Introduction
This Privacy notice outlines what "we", "our" or "the Company" does with the information collected either directly from users who use our services (“Clients”) or data we collect by users accessing our website at www.phinterim.com (" the Site") or whomever otherwise shares personal information with us (collectively: "Users").
We the company are the responsible authority or more correctly the “data controller” within the meaning of the Data Protection Act 2018, (also commonly referred to as the General Data Protection Regulation GDPR) and are located at pH Interim Ltd, The Terrace, Cultural Quarter, Lincoln LN2 1BD Company Registration Number 7947764. We can be contacted by telephone 01522 791473 or email at info@phinterim.com. If you have a question or wish to make contact with us for any reason related to your personal data or any of the rights mentioned below, then please contact either the telephone line above or email dsar@phinterim.com. We have a nominated Data Protection Manager who can be contacted directly at dpm@phinterim.com if you have a complaint or feel your previous requests have not been handled correctly.
Data We Collect and Legal Basis for Collection
Client
When a client engages our services we collect the following personal information:
Name, address, post code, contact phone number and email address. We may collect the company name and address as required for the services if the billing entity is different to the individual. The client data is held in our CRM system for billing purposes and accounting requirements. Our standard retention period is 7 years as demanded by accounting practices and HMRC. Any additional personal data relating to third parties involved in a/the traffic incident are only stored within the case file and not used within our CRM system.
We only use this information for the provision of the services and to contact you from time to time with references to any changes in the services that may be of interest. We do not share or distribute your data to any third parties under any circumstances unless required to do for legal purposes (e.g. pursuit of; or to defend a legal claim, comply with a data release order from law enforcement agency). We do not transfer any data outside the EEA for any purposes.
Website Visitor
When an anonymous visitor visits our web site we collect the following data by using cookies deployed (see below if consent has been provided) onto the machine or device used to support the browsing application:
IP address, browser version, operating system version, date and time and pages browsed plus any errors flagged by the web site. We use this anonymous information purely for improving the functionality of the web site and to ensure our users are able to successfully migrate through the information available; we cannot and do not sell or make use of this information for marketing purposes as it deliberately contains no user specific personal identification information.
If the visitor requires us to make contact with them by providing their contact details in our web based forms then we will use this information for this purpose only, and not use for any other activities such as marketing.
If the user consents to placing the marketing and analytics cookies then we may track web site browsing activity following the visit to our site so that we may provide marketing services if required based on this activity profile. This marketing data and profile analysis uses Google analytics and may be opted out of at any time (by changing cookie options) and the data collected may be subsequently deleted by following the google links provided.
Social Media Cookies; If these applications are used during the web site visit then the data captured by these applications or the data shared by the user using the application is subject to their individual company privacy policies and should be understood as not being sanctioned or controlled by pH interim. The user takes responsibility for any data posted or shared during this activity.
Legal Basis for Data Collected
The Data protection Act 2018 requires us to detail the legal basis under which we collect personal data, and we must make it clear where or if we use the legitimate interest basis.
There are six legal reasons for collecting data we only use the following as detailed in the table below:
Table showing legal basis for data collection
Data Subject Type Legal basis Article 6 (a-f)
Clients Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps to enter into a contract Article (6 b)
Web Site Visitors
(Anonymous) Processing is necessary for the purpose of the legitimate interest pursued by the controller; i.e. the performance and feedback on the use of the company web site Article 6 (f)
(Contact forms) The data subject has given consent to the processing of his or her personal data for one or more specific purposes. Article 6(a)
Marketing Materials The data subject has given specific consent compliant under the new DPA 2018 rules as defined by Article 4 (11) : ”freely given, specific, informed and unambiguous indication of the data subject wishes by clear affirmative action” Article 6(a).
Data Subject Access Rights
Under the new and revised DPA 2018 legislation you are afforded a number of statutory rights and these are free of charge from the data controller in most circumstances. You may request the following:
1. Receive confirmation as to whether or not personal information concerning you is being processed by the company and have access to your stored personal information, together with supplementary information if processed.
2. Receive a copy of personal information we are processing on you in a structured, commonly used and machine-readable format. Usually in the form of a CSV or “Excel” file. This information is usually provided via secure email.
3. Request rectification of your personal information that is incorrect or has changed that is under our control.
4. Request erasure of your personal information, “right to be forgotten”, providing we are not required under law to retain this data. If this request cannot be complied with we will inform you as to the reason why, and when it will be deleted.
5. Object to the processing of personal information by us, if consent was the legal basis for collection i.e. constructing a marketing profile
6. Request to restrict processing of your personal information by us where consent was the legal basis i.e. remove from active marketing database.
7. Lodge a complaint with our data protection manager, and if this is not resolved to your satisfaction you may complain directly to the supervisory authority to which we are accountable in this case the UK ICO found at https://ico.org.uk/make-a-complaint/.
However, please note that these rights will be provided to you once you have established your identity as the data subject to the satisfaction of the company; usually two forms of government approved identity information such as passport and driving license are required or other as may be approved from time to time. All requests are usually actioned within 28 days from official request.
Retention
As mentioned above we have a standard data retention rule of 7 years to comply with accounting and HMRC requirements for billing evidence if you are a valid client (you have received services). If you have simply asked to be contacted via web form you are classed as a prospective client and your contact data is retained for 3 months from receipt.
