We are Firebird Data Protection Consultancy Limited (Firebird). We provide expert advice, guidance, training and outsourced Data Protection Officer services to organisations, to help them meet their obligations under the data protection legislation (ie the General Data Protection Regulation (the UK GDPR) and the Data Protection Act).
Firebird is a private limited company registered in England & Wales under registration number 10841251. Firebird is registered with the Information Commissioner’s Office under registration number ZA288370.
We have a moral and legal responsibility to respect your privacy and take care of any personal data we hold about you, in compliance with the data protection legislation.
We are the data controller for the personal data we process about our enquirers, customer representatives, subscribers, customer leads, associates and website users. This privacy notice tells you what to expect when we handle personal data as a data controller.
We sometimes process personal data as a 'data processor'. This is when we act on behalf of our customers (eg when we perform the role of their outsourced Data Protection Officer). In these cases, we only handle personal data upon our customers' written instructions under a contract and any collection or use of that information, is limited to the purpose of providing the service to our customer. The personal data we usually handle as an outsourced Data Protection Officer, is often limited to names, contact details and information around queries, requests or complaints made to our customers, so we can assist them in addressing these.
If you have any queries about this privacy notice or the services we offer, please email us at firstname.lastname@example.org If you would like to contact our Data Protection Officer Amber Badley, please email DPO@firebirdltd.co.uk
Most of the personal data we process is provided to us directly by you, for example when you:
We may also collect personal information about you indirectly, for example through:
When someone contacts us asking about our services through our website, by email or over the telephone, we collect their name, contact details and the nature of their enquiry. We collect this information for our legitimate interests as a company, to be able to respond to their enquiry and keep a record of our communications with them. We keep this information for 2 years from the date of the last communication.
We collect the name and contact details of our customers and information about the service they have purchased. We need this information so we can fulfil our contract with the customer, or take steps at the request of the customer, prior to entering into a contract with them. We also collect this information for our legitimate interests in maintaining records for accounting, legal and insurance purposes. We keep this information for as long as we need to, to satisfy any contractual, legal, accounting, or reporting obligations, however this is usually archived and kept for 7 years after termination of the service contract.
We collect the name and contact details of people who want to subscribe to our newsletters, resources, blogs and promotions. We collect this information with the consent of the individual when they opt-in to receive these communications. If a person unsubscribes, we remove them from our mailing list but retain their contact details in a separate database. We need to retain this information for our legitimate interests, to ensure we do not contact them again in the future. We keep subscriber data until they unsubscribe or if the email address becomes invalid. We retain the contact details of those who have unsubscribed indefinitely.
We sometimes collect the name, job role and work contact details of employees working for potential customers, who we think would be interested in receiving information about our company’s services; this is known as ‘B2B’ or ‘business to business’ marketing. This information is only collected from public sources, such as company websites or where the employee has published their name, work profile and contact details on a networking site for professionals, (such as LinkedIn) and therefore would have a reasonable expectation that companies like us, may contact them to make introductions and market their services.
We collect this information to pursue our legitimate interests, to be able to promote and market our services to potential new customers. Contact leads can opt-out from receiving communications from us at any time, by emailing DPO@firebirdltd.co.uk
We keep this information for 2 years from the date of our last communication, where the communication does not lead to a sale. If the communication does lead to a sale, this information will be retained in line with our retention period for customers.
We collect information about our business associates, such as their name, contact details, experience, outcome of their criminal record check (DBS) (where required), service contract and bank details. We collect this information for our legitimate interests, to be able to assess the suitability of the individual and to enable us to fulfil our contract with them or to take steps at their request, prior to entering into a contract with them. We keep associate files for 7 years after their contract has ended.
When you visit our website, simple Cookies are used to help you navigate around our site and tell us how well our website is performing eg. it tells us how many visits we've had on our website and how many files have been downloaded within the last 30 days. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting this website and will not associate any data gathered with any personally identifying information from any source.
We do not share your data with other organisations, unless it is necessary for legal, contractual, regulatory or law enforcement purposes. Where we use data ‘processors’ to help us manage and store our data (cloud storage providers); promote our services (advertising/marketing companies) or help us deliver our services (business associates), we have Data Processor Agreements or confidentiality agreements in place, to protect any personal data they may have access to on our behalf.
Our data processors only act on our instructions and are carefully selected to ensure they have robust security measures in place and comply with the UK GDPR when processing personal data. Where we process your personal data as a data ‘processor’ for our customers, your personal data may be accessible to that customer, to enable us to fulfil our contract with them.
There may be times when we need to disclose personal data to other data controllers, for example:
We will never sell your personal data or share it in a way you would not reasonably expect.
Firebird only stores personal data on encrypted servers within the United Kingdom (UK).
We take our security responsibilities very seriously and have put in place robust measures to protect our and our customers’ personal data from accidental or unlawful access, disclosure, loss, damage or destruction.
The following are examples of how we achieve this:
You have the following rights under the data protection laws:
To exercise these rights, please contact us by emailing DPO@firebirdltd.co.uk You are not usually required to pay a fee and can expect to receive a response within one calendar month. Further information about your data protection rights, can be found on the Information Commissioner’s Office website at www.ico.org.
Changes to this privacy notice
We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 9 April 2021.