External Contacts Privacy Notice
Stride Treglown takes data protection and privacy very seriously. We are making continual improvements to our processes and policies, ensuring our employees understand their roles and the requirements that we must meet as an organisation.
This Privacy Notice explains how we handle and process data that relates to External Contacts (i.e. non-employee data). If you have any questions or concerns, please contact our Data Protection Team (DataProtectionTeam@stridetreglown.com)
This External Contacts Privacy Notice sets out what personal data Stride Treglown holds about you, how we collect it, and how we use it for the performance of contracts and marketing. It applies to anyone in our contacts database.
Please note: we will not necessarily hold, use or share all of the types of personal data described in this Privacy Notice. The specific types of data about you that we will hold, use and share will depend upon our professional relationship with you.
We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any additional information that we might give you about how we collect and use your personal data.
This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation comes into force. It does not give you any contractual rights. We may update this Privacy Notice at any time.
Who is the controller?
Stride Treglown (Promenade House, The Promenade, Clifton Down, Bristol, BS8 3NE) is the “controller” for the purposes of data protection law. We are responsible for deciding how we hold and use your personal data.
Our Data Protection Lead is Jason Pitchers. He is responsible for advising us on our data protection law obligations and monitoring our compliance.
Jason leads a wider Data Protection Team consisting of the Board of Directors and representatives from HR, Marketing and IT. You can also contact them if you have any questions or concerns about data protection.
What is personal data?
‘Personal data’ means any information that could identify you, for example:
- National Insurance number
- employee number
- email address
- physical features.
It can be factual (e.g. contact details or date of birth), an opinion about your actions or behaviour, or information that may impact you in a personal or business capacity.
Data protection law divides personal data into two categories:
- ordinary personal data
- special category data: any personal data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data).
What type of personal data do we hold about you?
We collect, hold and use the following types of ordinary personal data about you:
- Biographical information including your name, title, contact details.
- Publicly available information about you, such as your business social media presence.
- Lifestyle information including but not limited to interests.
- Events that you have attended with us or with an employee of Stride Treglown.
And why do we hold it?
If you have consented, we may your personal data for the following reasons:
- To invite you to one of our networking events.
- To send you post-event follow up information.
- To invite you to join a WhatsApp group. You will never be added to one without consent.
- To share with our PR consultants if they are organising an event on our behalf. They do not have permission to share your details with any other parties, and are contractually obliged to only use your data for the specific event.
- To share your details with other event organisers, for example, if there is a joint event hosted with other companies.
We may also use your information if:
- An external event provider (e.g. AUDE), has shared your details with us, we may use those details to send you an opt-in request.
- At a public event, we may ask for your details as part of a promotional activity. We will use these details to contact you if you have won. Such promotional activities will be covered by this privacy notice and we will require you to agree to this before entering.
- To ensure that the events we invite you to are relevant, we may filter your details by sector, service, projects that you have worked on with us or lifestyle information.
- We will only send you these if we have received your consent
- We may use your name and email address to send you our latest news.
- To ensure we only send you relevant, tailored content, we may filter your details by sector, service, or projects that you have worked on with us.
- Photography and video is a key part of our marketing and communications. We may use a photograph or video of you within promotional content. We will only use these with explicit consent which would be associated with a single article. We would gain your explicit consent whenever this article was used.
- We may ask you for your opinion on current events, market affairs, trends, projects or for feedback on our own service. This could be used to help improve our business performance, or for an external marketing campaign. In this instance, we may require your personal details. If such research does take place, it will have its own privacy notice associated, which you would need to agree before taking part. We will only use these with explicit consent which would be associated with a single article. We would your explicit consent whenever this article was used.
- We may keep a record of your social media handles to help us keep your personal data up to date. For example, LinkedIn, which will show us that you have moved company.
What are our legal grounds for using your personal data?
- We need it to undertake a project (Performance of Contract), because you are a member of the external team on one of our project .
