This website is operated by the DPO Concierge Service Limited, a trading name for Key Risk Consulting Limited (company registration number 09453155).
The purpose of this Notice
This Notice describes how we process (collect, use, share, retain and safeguard) your personal data. It also sets out your legal rights governing the processing of your personal data and who to contact if wishing to discuss the use of your personal data.
What is Personal Data?
Personal data is information relating to an identified or identifiable natural person. Examples may include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special category data. This may be information relating to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data and data concerning a person’s health, medical conditions, sex life or sexual orientation.
Personal data may also contain information relating to an individual’s criminal convictions or offences.
Personal Data we collect
In providing you with our services and products we may collect and process personal data. This may be information relating to your name, address, gender, contact details and bank account numbers.
We may also collect special category data relating to your medical health and conditions, where for event planning purposes we may collect personal data relating to building accessibility and dietary requirements.
When will we collect Personal Data?
We collect personal data when individuals register an interest in our services and events, when requesting information on our services, when purchasing and during the administration of our services and when managing client queries.
How do we collect Personal Data?
We capture personal data when communicating via email, the telephone, through our live chat service, through SMS, when physically exchanging contact details and through contact forms.
Why do we need Personal Data?
Personal data is used to administer our business and to promote events and services, to manage requests for information and to provide our services, to help resolve complaints and to cater for dietary and accessibility requirements when attending events. You can opt-out from receiving information on our events and promotions by emailing email@example.com
Personal Data we share
We share (or provide access to) personal data with authorised third parties. This is necessary to administer our business, to facilitate events, to provide you with our services and to market our services and products. Example third parties include:
- Service providers;
- Credit reference agencies; and
- Event organisers.
We also share personal data where required to do so by law.
Our lawful basis for processing Personal Data
By providing our fee paying clients with our services, we rely on ‘performance of a contract’ as our lawful basis for processing personal data. When processing personal data for business administration, financial planning, marketing and event planning purposes, we rely on ‘legitimate interest’ as our lawful basis for processing personal data.
here we process personal data when required to do so by law, we rely on ‘legal obligation’ as our lawful basis for processing personal data. Where we process special category data, we rely on ‘consent’ as forming our lawful basis for processing personal data.
How long do we need to retain your data for?
Personal data may be retained for up to 7 years following the termination of any contractual arrangement. Perspective client data may be retained for up to 3 years from the date of any last communication.
In some circumstances it may be necessary to retain personal data for longer, for example where required to do so by law, or if needing to defend ourselves from legal claims, disputes or other complaints.
Protecting your Personal Data
We will take all appropriate technical, organisational and physical steps to protect the confidentiality, integrity and availability of our data, including when sharing data with authorised third parties.
As set out by the United Kingdom’s Data Protection Act 2018 and the EU’s The General Data Protection Regulation 2016/679, individuals are provided with legal rights governing the processing of their data, these rights are known as Individual Rights. These are:
- The right to be informed on the collection and use of your personal data;
- The right of access to the personal data we hold about you;
- The right to rectification if inaccurate or incomplete;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object to the processing of your data; and
- Rights related to automated decision making including profiling.
If exercising the right of access, we are entitled to charge a reasonable fee to cover administrative costs if we feel that the request is manifestly unfounded, excessive or repetitive.
We also maintain the legal right to reject requests in certain situations, for example where an individual requests the deletion of their data and we need to retain this data to defend ourselves during any legal dispute. Further information on your rights can be obtained from the Information Commissioner’s Office.
Please feel free to contact us if you are unhappy with the processing of your personal data. You also have the right to complain to the Information Commissioner by writing to:
The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Or by telephoning: 0303 123 1113
How to contact us
If you have any questions on the processing of your personal data, please email our data protection officer at firstname.lastname@example.org