Privacy Policy
| Policy number/reference | OSC GENERAL POLICY - PRIVACY |
|---|---|
| Version/Status | 1.4 Approved |
| Written by/date | Operations Manager/February 24th 2023 |
| Approved by/date | Managing Director/March 01st 2023 |
| Review date | January 2024 |
| Links to | OSC Code of Conduct/ OSC Employee Handbook |
How we respect privacy when we deal with personal information we collect
This Privacy Policy applies to information OTHER SOLUTIONS Consulting (OSC) collects about individuals who interact with our company. It explains what personal information we collect, store, use and delete.
OSC is a Data Controller under the Data Protection Act 1998. This statement confirms OSC’
commitment to protect your privacy and to process your personal information in a manner which meets the requirements of the Act and wider General Data Protection Regulations (GDPR) – EU 2016/679.
If you have any comments, questions or requests about this notice or regarding the processing of your personal data, feel free to contact us at gdpr@othersolutions.net or OTHER SOLUTIONS Consulting, 601 Pavilion House, Water Gardens Square, SE16 6RN, London, UK
Consent to use of your data
By proceeding to use our website, you consent that OSC may process the personal data (including sensitive personal data) that we collect from you in accordance with this Privacy Policy.
We will use information that we hold about you for the purposes and in the manner outlined below.
Personal data that we process
The type and amount of information we collect depends on how you use the website and how you interact with our company.
We collect three types of information:
- Anonymous data that is automatically collected from all visitors to our website.
- Personal data that visitors voluntarily submit so that we can provide you with a service.
- Financial data that visitors voluntarily submit to validate the purchase of a service.
Anonymous Data
You can access all pages on the website without telling us who you are and without revealing any personal information. We collect some information when you visit our website, but this does not allow us to identify you personally.
See section on cookies and website tracking in this document for more information.
Personal Data (including sensitive personal data)
We may collect information directly from you which personally identifies you (name, address, email etc) when you participate in the following activities:
- contacting us to seek information or advice.
- Purchasing a service we sell.
- applying to participate in training or other event or activity.
- subscribing to an email list to receive more information about our work and services.
Special category data
We may collect special category data (for example information about your gender, health condition, medications etc), where it is relevant to the service for which you have purchased. You may decline to provide this information: however, this may make it impossible for us to continue to deliver the service purchased.
Financial Data
We collect your financial data for the purpose of fulfilling our contractual duties to you.
When you make an online payment to OSC, your payment details are processed by the secure payment gateway, Stripe.
This provider will ask for your name, address, phone, email address, and credit/debit card information. This information is used to process your payment and to verify credit/debit card data. Your credit/debit card details will only be retained by Stripe.
In the case of a suspected fraudulent transaction, card details may be disclosed to OSC for the sole purpose of performing further checks. More information about how Stripe will use your data is here: https://stripe.com/en-gb/privacy
Where we have no contractual basis for retaining financial data (i.e. when transactions have been processed) we retain only that financial data which is required to satisfy our obligations to maintain accurate financial and tax records.
The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed. The information you provide will not be sold or rented nor will it be shared with third parties unless we have your permission or are required to disclose the information by law.
| Enquiring about our organisation and its work | Name, email, message | Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect. |
|---|---|---|
| Subscribing to email updates about our services | Name, email | Consent – you have given your active consent. You can withdraw consent at any time and there will always be an unsubscribe option in the communications we send to you. |
| Purchasing a service | Name, email, address, payment information | Legitimate interests – this information is necessary for us to fulfil your intention of purchasing a service and your expectation of receiving a confirmation message. Legal obligation – where we are required by law to process your information, e.g. to verify your identity. |
| Website functionality | Website activity collected through cookies. The information we collect includes the browsers visitors’ use, what time they visit and which pages are most viewed. We do not link any of this anonymous data with any personal data that you may provide to us. | Legitimate interests – it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect and to enable us to evaluate the site and work to improve it. |
| Applying to participate in training or other event or activity | Your personal and professional details and history (This may include your name, address, email, telephone number, nationality, employment history) | Legitimate interests – This information is necessary for us to process your application to facilitate your participation in the training or event. Where arranging international travel and/or residential accommodation, we may also share your details with third parties, for example with an hotel or training centre. |
| Providing feedback on services you have received or activities you have participated in (monitoring and evaluation data) | Your feedback on the services you received from us or activities you participated in. | Legitimate interests – It is necessary for us to collect feedback from our beneficiaries and service users to enable us to evaluate our activities and work to improve them. Feedback collected from you on services you have received or activities you have participated in (monitoring and evaluation data) is processed anonymously unless consent is given for non – anonymised processing. Express consent – When collecting non-anonymised data, for example to feature your case in a public report, we will seek you express consent. |
How we use your data
We will only use your data in connection with the purposes for which it is submitted, or as otherwise explained on our website or as necessary for us to comply with our legal obligations, as set out in the table above and as set out in any separate contractual document with you.