- We need it to comply with a legal obligation (Legal Obligation), e.g. if you are a member of the external team on one of our projects we are required to retain your details for the duration of the contract i.e. for 6 years for a signed contract or 12 years for a contract signed under deed or under seal.
- You have granted consent (Consent) that we may process your personal data to provide you with newsletters or event invitations.
What type of special category personal data do we hold about you? Why? And on what legal grounds?
We will only collect, hold and use limited types of special category data about you, as described below.
Since special category data is usually more sensitive than ordinary personal data, we need to have an additional legal ground (as well as the legal grounds set out in the section on ordinary personal data, above) to collect, hold and use it.
The additional legal grounds that we rely on to collect, hold and use your special category data are explained below for each type of special category data.
Criminal records information/DBS checks
Due to our work with education providers (Schools, Colleges and Universities), Ministry of Justice and Ministry of Defence we may ask you to complete a DBS or Security Clearance.
For the majority of our External Contacts we do not collect this data. However, should our clients require you to have these checks to enter their premises or work on their projects we will inform you.
In the context of the Performance of Contract we will use this information to assess your suitability to form part of an External Team for projects where these checks need to be in place e.g. schools, MOD schemes etc.
Our additional legal ground for using this information is that of Legal Obligation.
How do we collect your personal data?
You provide us with most of the personal data about you that we hold and use, for example on a business card, email signature or through verbal discussions.
Some of the personal data about you that we hold and use is generated from internal sources following a Business Development meeting. For example, we may record that you enjoy cycling or that you have particular sector experience.
Some of the personal data about you that we hold and use may come from external sources. We may also obtain information about you from publicly available sources, such as your LinkedIn profile or other media sources.
Who do we share your personal data with?
We will not share your personal data with anyone, with the exception of;
- Our PR consultants if they are organising an event on our behalf. They do not have permission to share your details with any other parties, and are contractually obliged to only use your data for the specific event.
- Other event organisers, for example, if there is a joint event hosted with other companies.
- Facilitators of our group mailing, to which you have consented, who shall have demonstrated GDPR compliance.
We share any of your personal data that is relevant, where appropriate, with our legal and other professional advisers, in order to obtain legal or other professional advice about matters related to you or in the course of dealing with legal disputes with you or your company.
Our legal grounds for sharing this personal data are that: it is in our legitimate interests to seek advice to clarify our rights/obligations and appropriately defend ourselves from potential claims; it is necessary to comply with our legal obligations/exercise legal rights in connection with contract; and it is necessary to establish, exercise or defend legal claims.
How long will we keep your personal data?
If you are involved with a project(i.e. part of an external team), we are required to retain your details for the duration of the contract i.e. for 6 years for a signed contract or 12 years for a contract signed under deed or under seal. However we may need to retain these for a maximum of 15years, if there are specific legal circumstances associated with a contract that require us to hold your personal data.
If you are not involved in a project but you have provided your consent for us to hold your personal data for the purposes of contacting you for Event invitations or providing you with a copy of our newsletter, then your consent will be requested again after 2 years.
You have a number of legal rights relating to your personal data, which are outlined here:
- The right to make a subject access request. This enables you to receive certain information about how we use your data, as well as to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- The right to request that we correct incomplete or inaccurate personal data that we hold about you.
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to withdraw your consent to us using your personal data. As described above, we do not normally rely on your consent as the legal ground for using your personal data. However, if we are relying on your consent as the legal ground for using any of your personal data and you withdraw your consent, you also have the right to request that we delete or remove that data, if we do not have another good reason to continue using it.
- The right to request that we transfer your personal data to another party, in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
The right to object to a decision based on profiling/solely automated decision-making, including the right to voice your opinion, and obtain human intervention in the decision-making.
If you would like to exercise any of the above rights, please contact Jason Pitchers, our Data Protection Lead at firstname.lastname@example.org, and our Data Protection Team (DataProtectionTeam@stridetreglown.com) in writing.
Note that these rights are not absolute and in some circumstances we may be entitled to refuse some or all of your request.
If you have any questions or concerns about how your personal data is being used by us, you can contact our Data Protection Team.
Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk