1. Introduction and who are we?
PragmatiK Resilience Ltd (“the Company”) will collect and process your personal information (“your personal information”). The Company is committed as data controller, to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information. We are required under the GDPR to notify you of the information contained in this privacy notice.
This privacy notice applies to the company’s current and former clients, and also visitors to the website. This privacy notice is non-contractual and does not form part of any contract or agreement. If you have any questions about this privacy notice or about how we handle your personal information, please contact us at firstname.lastname@example.org.
You also have the right to contact the Information Commission (the regulatory body who ensures that organisations process personal information fairly) about any problems you encounter.
2. What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed.
The Company collects, uses and processes a range of personal information (including what is known as “special category data”) about you. This includes (as applicable):
- Identifying information i.e. names;
- Contact information i.e. address and telephone number;
- Lifestyle information where disclosed.
3. How do we collect your personal information?
Your personal information will come from mainly two sources:
1) Your visit to our website.
2) We also collect your personal information directly from you.
4. Why and how do we use your personal information?
The purpose for which we process your personal information is to provide you with the services you are interested in (“requisite services”). We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
- To fulfil our contractual obligations to you;
- To comply with a legal obligation;
In providing your personal information to us, you are also giving your consent for us to process that personal information. Your personal information may be stored in our IT systems and the cloud.
5. What if you fail to provide your information?
If you fail to provide your personal information when requested or required (or prohibit the company from accessing such information), we may not be able to perform the contract or provide you with the requisite services.
6. Change of purpose
We will only use your information for the purposes for which we collected it. If we need to use your information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
7. Who has access to your personal information?
The following individuals working for the company have access to your personal information:
- Some of the company’s workforce, for the purpose of providing you with the requisite services.
- Associates who provide the requisite services.
We will not sell your information to third parties.
We will not share your information with third parties for marketing purposes.
8. How does the Company protect your information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. You can obtain further information about these measures from our data protection officer.
Associates (who provide the requisite services) are required to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow Associates to process your personal information for specified purposes and in accordance with our written instructions; and we do not allow them to use your information for their own purposes.
The Company also has in place procedures to deal with suspected data security breaches and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
9. For how long does the Company keep your information?
The Company will only retain your information for as long as is necessary to:
a) fulfil the purposes for which it was collected and processed;
b) fulfil our legal obligations;
c) marketing services to you;
d) for the establishment, exercise or defence of legal claims.
We will also require Associates to destroy or erase your information where applicable in accordance with the above conditions.
10. Your rights in connection with your information
You have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your information - this is usually known as making a data subject access request and it enables you to receive a copy of the information we hold about you and to check that we are lawfully processing it
- request rectification of your information - this enables you to have any inaccurate or incomplete information we hold about you corrected
- request the erasure of your information - this enables you to ask us to delete or remove your information where there’s no compelling reason for its continued processing, e.g. it is no longer necessary in relation to the purpose for which it was originally collected.
- restrict the processing of your information - this enables you to ask us to suspend the processing of your information, e.g. if you contest its accuracy and so want us to verify its accuracy.
- object to the processing of your information - this enables you to ask us to stop processing your information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground.
- data portability - this gives you the right to request the transfer of your information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please contact us. We may need to request specific information from you in order to verify your identity and check your right to access the information or to exercise any of your other rights. This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it.
Please note that some of these rights are not absolute (i.e. they depend on the circumstances). We will let you know which of these rights do not apply at the time you make a request to exercise them.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
11. Transferring your information outside the European Economic Area
The Company will not transfer your information to countries outside the European Economic Area. In the event that it does, the Company will inform you in writing.
12. Automated decision making
Automated decision making occurs when an electronic system uses your information to make a decision without human intervention.
We do not envisage that any engagement decisions will be taken about you based solely on automated decision making, including profiling. However, we will notify you in writing if this position changes.
13. Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your information for a purpose other than that for which the information was collected or where we intend to process new types of information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your information in other ways.