JEM GDPR Privacy Statement
Updated 17.10.18
JEM GDPR Ltd. (Company No. 11177469) is committed to safeguarding your privacy. At all times we aim to respect any personal data you share with us, or that we receive from other organisations, and keep it safe. This Privacy Statement (“Statement”) sets out our data collection and processing practices and your options regarding the ways in which your personal information is used.
This Statement contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Statement from time to time without notice to you, so please check the date at the top which indicates the last update
The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to make contact with us to discuss your requirements and our services.
1. We collect information about you:
(1) When you give it to us DIRECTLY
You may give us your personal data when you contact us by using our contact form or by phone, email or post.
(2) When you give it to us INDIRECTLY
Your information may be shared with us by others, including users of our services. As of the date of this notice, we do not have any Social Media Presence, so do not collect any information via .that route.
(3) When you give permission to OTHER ORGANISATIONS to share it or it is AVAILABLE PUBLICLY.
We may combine information you provide to us with information available from external publicly available sources. Depending on your privacy settings for social media services, we may also access information from those accounts or services. We use this information to gain a better understanding of you and to improve our communications.
(4) When you visit our WEBSITE
We use cookies to identify you when you visit our website and to enable us to personalise your online experience (for example by remembering your log in details). Please see our full cookie policy for details.
2. What information do we collect?
We may collect, store and use the following kinds of personal data:
(1) We will typically hold your name and contact details, including physical address, telephone number and e-mail address. However, we may request other information where it is appropriate and relevant, for example details of why you have decided to contact us. We do not hold any Finanical data about you.
(2) information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;
(3) information about the pages you visit or any marketing and/or communication preferences you give; and/or
(4) any other information shared with us as per above.
Do we process sensitive personal information?
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In very limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent. As of the date of this notice, we do not collect or hold any sensitive data.
3. How and why will we use your personal data?
Personal data, however provided to us, will be used for the purposes specified in this Statement or in relevant parts of the JEM GDPR website.
We may use your personal information to:
(1) Enable you to use the services we offer – our legal basis is Legitimate Interest;
(2) Send you information about the services or products that we provide (you will have the option to unsubscribe from any communications sent): Legitimate Interest;
(3) Provide you with the services, products or information you have requested – Contractual;
(4) Deal with enquiries and complaints made by or about you relating to the website or JEM GDPR in general; Legitimate Interest
(5) Audit and/or administer our accounts. Legitimate Interest
4. Google Analytics
We may use some of your personal information to analyse our digital performance, for example to see how our website can be improved to help us achieve the purposes set out in section 11 below, to record how you are using our website or to assess the popularity of marketing campaigns.
You can opt-out of the collection of information for such purposes here: http://www.aboutads.info/choices
5. Communications, fundraising and marketing
Where you have provided us with your physical address, we may contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about aspects of our services.
6. Payments
We do not carry out financial transactions via our website.
7. Children’s data
We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 and under and we are holding your personal information, we will delete that information within a reasonable period.
8. Other disclosures
We will disclose your information to regulatory and/or government bodies and/or law enforcement agencies upon request, only when required to do so in order to satisfy legal obligations which are binding upon us.
9. Security of and access to your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure of, or access to your personal information.
Your information is only accessible by appropriately trained staff and contracted associates, for the purposes outlined above.
We may also use suppliers to process data on our behalf. We may also merge or partner with other organisations and in so doing transfer or acquire personal data.
Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We may transfer and/or store personal data collected from you to and/or at a destination outside the European Economic Area (“EEA”). Such personal data may be processed by agencies or suppliers operating outside the EEA. If we transfer or store your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data.
As of the date of this notice, we do NOT share personal data outside of the EEA.
Otherwise than as set out in this Privacy Statement, we will only ever share your data with your informed consent.
10. Your rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:
(1) Right to be informed – you have the right to be told how your personal information will be used. This Statement and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.
