communicate with you, including opting out of our emails and any other marketing communications that you may receive. We believe we have made this process as simple as possible.
If there are any questions about this privacy notice, please contact us by email: firstname.lastname@example.org or by calling: +44 (0)1829 770 977
The Openside Group Limited are registered in England and Wales and our company number is 9065202. Our registered office is Mercury House, High Street, Tattenhall, Chester, CH3 9PX.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’ when providing professional and advisory services.
As a data controller this means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
We have appointed a Head of Privacy. Our Head of Privacy is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Point of Contact you can do so using the contact details noted below.
HOW WE MAY COLLECT YOUR PERSONAL DATA
We obtain personal data about you, for example, when:
- you or your employer engage us to provide our services and also during the provision of those services
- you are a participant on an Openside professional development programme
- you contact us by email, via our website, telephone, post or social media (for example when you have a query about our services)
- from publicly available resources (for example, from LinkedIn, from your employer’s website or from Companies House).
- you request a proposal from us in respect of the services we provide
- you register or attend one of The Openside Group’s seminars, webinars, or other events
THE KIND OF INFORMATION WE HOLD ABOUT YOU
The information we hold about you may include the following:
- your personal details (such as your name and/or address, email address, job title and employer)
- details of contact we have had with you in relation to the provision, or the proposed provision, of our services
- details of any professional development programmes you have attended or advisory services you have received from us
- our correspondence and communications with you
- information about any complaints and enquiries you make to us
- information from our own research, surveys and marketing activities
- information we receive from other sources, such as publicly available information and our clients.
We do not hold any sensitive personal data as defined under the EU General Data Protection Regulation (GDPR).
HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU
We may process your personal data for purposes necessary for the performance of our contract with you to comply with our legal obligations.
We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Situations in which we will use your personal data
We may use your personal data in order to:
- carry out our obligations arising from any agreements entered into between our clients and us (which will most usually be for the provision of our services)
- carry out our obligations arising from any agreements entered into between our clients and us (which will most usually be for the provision of our services) where you may be a subcontractor, supplier or customer of our client
- provide you with information that we believe could be useful and relevant to you in your role, and that could add significant value to you and your organisation
- provide you with information related to our services and our events that you request from us or which we feel may interest you, provided you have consented to be contacted for such purposes;
- seek your thoughts and opinions on the services we provide, and
- notify you about any changes to our services.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of our business and the services provided
- any statutory or legal obligations
- the purposes for which we originally collected the personal data
- the lawful grounds on which we based our processing
- the types of personal data we have collected
- the amount and categories of your personal data; and
- whether the purpose of the processing could reasonably be fulfilled by other means.
Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We may transfer the personal data we collect about you to countries outside of the EEA in order to perform our contract with you.
Any data transferred outside of the EEA is to a country where there is an adequacy decision by the European Commission and will, therefore, be deemed to provide an adequate level of protection for your personal information for the purpose of the Data Protection Legislation.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so
YOUR RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
- Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully
- Request correction of the personal data that we hold about you
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below)
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis.
- Object where we are processing your personal information for direct marketing purposes
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it
- Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please email our data protection point of contact at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please email our data protection point of contact: firstname.lastname@example.org and we ask you to please include the following information:
- First Name (To allow us to identify you on our database)
- Surname (To allow us to identify you on our database)
- Email Address (To allow us to update our mailing system)
- Please specify the nature of the processing to which you object (i.e. direct marketing, contractual necessity etc)
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
USING OUR WEBSITE – WWW.OPENSIDE.GROUP
What we collect – Cookies
We collect certain information or data about you when you use www.openside.group
There are two kinds of information that we track from our users, non-specific information and specific personal information.
In the first case we track the non-specific information by IP address from which we cannot identify a user or any personal details. This information is used for us to identify popular web pages and amend content based on visitor profile history.
In the second case where a user has filled out a form to submit information including a name, e-mail address and company we may use this information selectively, only within Openside, to send out email communications. Generally communications will not be more than two items every month.
Whenever you contact Openside, we may keep a record of that correspondence.
- your email address and subscription preferences when you sign up to our email alerts, and how you use our emails – for example whether you open them and which links you click on
- information that you provide by filling in forms on our Website. This includes information provided at the time of uploading any material or using any service on our Website.
- your IP address, and details of which version of web browser you used
- information on how you use the site, using cookies and page tagging techniques
This data is used by The Openside Group to:
- improve the site by monitoring how you use it
- gather feedback to improve our services
- respond to any feedback you send us, if you’ve asked us to
- send email alerts to users who request them
Keeping your data secure
Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit.
Links to other websites
www.openside.group contains links to other websites.
This privacy notice only applies to www.openside.group and doesn’t cover other websites that we link to. These websites should have their own terms and conditions and privacy policies.
Following a link to another website
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. We accept no responsibility or liability for such other websites. You should exercise caution when entering personal information online and look at the privacy statement applicable to the website in question.
Following a link to www.openside.group from another website
We use the DotMailer platform, provided by Extravision, for our email marketing alerts.
You can find out more about our email alert system here: https://www.extravision.com
We never want to send unwanted marketing emails. You have the right to unsubscribe at any time from our email alerts.
You can do this by clicking on the unsubscribe link clearly marked on every email or by contacting our Data Protection Point of Contact below.
CHANGES TO THIS NOTICE
Any changes we may make to our privacy notice in the future will be updated on our website at: https://www.openside.group/privacy
This privacy notice was last updated on 25 May 2018.
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please contact our Data Protection Point of Contact:
Call: +44 (0)1829 770 977
Write: The Openside Group, Mercury House, High Street, Tattenhall, Chester, CH3 9PX
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
Website – https://ico.org.uk/concerns