Firebird Data Protection Consultancy Limited (Firebird) provides advice, guidance, training and outsourced Data Protection Officer services to organisations, regarding the data protection legislation (ie the General Data Protection Regulation (GDPR) and the Data Protection Act).
Firebird is the data controller for the personal data we process about our customers, subscribers, website users and customer leads . This privacy notice tells you what to expect when we handle personal data as a data controller.
There are times when we process personal data as a ‘data processor’. This is when we act on behalf of another data controller (our customer), for example, when we act as their outsourced Data Protection Officer. In these cases, we only handle personal data upon written instructions from the data controller and any collection or use of that information, is limited to the purpose of providing the service to our customer. Please refer to their privacy notice for more information.
Company information
Firebird is a private limited company registered in England & Wales under registration number 10841251. Firebird is registered with the Information Commissioner’s Office under registration number ZA288370.
Contact us
If you have any queries about this privacy notice or the services we offer, please email us at info@firebirdltd.co.uk If you would like to contact our Data Protection Officer, please email DPO@firebirdltd.co.uk
Most of the personal data we process is provided to us directly by you for one of the following reasons:
· You make an enquiry about the services we offer
· You are a subscriber to our newsletters, free resources, blogs and promotions
· You use our website
· You are one of our customers
We may also collect personal information about you indirectly, for example through:
· Our customers (your employer) as their nominated representative
· Public sources such as websites and professional networking sites (such as LinkedIn) so we can tell you about our services which we think you may be interested in.
Enquirers
When someone contacts us asking about our services through our website, via email or over the telephone, we collect their name, contact details and the nature of their enquiry. We need this information so we can respond to their enquiry and keep a record of our communications with them.
Customers
We process the name and contact details of our customer’s representative and information about the service their organisation has purchased. We need this information so we can deliver the service they have requested and keep a record for our accounting purposes.
Subscribers
We collect the name and contact details of people who subscribe to our newsletters, free resources, blogs and promotions; the date they subscribed to these communications and where relevant, the date they requested to unsubscribe.
Customer leads
We sometimes collect the name, job role and work contact details of employees, who we think would be interested in receiving information about our company’s services; this is known as B2B marketing. This information is only collected from public sources, such as their organisation’s website or where an employee has published their name and work profile on a networking site for professionals, such as LinkedIn. We use this information to tell them about our services.
Website users
When you visit our website, we collect standard internet log information and details about visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our website. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting this website and will not associate any data gathered, with any personally identifying information from any source.
We do not share your data with other organisations, unless required to do so for contractual, regulatory or law enforcement purposes.
We will never sell your personal data.
When we process your information, we only do so where we have a legal basis (as described in the Data Protection legislation). Our legal basis for processing personal data and the timescales we keep this information for are as follows:
Enquirers
We process personal information about our enquirers, where it is necessary for us to pursue our legitimate interests, such as responding to enquiries and keeping an audit trail of communications, for our company’s business, accounting and legal purposes. We keep this information for 2 years from the date of the last communication.
Customers
We process personal information about our customers, so we can fulfil our contract with our customer. We keep this information for as long as we need to, to satisfy any contractual, legal, accounting, or reporting obligations, however this is usually archived and kept for 7 years after termination of the service contract.
Subscribers
We process personal information about our subscribers, where we have their explicit consent. We keep this data until you unsubscribe or tell us another way that you no longer want to receive communications from us. To unsubscribe, please email us at DPO@firebirdltd.co.uk When you unsubscribe, we will remove your name and contact details from our mailing list, however we will keep a separate record of this in our ‘unsubscribed’ database, to ensure we don’t contact you again in the future.
Customer leads
We process personal information about our customer leads, where it is necessary for us to pursue our legitimate interests, such as promoting and marketing our services to companies and other organisations who we think may be interested in receiving information about our services. We keep this information for 2 years from the date of our last communication, where the communication does not lead to a sale. You can unsubscribe from receiving marketing communications from us at any time by emailing DPO@firebirdltd.co.uk When you unsubscribe, we will remove your name and contact details from our mailing list, however we will keep a separate record of this in our ‘unsubscribed’ database, to ensure we don’t contact you again in the future.
We take our security responsibilities seriously in order to protect your personal data from accidental or unlawful access, disclosure, loss, damage or destruction.
For example:
· Access to our data is on a strict need to know basis
· Our electronic records are held on encrypted servers
· We use up to date virus and malware protection software, security patches are applied promptly, and we back up our data regularly
· Our paper files are locked away with restricted access to the keys
· Our employees are subject to Disclosure and Barring Service (DBS) checks and confidentiality clauses within contracts
· We have policies, procedures and training around data protection, security, record disposal and confidentiality
· We use encrypted email and secure file sharing platforms
· We carry out due diligence checks on companies we receive a service from
· We store your data in the UK or the European Economic Area (EEA)
You have the following rights under the data protection laws:
Your right of access
You have the right to ask us for copies of your personal data. There are some exemptions, which means you may not always receive all the information we process.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing
You have the right to object to us processing your information where we consider this is necessary for us to perform a task in the public interest. You can also object to us using your contact details to send you direct marketing communications.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under a contract (or in talks about entering into a contract) and the processing is automated.
Your right to complain
We work to high standards when it comes to processing your personal information. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right.
To do this, please email us at DPO@firebirdltd.co.uk. If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO’s contact details are available at https://ico.org.uk/concerns
You are not required to pay a fee for exercising your rights and we have one month to respond to you.
Please email us at DPO@firebirdltd.co.uk if you would like to make a request or complaint.
Further information about your data protection rights, can be found on the Information Commissioner’s Office website at www.ico.org.
Changes to this privacy notice
We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 6 April 2020.
Copyright ©2020 Firebird Data Protection Consultancy Limited - All Rights Reserved.