(3) Right of erasure – under certain circumstances you can ask us for your personal information to be deleted from our records.
(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(6) Right to data portability – where we are processing your personal information
(i) with your consent,
(ii) because such processing is necessary for the performance of a contract (or enabling us to take steps- at your request- prior to entering into a contact)
AND that processing is taking place by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal information in question using the contact details below. Where we consider that the information provided does not enable us to identify the personal information in question, we may ask for personal identification and/or further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details below.
11. Lawful processing
We are required to have one or more lawful grounds to process your personal information. Only 4 of these are relevant to us:
- Personal information is processed on the basis of a person’s consent
- Personal information is processed on the basis of a contractual relationship
- Personal information is processed on the basis of legal obligations
- Personal information is processed on the basis of legitimate interests
(1) Consent
We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing emails, for targeted advertising and profiling, and if you ever share sensitive personal information with us.
Note: under the Privacy and Electronic Communications Regulations (PECR), if you have engaged with us previously (ie purchased services, or expressed interest in purchasing services) then we may send you relevant marketing information, unless you opted out of receiving it. All communication will contain an opt-out option. This regulation is not superceded by GDPR but works in tandem with it. For more information, please see https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/
(2) Contractual relationships
Sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, should you join our staff, then there will be contractual obligations to provide personal information such as bank account details.
(3) Legal obligations
Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.
(4) Legitimate interests
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).
Achieving our purposes – our Legitimate Interest
The main purpose of JEM GDPR is to operate a commercial enterprise, selling support services and consultancy regarding business operations. We will process your personal data in respect of:
Governance
- Internal and external audit for financial or regulatory compliance purposes
- Statutory reporting
Marketing
- Analysis, targeting and segmentation to develop and promote our marketing strategy and improve communication efficiency
- Personalisation used to tailor and enhance your experience of our communications
Operational Management
- Employee recording and monitoring for recruitment, safety, performance management or workforce planning purposes
- Provision and administration of staff benefits such as pensions
- Processing for historical, scientific or statistical purpose
Purely administrative purposes
- Responding to enquiries
- Delivery of requested products, services or information
- Communications designed to administer existing services including administration of financial transactions
- Acknowledgement, thank you communications and receipts
- Maintaining a database of clients and enquirers .
Financial Management and control
- Processing financial transactions and maintaining financial controls
- Prevention of fraud, misuse of services, or money laundering
- Enforcement of legal claims
- Reporting criminal acts and compliance with law enforcement agencies
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
12. Data retention
In general, unless still required in connection with the purpose(s) for which it was collected and processed, we remove your personal information from our records two years after the date it was collected. However, if before that date
- your personal information is no longer required in connection with such purpose(s),
- we are no longer lawfully entitled to process it or
- you validly exercise your right of erasure,
we will remove it from our records as soon as is practicable.
Should you ask us to stop sending you direct marketing or other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
13. Statement amendments
We keep this Privacy Statement under regular review and reserve the right to update from time-to-time by posting an updated version on our website, not least because of changes in applicable law. We recommend that you check this Privacy Statement occasionally to ensure you remain happy with it. We may also notify you of changes to our Privacy Statement by email.
14. Third party websites
We link our website directly to other sites. This Privacy Statement does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy statements of any external websites you visit via links on our website.
15. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at: enquiries@jem-gdpr.co.uk
16. Contact
We have a Data Protection Manager so please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed: either by emailing the Data Protection Manager at: enquiries@jem-gdpr.co.uk or by writing to us at the following address:
The Data Protection Manager
JEM GDPR
Sun House,
24 Castle Hill,
Maidenhead,
SL6 4JJ
17 Complaints.
If you feel that after contacting us, JEM-GDPR is not acting appropriately with respect to your data privacy, you have the right to contact the governing body. In the UK this is the ICO, the Information Commissioner’s Office. Their web pages for handling issues are at:
https://ico.org.uk/make-a-complaint/
Or by post, telephone or email: