From 25th May 2018, the processing of personal data will be governed by the General Data Protection Regulation (the “GDPR”), which has changed the previous laws applicable to the protection of data.
1. What is personal data?
Personal data is data that relates to a living individual which identifies that individual, either directly or indirectly (e.g. name, address, date of birth, email address, telephone numbers, photographs etc).
2. Who is the ‘controller’ of personal data?
Spotty Dog Strategy Ltd. is the controller of your personal data which means we are responsible for how it is processed and for what purposes.
Spotty Dog Strategy Ltd., Company registration number: 09426397; registered office: Poplar House, 92 Tilehurst Road, Reading, RG30 2LU.
For details of our legal obligations, click here.
3. How do we collect your personal data?
We use different methods to collect data from and about you including when you give us your data by filling in forms (either in hard copy or via our website) or by corresponding with us for example by email, phone or post.
4. What will we use your personal data for?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstance where we need to perform the contract we are about to enter into or have entered into with you; or where it is necessary for our legitimate interests.
These are the legal bases for us processing your personal data under the GDPR without us needing to obtain your consent.
Our ‘legitimate interests’ are as part of running our business and would not materially impact your rights, freedoms or interests, these include the following:
Processing and delivering your projects including managing payments, fees and charges and collecting and recovering money owed to us;
Management of our employees;
Maintenance of our own accounts and records (including for audit and tax purposes);
Asking you to give a review or take a survey so that we can study how customers use our products/services;
Using data analytics to improve our website, products/services, marketing, customer relationships and experience;
Administering and protecting our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
We may also use your personal data where you have given your express consent (for example, by actively consenting to receive information from us about future events or offers).
We will get your express opt-in consent before we share your personal data with any company outside Spotty Dog Strategy Ltd for marketing purposes.
5. How will we treat your personal data?
Except where permitted by law (for example where we are legally compelled to do so), we will treat all your personal data as private and confidential and will not disclose or share any of your personal data to or with anyone except as set out in this section or with your consent.
We will not disclose any personal data about you to anyone other than those involved in specific project work and then only on a ‘need to know’ basis
We will ensure that all our staff who have access to personal data are trained in data protection and will only process personal data in accordance with their duties as part of their role within our organisation.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Any personal data supplied in paper form will be kept in a securely locked cabinet in our office to which only those involved in the administration for and management of our business will have access.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not transfer your personal data outside the European Economic Area (EEA) without your consent.
6. How long do we keep your personal data?
Where you have given consent for example, for us to use your email address so you can receive information from us about future events or offers, we will endeavour to refresh your consent at appropriate intervals.
Otherwise, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting or reporting requirements.
7. New purposes
8. Changes to your personal data
It is important that the personal data we hold about you is accurate and current. Please tell us if any of your personal data changes so that it can be amended
10. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- to request access to your personal data;
- to request correction of your personal data;
- to request deletion of your personal data;
- to request transfer of your personal data;
- to request restriction of processing your personal data;
- to object to processing of your personal data;
- a right to withdraw your consent;
- a right to lodge a complaint with the Information Commissioner’s Office.
Please click here to find out more about these rights.
11. Rights to access your personal data
You can ask for one copy of the personal data we hold about you free of charge. (If you ask for more than one copy, we are entitled to charge a fee based on the administrative cost of providing the information.)
If you wish to exercise this right, you should make the request in writing by sending us an email or a letter – see the Contact details below.
We will provide the information requested without delay and at least within 1 month of receipt of your request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
12. Contact details
To exercise a legal right, raise a query or make a complaint, you can contact the Information Commissioner’s office by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
Although you have the right to make a complaint at any time to the Information Commissioner’s Office, we would appreciate the chance to deal with your concerns before you approach them, so please contact us in the first instance.
13. Third-party links
This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements.
When you leave our website, we encourage you to read the privacy notice of every website you visit.
14. Your legal rights
You have the following rights with respect to your personal data:
- the right to access or request a copy of your personal data which we hold about you (also known as a Subject Access Request);
- the right to request that we correct any personal data if it is found to be inaccurate or out of date;
- the right to request your personal data is deleted where it is no longer necessary for us to retain such data;
- the right to request that we provide you or a third party with your personal data;
- the right, for example where there is a dispute in relation to the accuracy or use of your personal data, to request a restriction is placed on any further processing of your personal data by us;
- the right to object to the processing of your personal data, where we are relying on the ground of a legitimate interest where you feel processing on this ground impacts on your fundamental rights and freedoms;
- the right to withdraw your consent to the processing of your personal data at any time;
- the right to lodge a complaint about how we have handled your personal data with the Information Commissioner’s Office, the UK supervisory authority for data protection issues (see ico.org.uk).
For further details on exercising these rights, see the Contact details above.
15. What are our legal obligations?
We will comply with our obligations under the GDPR including processing personal data fairly and lawfully; by obtaining it for a specified and lawful purpose; by keeping it up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.