This GDPR Data Privacy Notice, which incorporates our Website Terms and Conditions at Section 13, sets out the policy basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the Notice carefully to understand our views and practices regarding your personal data and how we will treat it. The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
1. Definitions: Data controller - A controller determines the purposes and means of processing personal data. Data processor - A processor is responsible for processing personal data on behalf of a controller. Data subject – Natural person Categories of data: Personal data and special categories of personal data Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs. Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. Who are we? Eames HealthTech is the data controller. This means we decide how your personal data is processed and for what purposes. We are committed to protecting and respecting your privacy.
3. The purpose(s) of processing your personal data We may use your personal data for the following purposes: • To understand your business requirements and determine any services to be offered/provided. • To provide you with any information requested or deemed appropriate by us regarding our consultancy services. • To send our proposal/quotation/bid/tender/contract/terms and conditions for appropriate services. • To fulfil any contractual obligations entered into between us and yourselves. • To send you our services invoices and any necessary payment reminders. • To keep our website secure and avoid fraud. • To handle any ongoing enquiries and any complaint which you have regarding our services. • To provide you with occasional service updates which are non-marketing in nature.
4. The categories of personal data concerned With reference to the categories of personal data described in the definitions section above, we process the following categories of your data: • Personal data – which may consist of name, job title, email address, mobile telephone number, telephone number, address, financial information, online identifiers – which include IP addresses and cookies. We do not collect special categories of data. By communicating with us/ contacting us - either by telephone, email, our website email links or other website contact mechanisms you provide personal data which we may collect, store and use. We may also have obtained your personal data through publically accessible sources – such as your business website, internet searches, social media and credit searches
5. Our lawful basis for processing your general personal data is: Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
6. Sharing your personal data & disclosure Your personal data will be treated as strictly confidential. We may disclose your information to any of our employees, officers, insurers or professional advisers insofar as reasonably necessary for the purposes set out in this Notice. We may also disclose your information: • If required or permitted to do so by law. • If required to do so by any court or any applicable regulatory, compliance, governmental or law enforcement agency. • If necessary in connection with legal proceedings or potential legal proceedings.
7. How long do we keep your personal data? We keep your personal data for no longer than reasonably necessary. We do this in order to make future contact to assess impact of our consultancy work or maintain contact to advise on availability of additional/ new services or in case of any complaints or legal claims.
8. Your rights and your personal data Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: • The right to request a copy of the personal data which we hold about you (we may charge you for this, in accordance with the law). • The right to request that we correct any personal data if it is found to be inaccurate or out of date. • The right to request your personal data is erased where it is no longer necessary to retain such data. • The right to request that we provide you with your personal data and, where possible, to transmit that data directly to another data controller, (known as the right to data portability). • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing. • The right to object to the processing of personal data, (where applicable) i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
9. Transfer of Data Abroad We do not transfer personal data outside the EEA.
10. Automated Decision Making We do not use any form of automated decision making in our business.
11. Further processing If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
12. Keeping your information safe We will take reasonable precautions (physical, managerial and electronic) to prevent the loss, misuse or alteration of your personal information. We will store your personal information in password-protected, encrypted IT systems.
14. How to contact us or make a complaint To exercise all relevant rights, queries or complaints please in the first instance contact firstname.lastname@example.org this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office.