For example, we may use your personal information to:
- Replying to enquiries you send to us;
- Processing your application and/or facilitate your participation in a training or other event or activity organised by OSC, including collecting feedback from you after the event;
- Where you have specifically agreed to this, sending you marketing communications by email relating to our services which we think may be of interest to you.
When we share your data
We will only pass your data to third parties in the following circumstances:
- Where you have provided your explicit consent for us to pass data to a named third party;
- To other organisations who provide a service to us or you (e.g. banks, payment processing companies, hotels, training centres etc).
- Where we are using a third party purely for the purposes of processing data on our behalf and that third party has appropriate safeguards in place that fulfil our legal obligations in relation to the use of third-party data processors.
- Where we are required to do so by law.
How we store your data
Your personal data will be kept by OSC in a secure environment. We take appropriate precautions to protect all personal information we store, including using encryption and monitoring access to our secure networks and systems.
The data and information of OSC and processed by us are hosted by Infomaniak, secure servers domiciled in Switzerland, complying with European data protection regulations.
Infomaniak is certified ISO 27001, ICANN, MyData.
More information about how Infomaniak secure your data is here:
- https://www.infomaniak.com/en/legal/confidentiality-policy
- https://www.infomaniak.com/en/legal/general-data-protection-regulation
- https://www.infomaniak.com/en/certifications
- https://manager.infomaniak.com/pdfcgu.php/en_GB/52/dpa.pdf
Despite our best efforts to protect your personal information electronically, the security of information sent over the internet cannot be guaranteed and may be illegally intercepted or changed after it has been sent. OSC cannot accept liability for this if this happens.
How long we keep your data
We take the principles of data minimisation and removal seriously. We only ever ask for the minimum amount of data for the associated purpose and we will only retain your personal information for as long as is necessary for the purposes outlined above.
We keep your data for the duration of the service you have purchased and for the next 30 days for administrative purposes and in accordance with legal requirements. After this period, the data will be deleted. We may keep a secure anonymous record for research and analysis purposes.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Where data is collected based on consent, we will seek renewal of consent at least every three years.
Rights you have over your data
You have a range of rights over your data, which include the following:
- Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails).
- You have the right to ask for rectification and/or deletion of your information.
- You have the right to access your information.
- You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.
More information about your legal rights ca be found on the Information Commissioner’s website here: https://ico.org.uk
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us.
Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible, we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
Cookies & usage tracking
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, e.g. remembering your preferences and counting the number of people looking at a website.
We use cookies to collect anonymous information about how people use our website. We use Google Analytics for this purpose.
Google Analytics generates statistical and other information about website usage by means of cookies, which are stored on users’ computers. The information collected by Google Analytics about usage of our website is not personally identifiable.
The data is collected anonymously, stored by Google and used by us to create reports about website usage. Google’s privacy policy is available at http://www.google.com/privacypolicy.html.
Note about Internet service providers
OSC reminds visitors that most Internet service providers maintain records of all URLs visited by their customers. Visitors should contact their Internet Service Provider for more information.
Modifications
We may modify this Privacy Policy from time to time and will publish the most current version on our website. Please visit this website section periodically to keep up to date with the changes in our notice. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and is affected.