PRIVACY NOTICE

 

Contents

  1. Introduction
  2. Controller
  3. The information we collect and when
  4. How we use your information
  5. Who we might share your information with
  6. How we keep you updated on our products and services
  7. Your rights over your information
  8. How long we keep your information for
  9. Giving your reviews and sharing your thoughts
  10. Security
  11. What happens if our business changes hands?
  12. Changes to Our Privacy Notice
  13. How to contact us

 

1 Introduction

The DPO Centre Ltd (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our clients that communicate (online or offline) with us, at events, over the phone, via our website, helpdesk and social media platforms.

We have therefore developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.

Where we process personal data as a controller or processor of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

This notice should be read together with our Cookie Policy that can be found on our website.

 

2 Controller

The DPO Centre Ltd is the controller for the personal information we process, unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) in the United Kingdom with registration number ZA310860.

The DPO Centre consists of the parent company, The DPO Centre Limited (a private limited company registered in England with the company number 10874595) and subsidiary companies (as defined in section 1159 of the UK Companies Act 2006), The DPO Centre Europe Limited, The DPO Centre Netherlands B.V and The DPO Centre Canada Inc.

The DPO Centre Europe Limited is a company registered in Ireland (number 681576) and its registered office is at Alexandra House, Ballsbridge Business Park, Ballsbridge Park, Merrion Road, Dublin DO4 C7H2.

The DPO Centre Netherlands B.V. is a company registered in Netherlands (number 85600601) and its registered office is at Vijzelstraat 68, 1017HL Amsterdam.

The DPO Centre Canada Inc is a company registered in Ontario Canada (number 1000582816) and its registered office is 161 Bay Street, Suite 2700, Toronto ON, M5J 2S1.

This Privacy Notice applies to The DPO Centre Limited and all subsidiaries irrespective of location or jurisdiction.

You can contact us either by phone, email or post.

  • By phone: +44 (0) 203 797 1289
  • By email: dpo@dpocentre.com
  • By post: The Suffolk Enterprise Centre, 44 Felaw Street, Ipswich, Suffolk, IP2 8SJ

 

3 The information we collect and when

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect about you, from third party websites or that you have voluntarily provided to us on this website or from enquiry/contact forms, event/exhibition or other contact methods includes:

      • Your name;
      • Telephone number(s);
      • Email address;
      • Your company;
      • Job title;
      • Survey responses;
      • Cookies; and/or
      • IP address.

We may, in further dealings with you, extend this personal information to include your address, purchases, services used, and subscriptions, records of conversations and agreements and payment transactions.

      • You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a prospect or client in an efficient and effective manner.

      • The legal basis for processing your data is based on your specific consent/performance of a contract/compliance with a legal obligation or our legitimate interest that we will have requested/stated at the point the information was initially provided, therefore we will not store, process or transfer your data unless we have an appropriate lawful reason to do so.

 

4 How we use your information

Processing activity

Lawful basis

To contact you, following your enquiry or to reply to any questions.

Performance of a contract

Customer Service enquiries; reply to suggestions, issues or complaints you have contacted us about.

Legitimate interest

Fulfilling our contract to provide you with the agreed service.

Performance of a contract

Processing your orders.

Performance of a contract

Taking payment from you or giving you a refund and associated financial accounting.

Performance of a contract

For statistical analysis and to get feedback from you about our service. We occasionally may invite you to participate in a case study following an engagement.

Legitimate interest

To power our security measures and services so you can safely access our website.

Legitimate interest

Helping us understand more about you as a customer, the products and services you consume, so we can serve you better.

Legitimate interest

Contacting you (B2B) about services from us

Legitimate interest

Contacting you about relevant industry specific news stories, articles or blogs.

Legitimate interest

Marketing/analytics from our website using cookies.

Consent

To deliver free webinars to you that you have signed up to.

Legitimate Interest

Contacting business contacts for feedback on our white papers and GDPR toolkit and to ask if they require further assistance.

Corporate Subscriber exception

 

5 Who we might share your information with

We may share your personal data with other organisations in the following circumstances:

      • If the law or a public authority says we must share the personal data;

      • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);

      • From time to time, we will employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it; or

      • reCAPTCHA from Google helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell human and bots apart. It is easy for humans to solve, but hard for “bots” and other malicious software to figure out. By adding reCAPTCHA to our site, we can block automated software while helping us welcome real users like you. First, the reCAPTCHA algorithm will check to see if there’s a Google cookie placed on the computer being used. Then, an additional reCAPTCHA-specific cookie will be added to your browser, and a complete snapshot of the browser window at that moment in time will be captured, pixel by pixel.

