This privacy policy sets out how AARRAN Co. (herewith termed Company) uses and protects any information that you give Company when you use this website and/or our services.
The Company is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
The Company may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This latest revision of this policy is effective from 25th May 2018 and is in line with the latest information from the General Data Protection Regulation ("GDPR") regulations.
In addition to website traffic data, this policy describes how we collect and use personal data about you during and after your time as our client, supplier or stakeholder. It also sets out how we use that information, how long we keep it for and other relevant information about your data. This notice applies to current and former clients.
Data
What Data We Collect
Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
For general website traffic, we may collect the following information:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
For our Consultancy and Professional Business services we may hold many types of data about you, including:
- Your name, address, date of birth, email address and phone numbers.
- Banking or financial information used for processing orders / contracts
- Voicemails that are left on our telephone system
- The content of letters and emails you send to us
- Information submitted through our website
- Cookie data
- Education, professional and CV details
- Images supplied to us for use in our service delivery
- Evidence of your right to work in the UK.
Special Categories of Data
There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. We do not hold any of this information. This would include details of your:
- Health
- Sex life
- Race
- Ethnic origin
- Religion
Special categories of data must be processed in accordance with more stringent guidelines and the following will apply:
- you have given explicit consent to the processing (on our initial contract forms)
- we must process the data in order to carry out our legal obligations
- we must process data for reasons of substantial public interest
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service.
How we Collect Your Data
We collect data about you in a variety of ways and this will usually start when you make an enquiry to the Company and continue when you attend your first and subsequent meetings. The Company keeps electronic records used via emails and smart phone communications. Personal data, paper consent forms and contractual records are stored in a locked, secure records room. Access to this room is secure and is accessible only to Company Managing Director.
Why We Process Your Data (How We will use information about you)
The law on data protection allows us to process your data for certain reasons only, these are classified as legitimate interests. Most commonly, we will use your personal information in the following circumstances:
- in order for us to carry out our contract with you (your requesting work and our agreement to provide it constitutes a contract) which will include confirming commercial and technical information, informing you of progress of work, delivery said work and progress meetings.
- in order to carry out legally required duties
- where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests
We may use your personal information in these rare situations:
- where we need to protect your or someone else’s interests
- where it is needed in the public interest or for official purposes Situations in which we will use your personal information We need all the categories of information to primarily allow us to perform our contract obligations and to enable us to comply with legal obligations.
If you do not provide your Data to us
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract with us. If you do not provide us with the data needed to do this, we will be unable to perform that care to ensure your best interests are being maintained.
Change of Purpose
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated Decision Making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Sharing Your Data
Your data will be shared with colleagues within the Company but only where it is necessary for them to undertake their duties. This includes, for example, employees and other consultants working for, or on behalf of the Company in the future.
How Long We Keep Your Data For
In line with data protection principles, we only keep your data for as long as we need it for. To determine any appropriate retention period for personal data beyond eight years we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner that maintains data security. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. YOUR DUTY TO INFORM US OF CHANGES It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us. YOUR RIGHTS IN RELATION TO YOUR DATA The law on data protection gives you certain rights in relation to the data we hold on you.
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. Find out how to do this from our HR department
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it.
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice. We also must inform you of any changes to how we use your data.
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- the right to portability. You may request transfer the data that we hold on you for your own purposes. If you want to access your data, review, verify or correct your data, request we erase your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Company Managing Director following discussion a written letter will need to be received.