PERSONAL INFORMATION AND PRIVACY
1.1 Dependall is required to follow the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
1.2 We take privacy very seriously and are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information. We will not sell, trade or rent your personal information to others unless we have your permission or are required to do so by law.
1.3 We use data collected about you and your requirements to provide the best service to you as a client or potential customer.
2. Data we collect
2.1 We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to, and use of, this website (including your IP address, geographical location, browser type and version, referral source, length of visit, page views and website navigation paths);
(b) information that you provide to us when enquiring via our website forms or direct emails to ‘www.dependall.com’ (including your name, job title, company email address, company phone number);
(c) information that you provide to us when downloading content such as whitepapers, strategy insights, brochures etc. (including your name, job title, company email address, company phone number);
(d) information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name, email address and job title);
(e) information contained in or relating to any communications that you send to us or send through our website (including the communication content and meta data associated with the communication);
(f) any other personal information that you choose to send to us throughout the enquiry/scoping period or whilst we deliver services to you.
2.2 Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with the terms of this policy.
3. Legitimate Interest
3.1 Our Legitimate Interest in processing your information:
(a) Website Enquiries: (including enquiry forms and direct emails to ‘dependall.com’)
and for administrative purposes
(b) Content downloads (including FAQ, documents and brochures):
To ensure receipt of downloaded content and to identify sales opportunities
(c) Signing up to receive email communications (including latest news, insights and research). To provide an audit trail of your ‘opt-in’ should it ever be necessary
To fulfil our contractual obligations to our clients
To ensure that our records are kept up-to-date
To maintain our business relationship with clients and prospects
To comply with legal requirements
It is therefore in the legitimate interests of all parties involved that Dependall can process personal data.
4. Why we collect this data
4.1 Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website
4.2 We may use your personal information to:
(a) process an enquiry;
(b) ensure downloaded content has been received;
(c) save an audit trail of your ‘opt-in’ and/or ‘opt out’ to email communications;
(d) send you marketing communications that you have specifically requested (you can inform us at any time if you no longer require the emails, either by using the ‘unsubscribe’ button included on all marketing emails or by requesting to be removed from the list by emailing [email protected]
(e) provide suppliers with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
(f) deal with complaints made by or about you relating to our website;
(g) keep our website secure;
(h) verify compliance with the terms and conditions governing the use of our website;
(i) inform third parties who perform outsourced functions on our behalf such as IT Consultants carrying out work on our IT systems, professional advisors and auditors. We will always ensure that these third parties also comply with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.
4.3 Downloading content or submitting an enquiry does not automatically ‘opt-you-in’ to marketing communications, unless the tick box is selected upon submission of form
4.4 Personal information may also be collected in the course of providing services to you to ensure we fulfil our contractual obligations and to comply with financial audits
4.5 We will not supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
5. Sharing Personal Information
5.1 We may disclose your personal information to any of our employees, professional advisers, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
5.2 We may disclose your personal information to any member of our Group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy and to ensure we utilise our Group network to its best effect to benefit our clients and prospects.
5.3 We may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling (you will be notified in the event of any transfer and you will be offered an opportunity to opt-out); and
(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
5.4 Except as provided in this policy, we will not provide your personal information to third parties.
6. International data transfers
6.1 Information that we collect may be stored, processed on cloud servers located in the USA but only where businesses are registered under the US Privacy Shield.
7. Retaining Personal Information
7.1 This Section 7 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
7.2 Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7.3 Notwithstanding the other provisions of this Section 7, we will retain documents (including electronic documents) containing personal data:
(a) to the extent that we are required to do so by law;
(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
8. Where we store your data
8.1 We take technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
8.2 We store all personal information you provide us either on our secure server in a UK data centre that is GDPR compliant or on Cloud Based Servers based in the USA. However, only where businesses are registered with the Privacy Shield. We have a Data Protection and Information Security policy in place to protect the loss or misuse of information under our control.
8.3 You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
9.1 We may update this policy from time to time by publishing a new version on this page of our website.
9.3 If at any time you have questions or concerns about the policy, please contact us at [email protected]
10. Your rights
10.1 You have the following rights under the General Data Protection Regulation in relation to how your personal data is processed. Should you wish to contact us regarding exercising these rights then please do so by emailing us at [email protected]. All requests made will be dealt with within one month. However, this can be extended to two months in exceptional circumstances.
10.2 Right to make a Subject Access Request (SAR)
10.2a You have the right to ask for a copy of the information we hold for you. We will ask you to verify your identity and for further information about your request.
10.2b We will not charge you to respond to your request for information unless for example you have made repeated requests for the same information.
10.2c We could refuse to comply with your request for the same reasons.
10.2d We may withhold personal information that you request to the extent permitted by law.
10.3 Right to object
10.3a You have the right to object to your data being processed.
10.4 Right to erasure – also known as the right to be forgotten
10.4a You can request that Dependall removes all your personal data. However, this is not an absolute right – we can keep your personal data if we have a legal reason for doing so.
10.4b If you ask for your data to be erased we may ask whether you just do not want to hear from us for a period of time or whether you want your data to be permanently deleted.
10.4c If you have requested for your data to be erased, we will tell any third parties to whom we have passed your data, that you have filed a request to erase. They must also do the same. We are required to keep certain records, for certain periods of time. These obligations will override any requests to erase data or any objection to processing for so long as we must keep the data.
10.5 Right to restrict processing
10.5a Under certain circumstances you have the right to request the restriction of the processing of your data.
10.6 Right to complain to the Information Commissioner’s Office (ICO)
10.6a If you feel that Dependall is not meeting data protection obligations, and if you are not satisfied with our response to your concerns, then you may complain to the Information Commissioner’s Office, who will look into the matter for you. Information on how to do this is available at http://ico.org.uk/complaints .
10.7 Right of rectification of inaccurate or incomplete data
10.7a You are responsible for ensuring that all information supplied by you is true, complete, accurate and not misleading or likely to mislead or deceive. You have the right to request that Dependall corrects any incomplete or inaccurate data that we hold for you.
N.B Downloading content or submitting an enquiry does not automatically ‘opt-you-in’ to marketing communications, unless the tick box is selected upon submission of form. You can instruct us at any time not to process your personal information for marketing purposes by contacting [email protected]
11. Personal data breaches
11.1 If we should suffer a data breach such as loss or theft of personal data which is likely to cause a risk to you, then we must inform the ICO. If there is a high risk to you then we must inform you too. However, if the risk to you is not high, nor likely, we will not (and are not required to) report it externally.
12. Direct marketing
12.1 From time to time we may contact you regarding our services and those of our Group Companies. We will do so if we have contacted you or done business with you in the past. At all times, you will be provided an option to opt-out of such marketing activities and you can do so by contacting [email protected]
13.Third party websites
13.1 Our website includes hyperlinks to, and details of, third party websites.
13.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
14. Updating information
14.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
OUR COMPANY DETAILS
This website is owned and operated by Dependall Ltd
We are registered in England and Wales. Company Number 13087461 & our VAT Registration Number: 366253977
Registered office: Rofta House, Rudgate, Thorp Arch, Wetherby, England, LS23 7QA
Principal place of business: Swinton Works, Talbot Road, Swinton, S64 8AJ
You can contact us by writing to the business address given above, by using our website contact form, by email to [email protected] or by telephone on +44 (0) 333 2400 780
For more information on your rights
Please visit the ICO website – www.ico.org.uk