Privacy and Data2Action
We take the privacy of your information very seriously and by using our services you are accepting and consenting to our processing and use of your data as contained within this privacy notice.
This privacy notice applies between you, the user of our services and Data2Action Ltd who are the owner and provider of those services.
Please read this document carefully to understand our views and practices regarding your personal data and how we will treat it. If you have any questions, our contact details can be found at the end of this form.
Scope of this privacy notice
This privacy notice applies only to the actions of Data2Action and Users with respect to the services provided by us. It does not extend to any other services or websites that can be accessed from this website including any links we may provide to social media websites.
Who we are
Data2Action are a consultancy business who specialize in helping businesses commercialise the value of their data. We are operational specialists and also accredited GDPR practitioners.
We are registered in England and Wales and our company number is 108663654. Our contact details can be found below.
Why we need your data and what we collect
We provide consultancy services to businesses and as a result need to collect the following data, which may include personal data, from you:
- Contact Information such as
- email addresses
- postal addresses
- telephone numbers.
We also, on occasion, collect credit and debit card details however please note that any credit/debit card payments will be processed through our trusted service partners and Data2Action will not retain nor store these details (more on this later).
We have a website which we use to promote our products and services. We periodically analyse the traffic through our website and as such we will collect the following:
- IP address
- geographical location
- browser type and version
- operating system & referral source
- length of visit
- page views & website navigation paths
- And any other information about the timing, frequency and pattern of your service use.
How we use your data
We are a “data controller” as defined by data protection regulations.
We will use your data for the following reasons:
- to provide our consultancy services to you
- for internal record keeping
- for analysing and improving our services
- for transmission of promotional materials that may be of interest to you
- for contact for market research purposes
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
in each case, this will be in accordance with this privacy notice.
Our legal basis for processing your data
We are required to advise you of our legal basis for processing your data. Data2Action collects and uses customers’ personal data because is it necessary for:
- the purposes of performance of a contract for the sale of our services (to which you are party) or in order to take steps at your request prior to entering into a contract
- the pursuit of our legitimate interests (as set out below) or
- to comply with our legal obligations.
We may also seek your consent for processing and if we do, you have the right to withdraw this at any time. However, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers.
Our legitimate interests
Data2Action has a legitimate interest to process your personal data in order to fulfil the following:
- selling and supplying services to our customers
- protecting customers, employees and other individuals and maintaining their safety, health and welfare
- promoting, marketing and advertising our services
- understanding our customers’ behaviour, activities, preferences, and needs
- improving and developing our services
- complying with our legal and regulatory obligations
- handling customer contacts, queries, complaints or disputes
- protecting Data2Action, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Data2Action
- effectively handling any legal claims or regulatory enforcement actions taken against Data2Action; and
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
Retention of your data
We will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of data. Data retention periods maybe legally imposed upon us or we may need to retain data to protect the vital interests of you or another natural person. However the longest we will normally hold any personal data is 6 years after which time it will be deleted from our systems
Providing your personal data to others
In order to make certain services available to you, we may need to share your personal data with some of our trusted service partners. These include IT, delivery, marketing and other professional service providers.
Data2Action only allows its service partners to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We will impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Data2Action and to you, and for no other purposes.
All credit or debit card transactions relating to our services (incl website) are handled by our payment services providers, Paypal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at:
Your data will be encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All payment service providers adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Data2Action will not disclose your personal data to any other third party, except as set out above. We will never sell or rent our customer data to other organisations for marketing purposes.
You have a number of rights over your data as covered by data protection law. We have produced a short summary of these rights (below) however full details can be found by visiting the Information Commissioners Office (ICO) via www.ICO.gov.uk.
A summary of your rights are as follows:
- the right to be informed; before we begin processing your data, we will tell you what we need, why we need it and what we intend to do with it. We do this via our Privacy Notice.
- the right of access; You have the right to ask us to provide you with the data we hold about you. This is usually completed via a Subject Access Request.
- the right to rectification; You have the right to have any inaccurate personal data about you rectified and to have any incomplete personal data about you completed.
- the right to erasure; In certain instances you have the right to have your data erased without undue delay. There are however a number of exclusions and details of which can be found by contacting the ICO.
- the right to restrict processing; In certain instances you have the right to restrict the processing of your personal data. However, there are a number of exclusions and details of which can be found by contacting the ICO.
- the right to object to processing; You have the right to object to our processing of your personal data on grounds relating to your particular situation. However, there are a number of exclusions and details of which can be found by contacting the ICO.
- the right to data portability; You have the right to ask us to provide you with the data we hold about you. Where appropriate, we will provide this to you in a structured, commonly used and machine-readable format. This right does not apply where it would adversely affect the rights and freedoms of others.
- rights in relation to automated decision making and profiling. Whilst we don’t undertake these activities, should we decide to change this approach we will adopt suitable procedures and you have the right to understand and challenge these.
We would again stress that the above is not exhaustive and for full details of your rights, please visit the Information Commissioners website at www.ico.gov.uk.
Links to other websites
This website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy notice does not extend to your use of such websites. You are advised to read the privacy notice or statement of other websites prior to using them.
Transferring Information Internationally
We do not currently transfer information collected about you to third parties located in countries outside of the European Economic Area (“EEA”). Countries outside the EEA may not offer the same level of protection for the information collected about you as those inside the EEA. We will at all times continue to collect, store and use your information in accordance with this Privacy notice and the General Data Protection Regulation.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected. Our trusted service provider is Microsoft with whom we have a licence agreement.
If password access is required for certain parts of the website, you are responsible for keeping this password confidential.
We endeavour to do our best to protect your personal data. However, transmission of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your data transmitted to the Website.
We take complaints we receive very seriously. If you consider that we have in some way infringed your rights or data protection law, please let us know and we will do all we can to investigate this. Alternatively, you have a legal right to contact the relevant supervisory authority responsible for data protection. In the case of the UK, this is the Information Commissioners Office. (Telephone – 0303 123 1113 or via email or in writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF).
You may not transfer any of your rights under this privacy notice to any other person. We may transfer our rights under this privacy notice where we reasonably believe your rights will not be affected.
If any court or competent authority finds that any provision of this privacy notice (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy notice will not be affected.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
Changes to this privacy notice
We keep our privacy notice under regular review. We reserve the right to change this privacy notice as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy notice on your first use of the Website following the alterations
How to contact us
If you want to request information about this privacy notice you can email us at firstname.lastname@example.org or write to:
Business and Innovation Centre
Co registration No: 10863654
13th November 2020