             Some of the browser and user information collected at this time includes:

      • All cookies placed by Google over the last 6 months,

      • How many mouse clicks you’ve made on that screen (or touches if on a touch device),

      • The CSS information for that page,

      • The date,

      • The language your browser is set to,

      • Any plug-ins you have installed on the browser,

      • All JavaScript objects, and

      • The data you supply via the form

             More information can be found at Google reCAPTCHA and Google’s Privacy Policy.

      • For the purpose of their promotional activities we will not share your information with any third parties for the purposes of direct marketing.

      • We use data processors who are third parties who provide elements of services for us. We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct. The key processors we use are;

 

Type

Industry

Processor

Location

Accounting software

Finance

Xero

New Zealand

Email/Cloud storage

IT

Microsoft

International

Client Management System

Operations

Hubspot

International

Project Management

Operations

WorkflowMax

International

Customer Support

Operations

Hubspot

International

Email marketing tool

Marketing

Hubspot/Outlook

International

Video and webinar streaming tool

Service delivery

Vimeo/ClickMeeting

International

Prospecting database

Sales

ZoomInfo

International

 

Where we share your personal data with organisations located in third countries that are not covered by an adequacy decision, we rely on standard contractual clauses (SCCs), with the UK Addendum where required, as our mechanism to safeguard the transfer.

The DPO Centre is committed to transparency in the way we collect, process, share, and store your personal information within our environment.

 

6 How we keep you updated on our products and services

We will send you relevant news about our services in a number of ways including by email, but only if we have a legitimate interest to do so and we have completed a legitimate interest assessment for the processing activity or can rely on the corporate subscriber exception.

Newsletters and marketing communications might be sent from our own domain (www.dpocentre.com) or our dedicated newsletter domain (www.thedpia.com) that provides an informative newsletter to business contacts.

Each email communication will have an option to object to the processing, if you wish to amend your marketing preferences, you can do so by following the link in the email and updating your preferences or by calling us on the number displayed on our website.

 

7 Your rights over your information

7.1 The right to be informed about our collection and use of personal data;

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

7.2 Right to Access Your Personal Information

You have the right to access the personal information that we hold about you. This is sometimes termed a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else authorised to receive it on your behalf), we will provide it to you or them free of charge and in most instances do so within one month unless we rely on an extension or exemption available to us under Data Protection Legislation, in which case we will notify you accordingly.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If you would like to exercise this right, please contact us as set out below.

Subject Access Request as a Service (SARsaaS)

We are committed to providing the information you request as part of your Subject Access Request and have procedures in place to ensure this occurs in a timely fashion.

We do not have agreements in place with any third-party platforms that offer “Subject Access Requests as a Service”. As a responsible data controller of your personal information this represents significant risks when sharing data. The right of access afforded to you, does not obligate data controllers to share data with 3rd parties. It is our policy to provide the information directly to data subjects ensuring the safety and security of the information throughout the process.

We will monitor future guidance from the Information Commissioner’s Office but currently undertake our own reasonable measures to verify the identity of data subjects. We would like to assure you that the protection of your data is our main concern and we are committed to providing information as part of any valid request.

This notice will also apply to the rights set out below.

7.3 Right to Correct Your Personal Information

If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.

If you would like to exercise this right, please contact us as set out below.

7.4 Right to Stop or Limit Our Processing of Your Data

You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

7.5 Right to Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

7.6 Right to Portability

The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives you the right to request that a controller transmits this data directly to another controller.

If you would like to exercise this right, please contact us as set out below.

7.7 For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers, such as ourselves, are available publicly.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

 

8 How long we keep your information for

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and never retain your information for longer than is necessary.

Unless otherwise required by law, your data will be stored for a period of 7 years after our contract with you expires or 3 years after our last contact with you or some other identifiable action, at which point it will be deleted

 

9 Giving your reviews and sharing your thoughts

When using our website, you may be able to share information through social networks like LinkedIn and Twitter. For example, when you ‘like’, ‘share’ or review our services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts, so you are comfortable with how your information is used and shared on them.

 

10 Security

Data security is of great importance to The DPO Centre and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

      • Limiting access to our buildings to those that we believe are entitled to be there by use of passes;
      • Implementing access controls to our information technology; and
      • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, website and offices.

 

11 What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us.

 

12 Changes to Our Privacy Notice

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this notice regularly to keep up-to-date.

 

13 How to contact us

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this notice, or the way your personal information is processed, please contact us by one of the following means:

      • By email: dpo@dpocentre.com

      • By phone: +44 (0) 203 797 1289

      • By post: The Suffolk Enterprise Centre, 44 Felaw Street, Ipswich, Suffolk, IP2 8SJ

Thank you for taking the time to read our Privacy Notice.

The DPO Centre

 

This Notice was last updated on 26/04/2022