Nahira Consultancy Privacy Notice
(last updated May 2018)
Introduction
Nahira Consultancy is committed to protecting the privacy of clients and contacts, and the transparent use of any information you supply in accordance with our legal obligations.
This Privacy Notice sets out how we collect, use and protect your personal information, and your rights in relation to your personal data, which is any information that could be used to identify you as an individual.
In this notice, use of the terms, “we”, “us” and “our” refer to Nahira Consultancy.
Who we are?
The Data Controller is Janet Ormerod, Nahira Consultancy, First Floor Flat, 39 Worcester Villas, Hove BN3 5TA
We are the ‘controller’ of personal data collected and used by Nahira Consultancy for the purposes set out in this Privacy Policy. This means we are responsible for deciding how and why your data is used and for ensuring your data is handled legally and safely.
How we use your personal data
In this section we have set out:
· The general categories of personal data that we may process
· In the case of personal data not obtained directly from you, the source of that data
· The purposes for which we may process personal data
· The legal bases of the processing
1. Service and Enquiry Data
We may process your personal data which is supplied while using our services, which may include name, email address, job title, organisation name, postal address and telephone number. We will use this information for the purposes of communicating with you regarding any business we are conducting with you.
The legal basis of this processing is the performance of a contract between you and us, or steps taken to enter into such a contract.
Any information contained in an enquiry you submit to us regarding services may be processed for the purpose of offering, marketing and selling relevant services to you. The legal basis for this processing is our legitimate interests, namely the proper administration of our business.
Information (including contact details) that you supply to us about yourself, whether via our website, by email, or by other means, will be securely stored by us.
2. Data supplied by clients for services
As a client, use of our services may require that you send us personal data pertaining to your supporters, for example to enable us to undertake support and training on the Donorfy fundraising CRM software.
The legal basis of this processing is the performance of a contract between you and us, or steps taken to enter into such a contract.
In this instance we will make available, if required, a copy of our Data Processing Agreement, which may be signed by both parties.
Under this agreement, the following measures are included:
· We will only process the data to complete agreed services
· Both parties have agreed appropriate technical and organisational measures to ensure a level of security appropriate to the risk
· We will not involve any third party in the processing of the data without your consent
· We will suggest a secure method for transferring your data to us
· All data you send to us will be treated in confidence
· Your data will not be transferred or held by us outside of the UK
· At your request we will safely delete or return the data at any time, and we will in any event, safely delete the data at the end of the services
3. Customer Relationship Data
We may process information relating to our customer relationships, which may include name, email address, job title, organisation name, postal address and telephone number, and information contained in communications between us and you or your employer. The source of the data is you or your employer.
The data may be processed for the purpose of managing relationships with customers, communicating with customers, and promoting our goods and services to customers.
The legal basis for this processing is our legitimate interests, namely the proper management of customer relationships.
Information (including contact details) that you supply to us about yourself, whether via our website, by email, or by other means, will be securely stored by us.
4. Data we collect for research and profiling
In addition, we may use research to analyse the market we work in, and find information on prospective clients using publicly available information, for example;
· Public Registers: Companies House, Trade & Industry References, Professional directories, Charities Commission
· Print and broadcast media; newspapers (The Telegraph, The Times and Sunday Times, City AM), magazines
· Internet; general google searches, company websites, online-only articles, social media, linkedin.com
5. Email Marketing
We may use email marketing to communicate with customers and prospects and to promote our services. We use MailChimp for this purpose, please see their website for details of privacy policy, unsubscribe policies. Data is supplied via the MailChimp sign-up form and may include name and email address. You can use the opt-out button at the bottom of emails to opt out at any time,or contact us directly.
The legal basis for this processing is consent to receive marketing communications.
6. When do we share personal data?
We treat personal data confidentially and do not share with any third parties without your explicit consent.
7. How do we secure personal data?
Files and emails are stored within the Microsoft Office 365 cloud. We use laptop, PC and phone to access information, with the recommended security employed for each device.
Contact information, such as name, email, role, organisation address and phone number, may also be stored on a business CRM system called Insightly, a cloud hosted system.
8. How long do we keep your personal data for?
Personal data that is processed for any of the purposes described in this notice shall not be kept for longer than is necessary for that purpose.
As a general principle, data relating to services provided, enquiries and customer relationships will be kept for a maximum of three years following the final date of contact. Data collected for research and profiling purposes may be kept indefinitely.
Financial data relating to services provided will be retained for six years.
All information is destroyed securely, using a shredding service for paper documents and File Shredder or equivalent for electronic files.
9. Your rights in relation to personal data
We will always try to ensure that the data we hold is up to date, reasonable and not excessive. You have the right to:
· Request a copy of the information we hold about you (Subject Access Request)
· Update or amend the information we hold about you
· Change your communication preferences at any time
· Ask us to remove your personal information from our records
· Withdraw consent where consent has been given
· Object to the processing of your information for any of the purposes outlined above
10. ICO Registration and How to contact us
We are registered with the ICO as a Data Controller, please see details via the ICO website, www.ico.org.uk
If you have any questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint, please contact Janet Ormerod by:
Email: janet@nahiraconsultancy.com
Or in writing at: 39 Worcester Villas
Hove
BN3 5TA