Introduction
LJ Digital & Data Consultancy is committed to protecting your data and complying with our obligations under the GDPR and the UK Data Protection Act 2018. Under the GDPR, a Data Controller determines the purposes and means for processing personal data. A Data Processor processes personal data on behalf of a Data Controller.
LJ Digital & Data Consultancy is a Data Controller and a Data Processor. We process determine the means and purposes of processing data for our own business purposes – e.g. processing employee and client data. We also process our clients data – e.g. employee data and customer data during system migrations etc. Further details about how we process personal data can be found throughout this statement. LJ Digital & Data Consultancy is referred to as “we”, “us”, “our”, “the company” throughout this privacy statement.
Our contact information
Company name: LJ Digital & Data Consultancy
Address: 47 Church Street, Great Baddow, Chelmsford, CM2 7JA
Email address: lisa@ljdigitalanddata.co.uk
About this Privacy Notice
This privacy notice outlines the following:
- What personal data we collect and about whom
- Why we collect personal data
- How we use personal data
- The lawful basis for collecting personal data
- Your rights in relation to your personal data
- How we collect personal data
- How we store personal data
- Who we share personal data with
- How we keep personal data secure
- How long we keep personal data
- How we use personal data for marketing
- Transferring data internationally (outside the EEA)
- Our use of cookies
- Your right to complain
Your Personal Data
Under the GDPR, LJ Digital & Data Consultancy must be transparent about the data we collect, about whom and why we need it. Details of what personal data we collect, about whom, why we collect it, how we use it, the lawful basis, and where appropriate, the condition for processing can be found in the following section. Where we rely on consent as a lawful basis, you have the right to withdraw your consent at any time and can do this by contacting us at lisa@ljdigitalanddata.co.uk
Directors, Employees, Independent Consultants and Contractors
Data captured: Name, address, email, date of birth, NI number, signature, proof of identification, qualifications & certificates, bank details, telephone number, job title/position, usernames and passwords
| Purpose for processing | Lawful Basis | How long is the data kept for? |
| • Complying with Company Law – e.g. submitting Director and company details to Companies House, to register as a Data Controller with the ICO etc. | Legal Obligation | Indefinitely |
| • Proof of ID to determine a candidates right to work in the UK | Legal Obligation | 6 months after the end of recruitment process |
| • Submitting tax returns and PAYE records | Legal Obligation | 10 years |
| • providing information to legal authorities to prevent fraud, crime etc. | Legal Obligation | In line with the instruction of the legal authority |
| • To administer a Director or Employees employment with LJ Digital & Data Consultancy – e.g. performance reviews, absence and annual leave details, process wages, payments, dividends etc. | Contract | 3 years from end of fiscal year (Pay & Tax) 6 years after contract terminated. Director details kept indefinitely. Minimal employee details (e.g. name, employment dates) held indefinitely |
| • Sickness and medical information (Statutory Sick Pay etc.) | Legitimate Interest Condition for processing = Employment, social security and social protection law | 3 years |
| • Processing details in order to run the company | Legitimate Interest | Indefinitely – for company Directors listed on Companies House |
| • To produce Annual Reports | Legitimate Interest | Indefinitely |
| • To designate a signatory for company insurances and contracts | Legitimate Interest | 12 years after the end of the contract |
| • To create user accounts to enable Directors and Employees to carry out their roles | Legitimate Interest | User accounts deactivated upon termination of employment contract |
| • Proof of qualifications when required for a specific role | Legitimate Interest | 6 months after the end of the recruitment process |
| • To recruit to a role that LJ Digital & Data is advertising | Legitimate Interest | 6 months after the end of the recruitment process |
| • Providing details to emergency services in the event of life or death | Vital Interest | Records kept in line with HSE guidelines |
| • Accident and Health & Safety records | Legitimate Interest | Records kept in line with HSE guidelines |
Existing and potential Clients
Data captured: Employee name, employer name, address, email address, telephone number, job title, Employer name, Signature, communications, notes and minutes, communication preferences, username, password, unique identifier (when added to systems), financial details – e.g. company card / bank details, behavioural data – e.g. IP address, statistics and reports, website visits etc.
