Martin Gilbraith Associates Ltd. (UK registered company #08583435) is what is known under the EU General Data Protection Regulation (GDPR) as the ‘Controller’ of any personal data that you provide to us. Our Data Protection Officer is Martin Gilbraith.
What data we collect
We only collect limited, basic personal data which does not include any sensitive or special types of data, or location based data. It does include names and contact information such as email, address and phone number, and details of any services that have been delivered or for which enquiries have been received.
Why we need this data
We need to know such basic personal data in order to provide our facilitation, training and consulting services in line with our contracts with our clients, and in order to conclude such contracts for services. This includes pro bono services such as our free facilitation webinars. We do not collect any personal data that we do not need to provide such contracted services.
How we collect the data
We do not maintain any marketing or newsletter distribution list for you to opt in to, but you are invited instead to opt in to follow our blog, and to follow, like and connect with us via other social media including Twitter, Facebook and LinkedIn.
For details of how cookies are used on this WordPress site see the Jetpack cookies policy.
What we do with the data
We use personal data in order to communicate personally with those that we work with and with those who have expressed an interest in our work.
The personal data we collect is processed by us in the UK, however for the purposes of IT hosting and cloud services it may be located on servers within the European Union or elsewhere. We will not transfer personal data outside of the European Economic Area (EEA) without complying with the relevant provisions of the Data Protection Legislation in respect of such transfer, and we do not use cloud services that do not comply with those provisions.
We store personal data securely on encrypted devices protected from viruses and malware, and in cloud services making use of strong passwords and two-factor authentication where possible. Paper copies of accounting records are held in our office in London.
We sometimes share very limited personal data with our own Associates, and with partners such as ICA:UK, for example when Associates deliver services on our behalf and when we deliver ICA:UK training courses independently or in partnership with ICA:UK.
We do not sell or otherwise share your data with third parties, and no third parties have access to your personal data unless the law allows them to do so.
How long we keep the data
We are required under UK tax law to keep accounting records including basic personal data for a minimum of 6 years, after which time time it will be deleted.
Other personal data for communications purposes may be kept until you notify us that you no longer wish to hear from us. In that case, please contact me at any time and I will be ready to delete your data on request.
What are your rights?
If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. If you would like to make such a request, or raise a complaint on how we have handled your personal data, please contact our Data Protection Officer who will investigate and respond – contact me.
If you are not satisfied with our response, or if you believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).