At Firebird Data Protection Consultancy Limited, we are committed to protecting and respecting your privacy.
We will always tell you what data we’re collecting about you and how we use it, and will never ask for more information than we need to. We will not share your data with any third parties, unless you have consented to this; they are a trusted partner working with us to provide the service you have requested; or the law requires us to. We will never sell your data.
We are committed to following industry best practices to ensure your data is stored safely and securely. We will protect the information we process about you, from accidental or unlawful access, disclosure, loss, damage or destruction.
We will always give you control over the communications you receive from us and you can stop or tell us you no longer wish to receive these, at any time.
This notice explains what personal data we process, why we process it, how we keep it secure and your rights:
We collect contact information about our subscribers, such as their name, email address and the name of the company they work for (where relevant), so we can send them the information they have requested and to keep them up to date with our news. We only obtain and use this information when the person has opted-in and consented to receiving our e-newsletters or information. Subscribers can opt-out from receiving this information at any time by emailing us at DPO@firebirdltd.co.uk We keep subscriber information for as long as the subscriber wants to stay in touch and receive our communications.
When a person sends us an enquiry through our website, we collect their name, email address and the nature of their enquiry / message. We need this information to pursue our legitimate interests in being able to respond to the enquiry we have received. We do not use this information to send direct marketing communications, unless the person has specifically requested and opted in to receiving this kind of information. We keep a record of our enquiries for up to two years.
Data Protection Officer customers and their data subjects
We offer an outsourced Data Protection Officer service to organisations, to help them meet their obligations under the General Data Protection Regulation (GDPR). Part of this role requires the Data Protection Officer (i.e. Firebird), to be the single point of contact for data subjects exercising their rights, in relation to the personal data held about them by our customers. As a result, Firebird may be sent personal data directly from those data subjects or from our customers, who are seeking support in responding to these requests, complaints or enquiries. The personal data provided to Firebird may include the following:
· Name and contact details of the data subject
· Nature of the data subject’s enquiry, request or complaint
· Personal data held about the data subject, which is the subject of their enquiry, request or complaint
Firebird acts as their customers’ data processor in these circumstances, i.e. it is acting on their customers’ behalf and on their instruction. As such, the processing of this information is necessary for Firebird to fulfil their duties under contract with these customers.
We will keep personal information about our customers’ data subjects, for the length of time instructed by our customers, or until the contract has ended.
We collect limited personal data about our customers. This may include their name, email address, work address and contact telephone number, along with a description of the service they have purchased or opted-in to receiving. We will only collect relevant information where it is necessary for our legitimate interests to provide effective services to our customers, or where it is necessary for us to enter into a contract or for the performance of a contract with the individual or company they work for. We keep personal information about our customers for the length of their contract and delete this information after the contract has ended.
We do not share personal data about our subscribers, enquirers or website users with any other organisation.
Where we are acting as a Data Protection Officer for our customers, we may share the personal data provided to us directly by the data subject with our customer, in order to address the enquiry, request or complaint. This sharing will be necessary for Firebird to carry out their obligations under contract and for the legitimate interests of their customers, to be able to respond to the data subject.
We take our security responsibilities seriously in order to protect your data from accidental or unlawful access, disclosure, loss, damage or destruction. For example, all our data is held within the European Union; our data is held on encrypted servers; we use up to date virus and malware protection software; we run a paperless office and have a clear desk policy; we shred our confidential waste; employees are subject to Disclosure and Barring Service (DBS) checks; access to data is on a strict need to know basis; we have policies, procedures and training around data protection and security incident management and we regularly back up our data.
We will only keep your personal data for as long as we need to, to fulfil the purposes we collected it for, and where it is necessary to satisfy any contractual, legal, accounting, or reporting obligations. After this period, we will delete or securely destroy your personal data.
You have the following rights over the way we process your personal data. We aim to comply with requests without undue delay, and within one month at the latest. You have the right to:
· ask us not to use your personal data for direct marketing;
· ask us not to process your personal data where it is processed on the basis of legitimate interests, if there are no compelling reasons for that processing;
· request from us access to the personal data held about you;
· ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
· ask that we stop any consent-based processing of your personal data after you withdraw that consent;
· ask, in certain circumstances, to delete the personal data we hold about you;
· to ask, in certain circumstances, for the processing of that information to be restricted;
For information about how to exercise these rights, please refer to our ‘Contact Us’ section.
We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. If you remain unsatisfied, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO’s contact details are available at https://ico.org.uk/concerns/
Firebird Data Protection Consultancy Limited (Firebird) is a private limited company registered in England & Wales under registration number 10841251. Firebird is registered with the Information Commissioner’s Office in compliance with the UK Data Protection Act, under registration number ZA288370. Details about Firebird’s registration are available at www.ico.org.uk
Changes to this privacy notice
Any changes that we make to our privacy notice in the future, will be posted on our website and may be emailed to our customers and subscribers.
This privacy notice was last updated on 18 February 2019
Copyright © 2019 Firebird Data Protection Consultancy - All Rights Reserved.