Purpose of policy
This policy describes how Organisational Elephant Ltd (We) collect and process your personal data obtained on our website www.organisationalelephant.com (Our Site).
We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of the users of Our Site and will only collect and use personal data in ways that are described here and in a way that is consistent with our obligations under the law.
We may change the terms of this policy from time to time. This version is dated May 2018.
Information about us
Organisational Elephant Ltd is a private limited company incorporated in Scotland (SC585313) and has its registered office at Ballochleam Farm, Glinns Road, Kippen, FK8 3JN. Organisational Elephant Ltd is the legal entity which is the data controller collecting and processing the personal data provided by users of Our Site and Organisational Elephant Ltd may be contacted via email@example.com.
Data Protection Lead
The data we collect
Personal Data is defined by the General Data Protection Regulation ((EU Regulation 2016/679)) (GDPR) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.”
We may collect, use, store and transfer different kinds of Personal Data about you as follows:
Identity Data includes, first name, last name, email address and phone number.
How is your Personal Data collected?
You may give us your Identity Data by filling in a form on Our Site.
How we use your Personal Data:
We will only use your Personal Data where the law allows us to, including in the following circumstances:
- To provide and improve our services.
- To fulfil our legal and regulatory obligations.
- To manage our relationship with you.
- To market our services.
- For the purposes of recruitment.
- For other legitimate business purposes.
Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how processing for the new purpose is compatible with the original purpose, please contact our Data Protection Lead at: firstname.lastname@example.org.
Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
Your legal rights
We assume responsibility for keeping an accurate record of Personal Data once you have submitted the information. Please inform us of any changes to your information.
You are entitled to:
- Request access to your Personal Data.
- Request the correction or erasure of your Personal Data.
- Object to the processing of your Personal Data.
- Request a restriction of processing of your Personal Data.
- Request the transfer of your Personal Data to you or to a third party.
- Withdraw consent at any time, where we are relying on consent to process your Personal Data.
To exercise any of the above rights please contact our Data Protection Lead at: email@example.com.
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Disclosure of your Personal Data
We do not sell, distribute or otherwise make Personal Data commercially available to any party, except as described in this policy or with your prior permission.
We may have to share your Personal Data with:
- Our auditors, insurers or a competent governmental or regulatory body.
- Third party service providers.
Protection of your Personal Data
We take the security of the Personal Data we hold seriously. Policies and procedures are in place to safeguard it from loss, misuse and improper disclosure.
We also have procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
How and where do we store your Personal Data?
We may store or transfer some or all of your Personal Data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your Personal Data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.
For how long will we use your Personal Data?
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory or reporting requirements. To determine the appropriate retention period for Personal Data, we consider:
- the amount, nature, and sensitivity of the data;
- the potential risk of harm from unauthorised use or disclosure of the data;
- the purposes for which we process the data; and
- the applicable legal requirements.
If you have opted out of receiving future publications from us, your contact details will remain on our opt-out list to prevent you from receiving any further publications from us.
How can you access your Personal Data?
If you want to know what Personal Data We have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown below.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use standard cookies used by Google Analytics. They allow us to recognise and count the number of visitors and to see how visitors move around Our Site when they are using it. This helps us to improve the way Our Site works, for example, by ensuring that users find what they are looking for easily.
We use 3rd party providers (Stripe and PayPal) for payment, analytics, and other business services. Stripe and Paypal collect identifying information about the devices that connect to their services. Stripe and PayPal use this information to operate and improve the services they provide to us, including for fraud detection. You can learn more about Stripe and PayPal and read their privacy policies at https://stripe.com/privacy and https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of Our Site.
Third party websites and social media platforms
You may wish to participate in the various social media platforms hosted by us. However, we do not accept any responsibility for any personal information that you share on such platforms that is subsequently used, misused or otherwise appropriated by another user.
If you are concerned about an alleged breach of privacy law or any other regulation by us please contact our Data Protection Lead who will ensure that your complaint is investigated.
You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
How to contact us
To contact us about anything to do with your Personal Data and data protection, including to make a subject access request, please use following contact details: firstname.lastname@example.org.