Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) and some other UK legislation.
Who are we?
Change Frameworks Ltd is the data controller. This means we decides how your personal data is processed and for what purposes. We are a company registered in Scotand (SC 648442)
Where contracts with clients require, acts as a data processor and complies with the same regulations in such cases.
What information do we collect about you?
When you do business with us, become a client of our company, register for or attend any events or subscribe to our blog or other publications we collect some or all of the following personal information from you:
- Your name
- Your email address and telephone number
- Any information relevant to the services may be providing to you.
How do we process your personal data?
Change Frameworks complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate organisational and technical measures are in place to protect personal data.
We use personal data for the following purposes:
- To enable us to provide you with consultancy, information or other services that you have asked us to provide.
- To maintain our own accounts and records.
- To manage our employees and associates.
- To inform you, with your consent (see below), about our products and services or information that is likely be relevant to you or your organisation, such as funding opportunities or changes in good practice, regulation or the law.
Our website, cookies and other information-gathering technologies
Our website uses cookies and similar technologies. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
What is the legal basis for processing your personal data?
- Where personal data is collected in the course of fulfilling our contractual and legal obligations to you or when you have asked us to provide services to you, only necessary data is collected, and it is securely stored and access restricted only to staff who need it. This data is processed to fulfil our contractual obligations to you, to comply with other legal obligations or in our and your legitimate interests (e.g. to provide you with information and services requested by, or promised to you, to ensure continuity of services and manage repeat business effectively and/or to defend any legal claims). The other considerations set out elsewhere in this policy also apply.
- Explicit consent of the data subject so that we can keep you informed about information that is likely be relevant to you or your organisation, including new information available from us (such as blog posts) and other information about our products and services. You can withdraw your consent at any time by emailing hello@changeframeworks.com
- Processing of personal data relating to employees and associates of Change Frameworks is necessary for carrying out obligations under employment, health and safety, social security or social protection law, or a collective agreement. It is processed to fulfil our contractual obligations and legal obligations only.
Sharing your personal data
We will only share your data with third parties outside Change Frameworks with your explicit consent, unless we are legally or contractually required to do so, or:
- for the purposes of securely storing the data, for example on cloud-based servers managed by third party providers (such as Apple, Dropbox, Google, Microsoft, MailChimp etc.)
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
The information you provide will not be transferred to countries outside the European Economic Area (EEA).
How long do we keep your personal data?
We keep data in accordance with the GDPR and only for as long as is necessary (for example to keep you informed about information that is likely be relevant to you or your organisation including new information available from us and other information about our products and services or to comply with the record keeping requirements of HMRC or other regulators). In general we will retain data for 2 years after our last contact with the data subject. We may retain some data for longer periods for reasons of continuity of service delivery, to ensure availability of relevant information about repeat clients, to defend legal claims or protection or legal rights or where we are contractually or legally required to do so.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data Change Frameworks hold about you.
- The right to request that Change Frameworks corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary or required for Change Frameworks to retain such data. This right does not apply where we have a legal obligation to retain your data.
- The right to withdraw your consent to the processing at any time (if we are processing on the basis of your consent).
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability) . This right only applies where we are processing your personal data based on consent or for the performance of a contract with you and in either case we are processing the data by automated means.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data. This right only applies where we are processing your personal data based on legitimate interests.
- The right to lodge a complaint with the Information Commissioners Office.
Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Statement, then we will publish a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contact DetailsTo exercise all relevant rights, queries of complaints please in the first instance contact our Director, Janine Wilson on Hello@Changeframeworks.com