| Purpose for processing | Lawful Basis | How long is the data kept for? |
| • Providing quotes, proposals and fulfilling our obligations to provide services and consultancy | Legitimate Interest (B2B) Contract (B2C) | 2 years after the date of last contact or action |
| • Signing contracts for the provision of services and consultancy | Legitimate Interest | 12 years from the end of the contract / last action |
| • Issuing invoices and processing payments for service provision and consultancy | Legitimate Interest | 6 years from the end of the fiscal year |
| • Communicating with clients employees for the purposes of fulfilling contractual obligation to provide services and consultancy | Legitimate Interest | 3 years after the end of contract / last action |
| • Allowing access to our online training portal for online programmes | Legitimate Interest | 3 years after the end of contract / last action |
| • Marketing further services and consultancy • Sending marketing communications – e.g. emails, newsletters and blogs • Tracking behaviours, interactions and engagement to display relevant ads and sending marketing and communications about services and consultancy | Consent | Email address will be retained indefinitely to ensure that those who opt-out of communications are no longer marketed to. Individuals who opt-out will be added to a suppression list, along with those who stop engaging with communications so they are not contacted in the future, unless they opt-in again |
| • Varying client/customer/member data of LJ Digital & Data Consultancy clients. Transferring data between systems – e.g. during system migration / implementation projects | Legitimate Interest | Immediately upon completion of the migration / implementation project |
Providers (Data Processors) and suppliers
Data captured: Name, company name, email address, address, telephone number, job title, signature, communications, notes and minutes, financial details – e.g. card / bank details
| Purpose for processing | Lawful Basis | How long is the data kept for? |
| • Signing contracts | Legitimate Interest | 12 years after contract end / last action |
| • Keeping a contracts and suppliers list | Legitimate Interest | 3 years from the end of the contract / last action |
| • To build and maintain working relationships with employees and account managers | Legitimate Interest | 3 years from the end of the contract / last action |
| • Recording details of, agreements, meetings and correspondence | Legitimate Interest | 6 years from the end of the fiscal year |
| • Processing payment for purchased products/services | Legitimate Interest | 6 years from the end of the fiscal year |
General public
Data Captured: CCTV footage, date and time
| Purpose for processing | Lawful Basis | How long is the data kept for? |
| • Having adequate levels of security and capturing unauthorised access to the office space | Legitimate Interest | 3 months |
Your rights in relation to your personal data
Under the GDPR you have the following rights in relation to your data. All requests can be made free of charge and we have one month to respond:
The right to be informed
You have the right to be informed when we collect your personal data from you directly or indirectly from another source.
The right of access
You have the right to request copies of the data we hold about you.
The right rectification
You have the right to request that we complete any information about you that you think is incomplete. You also have the right to request that we rectify any inaccurate information that we hold about you.
The right erasure
Also referred to as the “right to be forgotten”, you have the right to ask us, in certain circumstances, to erase your data.
The right to be informed
You have the right to be informed when we collect your personal data either directly from you or indirectly from another source.
The right to object to us processing your personal data
You have the right to object to us processing your personal data in certain circumstances. For example – for the purposes of direct marketing.
The right to restrict us processing your personal data
You have the right to restrict us processing your data in certain circumstances. This means that we may still be able to hold the data, but not process it.
How we collect personal data
We collect your personal data via the following methods:
- Directly from you – we collect your personal data directly from you for the purposes outlined in ‘Your Personal Data’ above. We collect personal data via a number of methods – e.g. email, telephone, during meetings and workshops etc. (using Zoom, Microsoft Teams and collaboration software etc.), online via our website when you fill out forms, when you sign up to receive communications and marketing from us etc.
- Indirectly – where we have your consent, we collect personal data (such as emails, IP address and online behaviors) of visitors to our website using Cookies, Facebook Pixel, Click Funnels, Google Analytics and Active Campaign. We use this data so that we can display adverts to you – e.g. via Facebook and other Social Media platforms – and to send targeted communications and marketing about our products and services.
How we store personal data
LJ Digital & Data Consultancy store your personal data on our internal, paper and digital systems as well as on our Data Processor systems – e.g. Microsoft365, our customer relationship management database, Active Campaign, WordPress, Siteground and Google Analytics, Zoom, Microsoft Teams etc. Where we have your consent to display ads to you, your data will be stored third party platforms such as Facebook, Click Funnels and other Social Media platforms for the purposes of displaying relevant content to you.
