Keeping things private

This privacy notice explains in clear language, how Purple Square Consulting Ltd uses the personal information we collect about you, either through using our website, or in any other way, electronically, verbally or in writing.

Data controller

Purple Square Consulting Ltd, is a data controller and Melanie Addison, Operations Director, is Purple Square Consulting Ltd’s nominated Data Controller. Melanie can be contacted by email at melanie.addison@purplesquareconsulting.com or telephone number +44 (0) 20 7340 8774 . Our Data Protection Officer can be contacted at dataprotection@caps-ltd.co.uk

Basis for collecting your data? (lawful processing)

Data privacy law defines the basis by which we can lawfully collect and process personal data. For our data processing purposes, we have determined the following:

To enter into or in pursuance of a Contract: 

We will collect personal data when engaging with individuals to enter into a contract, such as an employment contract or commercial agreement. We will continue to process that data for the duration and often subsequently after the contract expires or is terminated.

Legitimate Interest:

We will collect and process personal data where it is in the legitimate interest of Purple Square Consulting Ltd to do so. Specifically, we use legitimate interest in relation to our clients and prospective clients in order to identify prospective clients and if engaged, we continue to process personal data to manage our commercial relationship. This will include but not limited to the continued processing (retention) of records of our transactions and interactions. A Legitimate Interest Assessment (LIA) has been conducted to ensure that the legitimate interests of the organisation does not outweigh that of the data subject.

The data collected will not be used for any unlawful or unethical purpose.

Marketing

Purple Square Consulting Ltd undertakes marketing activities in order to inform prospects of marketing software solutions and how we can help their organisations become more efficient with their marketing. We would like to keep them all informed of events, webinars that we feel would be beneficial for data subjects to be aware of.

We conduct business to business (B2B) marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. In order for us to comply with the PECR and the General Data Protection Regulations we have conducted a Legitimate Interest Assessment (LIA) to ensure our marketing activities do not put at risk, the rights and freedoms of data subjects. This LIA will be reviewed regularly as we undertake marketing campaigns.

As we conduct B2B marketing, we do not require consent, however, as a data subject receiving these communications via email, you have the right to object to receiving marketing material and will have the option to opt out on every marketing email you receive. Our commitment is to cease the transmission of marketing emails to any data subject who opts out with immediate effect.

Recipients of data and data transfers

Personal information is shared with third party service providers (processors). Purple Square Consulting Ltd utilises ‘cloud hosted’ services to conduct business and provided services such as support desk. We also share personal data with service providers such as accountants, payroll providers and insurance brokers.
Data is transferred within the EEA and the USA. The USA’s ‘Privacy Shield’ data protection framework has been approved by the EU data protection working party to process EU citizen personal data.

Sensitive information

Purple Square Consulting Ltd does not process sensitive data as defined by Article 9 of the GDPR.

Categories and type of personal data collected

Purple Square Consulting Ltd processes non-sensitive data.
For our staff we process:

  • Name
  • Address
  • Phone number
  • Email Address
  • Gender
  • References
  • CV
  • Signature
  • Appraisals
  • Annual leave
  • Disciplinary
  • Tax/ NI
  • Bank account details
  • Pension details
  • Accreditation
  • Photograph
  • DBS Check
  • Passport details
  • Name of emergency contact
  • Phone number of emergency contact
  • Relationship of emergency contact

We process the following data of our clients:

  • Name
  • Address
  • Phone number
  • Email address
  • Signature
  • Fax Number
  • Preferred Name

We process the following data of trainees who attend our courses:

  • Name
  • Address
  • Phone number
  • Email address
  • Record of Attendance
  • Course dates

We process the following data of our Associate Consultants:

  • Name
  • Address
  • Phone number
  • Email address
  • Date of birth
  • Reference
  • CV’s
  • Signature
  • Passport
  • Bank account details
  • DBS Check

We process the following data of our Suppliers:

  • Name
  • Address
  • Phone number
  • Email address

In addition, we collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or other any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this communications data to enable and improve our communication and for record keeping purposes.

We also act as Data Processors for 3rd party’s and as such, we will be requested to access and process personal data on behalf of those data controllers within the binding written agreements established between the two organisations. The agreements dictate how we process the personal data, including the retention and disposal. We are also bound by these agreements to assist the data controller is honouring the data subject rights.

The data we collect from our data subjects is obtained directly from the data subject themselves or is obtained from sources such as social media platforms. Please see our Cookie Policy for information on the data collected by our website.

Retention policy

The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC rules. Outside of that Purple Square Consulting Ltd has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.

Data storage and security

We store data within our electronic cloud hosted systems including our email system. We do keep a small number of paper records. Minimal personal data is stored on company IT equipment including smartphones. Security of data is provided by the accreditation’s of our cloud hosts and IT support provider, this includes data backup regimes.

All laptops have industry standard firewalls, antivirus and anti-malware installed and updated. Company laptops are encrypted. We have a process in place to mitigate the impact of any data breach that should occur.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. Purple Square Consulting Ltd is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/.

  • The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information.
  • Right of Access – you have the right to know what personal information is held, by whom and why.
  • The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
  • Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
  • Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
  • Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
  • Right to Object – You have the right to object to profiling and direct marketing.
  • You also have rights in relation to automated decision making.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk.

Automated decision making

Purple Square Consulting Ltd does not conduct any profiling or automated decision making.

Third party websites

Our website may contain links to other websites. This privacy policy only applies to Purple Square Consulting Ltd, so if you follow a link to another website, you should read that organisations own privacy policy.

Changes to our privacy policy

We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in May 2018

How to contact us

You can write to us at this address:
Purple Square Consulting Ltd
111 Buckingham Palace Road,
London,
SW1W 0SR,
United Kingdom

or

Purple Square Consulting (Australia) Ltd
Level 33,
264 George Street,
Sydney,
2000,
Australia

You can email us by using this link:
privacy@purplesquareconsulting.com