However for marketing information we have specific data retention rules that differ from the above; you will/must have previously specifically provided consent for inclusion in the marketing database before marketing emails or calls are sent/contact to you; thereafter the following are applied below:
1. We will retain your contact details for marketing purposes only for a maximum period of two years, with a bi-annual consent opt-in refresh email 1 month before deletion date. If this email is not responded to positively then your marketing contact details are deleted
2. With every email sent we included as required under PECR regulation an opt-out functionality. If you exercise this right then you are removed from our database immediately we receive the opt-out email.
We may be asked by official bodies (Courts, HMRC, and Police etc.) to retain data on legal hold until such time the respective body releases this hold. If this is the case, we will comply with these legal requirements and therefore will necessarily override the above standard retention periods.
We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.
Cookies
We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services.
A "cookie" is a small piece of information (text file) that a website assigns or writes to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help make sure that any advertisements you may see are relevant to you and your interests and to compile statistical data on your use of our web page Services. However under our privacy by design policy, we do not deploy any unessential cookies without your specific consent. Thus the cookie types below explain their uses and what you are consenting too if you select them.
The Site uses the following types of cookies: essential, performance, analysis and marketing/advertising cookies. Cookies can be session or persistent types;
'session cookies' , which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed;
'persistent cookies', which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example, to allow us to store your preferences for the next sign-in; remember your cookie preferences banner settings if set before,
'third-party cookies' , which are set by other online services who run content on our web page you are viewing, for example by third-party analytics companies who monitor and analyse your web access to this site (Snowplow Analytics ), things like shopping cart/blogs selections or social media interaction capabilities.
Cookies can be designed to not contain any information that personally identifies you, they can also be designed to provide a unique identity but not necessarily linked to your Personal Information, this is called pseudo-anonymisation. However, if we know or link the unique cookie with your known profile, this cookie then becomes “personal information” and may be stored in a profile about you. We take the view that analytics cookies are not unique therefore cannot be classed as personal data for our web site users; however other sites take a different view.
You may remove the cookies at any time by following the instructions of your device or browser preferences; however, if you choose to disable or remove cookies, some features of our Site may not operate properly and your online experience may be limited, however you are now informed as to their possible uses.
We use a tool which is based on the Snowplow Analytics technology to collect information about your use of the Site. The tool collects information such as how often users access the Site, which pages they visit when they do so, etc. The tool does not collect any Personal Information and is only used by our Site hosting and operating service provider to improve the Site and services, but you can still choose not to deploy these cookies.
Use of script libraries (Google Web Fonts)
In order to present our contents correctly and make them graphically appealing across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts) on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.
• Calling script libraries or font libraries automatically triggers a connection to the library operator (via their cookie). In theory, it is possible – but currently unclear whether and, if so, for what purposes – that connection to the operators of corresponding libraries collect data.
• The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy.
Third-party cookie collection of information
Our cookie policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to, especially if they are processing your data outside of the EEA.
This Privacy/cookie notice does not apply to the practices of companies that we do not own or control, nor to individuals whom we do not employ or manage, including any of the third parties which you may disclose information to as set out in this Privacy notice.
How do we safeguard your information?
We take great care in implementing and maintaining the security of the Site and your information. The hosting platform we use adheres to or complies with the latest cloud best security practices and protection strategies, and as a processor for us is under our direct control for the use and storage of any data gathered by the use of our web site. Your rights and protections afforded by us are also maintained and adopted by our processor.
Although we take all reasonable steps to safeguard information, we cannot be responsible for the acts of those who try to gain unauthorised access or abuse our Site, however we are responsible to you for any unauthorised access or breach of your personal information and we will comply with the reporting requirements set forth in the DPA 2018
Transfer of data outside the EEA
There are no transfers of personal data outside the EEA, any statistical data processed by our site hosting processor will not contain any personal data nor will it be linked to any unique cookie identifiers.
Advertisements
If you consent to the placing of third party advertising cookies we may use a third-party advertising technology to serve advertisements when you access the Site. This technology uses your information with regards to your use of the Services to serve advertisements to you (e.g., reliant on the cookie). Given the legal basis is consent this can be removed at any time by changing your cookie preferences, and deleting the cookies already set using the browser tools under settings menu.
You may opt out of many third-party ad networks, including those operated by members of the Network Advertising Initiative ("NAI") and the Digital Advertising Alliance ("DAA"). For more information about this practice by NAI and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: http://optout.networkadvertising.org/#!/ and http://optout.aboutads.info/#!/.
Corporate Acquisitions
We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Notice.
Minors
We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow the use of our services by minors. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us info@phinterim.com.
Updates or amendments to this Privacy Policy
We reserve the right to periodically amend or revise the Privacy/Cookie Notice; material changes will be effective immediately upon the display of the revised Privacy Notice. The last revision will be reflected in the "Last modified" section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Notice and your agreement to be bound by the terms of such amendments. If our modifications of the notice materially change your previous consent conditions we will advise you accordingly and request a new consent request.
How to contact us
If you have any general questions about the Site or the information we collect about you and how we use it, you can contact us at info@phinterim.com.
Last Modified 15/11/18