Who we share personal data with
LJ Digital & Data Consultancy will never sell your personal data. We share your personal data with suppliers and providers – e.g. Data Processors – whose systems software we use (listed in ‘How we store personal data) – and any independent consultants / sub-contractors who we assist us to deliver services to you. In certain circumstances LJ Digital & Data Consultancy will be required to disclose personal data. Examples include:
- In an emergency situation (e.g. life or death) – i.e. to protect the vital interest of an individual(s)
- In the interest of national security
- To prevent or detect crime, including the apprehension or prosecution of offenders
- To prevent serious harm to an individual(s) – e.g. a health and safety concern
How we keep personal data secure
LJ Digital & Data Consultancy have appropriate physical and technical security measures in place to protect your personal data. We ensure that we have provisions in place to ensure that only authorised persons have access to personal data, that your data is kept secure, and that we have processes and procedures in place to prevent accidental loss, destruction, alteration, unauthorised access or disclosure of your personal data. We have incident and breach processes and procedures in place to deal with a respond to any suspected breaches of your personal data and will notify you and any relevant regulators in the event of a breach where we are required to do so. When engaging independent consultants, sub-contractors and Data Processors, we carry out due diligence to ensure that they employ appropriate levels of security and that they comply with the GDPR.
How long we keep personal data
LJ Digital & Data Consultancy have a Data Retention Policy and Retention Schedule in place to ensure that your data is only kept for a long a necessary, and in line with the purposes that it was collected. Retention timescales are outlined in the ‘Your Personal Data’ table above.
How we use personal data for marketing, profiling and automated decision making
Where we have your consent we will use your data to market our services and consultancy to you and display ads to you when browsing website, using apps and social media sites. Data will be aggregated automatically from different sources – e.g. website cookies, Facebook Pixel, open rates on emails etc. and will be used to deliver relevant content to you. You have the right to withdraw your consent at any time by contacting us at lisa@ljdigitalanddata.co.uk
Transferring data internationally (outside the EEA)
The GDPR places obligations on Data Controllers to ensure that provisions are put in place when data is being transferred outside of the EEA. When tendering for new suppliers and systems, LJ Digital & Data Consultancy will carry out due diligence to ensure that, where possible, data is not transferred outside of the EEA. In the event that data will be transferred outside of the EEA, we will ensure that appropriate safeguards and provisions – as outlined under the GDPR – are in place prior to transferring the data.
Our use of cookies
Introduction
Digital & Data Consultancy’s website and services, we will ask you to consent to our use of cookies when you first visit our website.
About cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent/permanent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
We use cookies for the following purposes:
(a) tracking visits – to identify you when you visit our website and as you navigate our website. Cookies used for this purpose are: Session cookies;
(b) personalising your visit – we use cookies to store information about your preferences and to personalise our website for you. Cookies used for this purpose are: permanent cookies;
(c) advertisements – we use cookies to help us to display advertisements that will be relevant to you on our website and on third party platforms such as Facebook and other social media platforms. Cookies used for this purpose are: permanent cookies;
(f) analysis – we use cookies to help us to analyse the use and performance of our website and services. Cookies used for this purpose are: permanent cookies; and
(g) cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally. Cookies used for this purpose are: permanent cookies.
Cookies used by our service providers
Our service providers use cookies and those cookies may be stored on your computer when you visit our website. Service providers are:
- Google Analytics – Google Analytics gathers information about the use of our website by means of cookies. The information gathered is used to create reports about the use of our website. You can find out more about Google’s use of information by visiting https://www.google.com/policies/privacy/partners/ and you can review Google’s privacy policy at https://policies.google.com/privacy. The relevant cookies are: permanent cookies.
- Facebook – We use a Facebook pixel on our website. Using the pixel, Facebook collects information about the users and use of our website. The information is used to personalise Facebook advertisements and to analyse the use of our website. To find out more about the Facebook pixel and about Facebook’s use of personal data generally, see the Facebook cookie policy at https://www.facebook.com/policies/cookies/ and the Facebook privacy policy at https://www.facebook.com/about/privacy. The Facebook cookie policy includes information about controlling Facebook’s use of cookies to show you advertisements. If you are a registered Facebook user, you can adjust how advertisements are targeted by following the instructions at https://www.facebook.com/help/568137493302217.
Managing cookies
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647 (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, this may impact the use of some of the features on our website.
Cookie preferences
You can manage your preferences relating to the use of cookies on our website by not accepting cookies.
Your right to complain
If you are unhappy with how we use your personal data you have the right to us at lisa@ljdigitalanddata.co.uk. You also have the right to complain to the ICO:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113