This privacy notice will help you understand how Wonnacott Consulting Ltd (company no. 13727161), also uses and protects your personal data.
You can contact our voluntarily appointed Data Protection Officer at [email protected] if you have any concerns or wish to exercise your rights.
Wonnacott Consulting never forget it’s your right to total transparency and control on how we use your data. As such we give you these promises:
You have the following rights over any data we hold about you:
You can read more about your rights here.
If you would like to uphold your rights then please contact our Data Protection Officer at [email protected]
If you are in dissatisfied with our response you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns/
We collect information about you in the following ways:
We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us. Typically, data elements we collect is restricted to:
Calls may also be recorded for information holding, quality and training purposes.
The primary legal basis that we process your data is for the fulfilment of Contract. Normally this means an Contract with your employer.
The information that we collect is essential for us to be able to carry out the services that you require from us effectively.
Data gained from marketing our services or other business activities are processed for our Legitimate Interests.
Data is processed/stored mainly on encrypted cloud services such Microsoft 365 including Azure. We only store “special categories of data” on our platforms that demonstrate high standards of security.
In some cases the services we provide utilise our client’s data infrastructure. We will typically not export this data outside of client’s instances unless this is sent to us.
Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA where adequacy decisions are not in place we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that appropriate UK or European Standard Contractual Clauses are entered.
For data transfer between the USA we may rely on the Data Privacy Framework or the UK Extension Data Bridge. We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held.
All our processes are subject to various internal policies to ensure that your data privacy and security is upheld.
We process your data for several reasons:
We always ensure we have a “legal basis” to use your data for the purpose we have collected it for.
We do not actively share your data with any others. We may need to disclose your personal information where we:
Our website and other materials sent to you may contain links to other third party websites. We’re not responsible for the content or your data privacy these sites provide through their tools or sites.
Dependant on the data you provide us and for what purpose it is provided we may need to retain your data based on your journey with us. Typically, we will retain data for 6 years following the last engagement with us.
If we are processing data as part of working on clients data we will delete the data we hold no more than 90 days from completion of the project or end of contract, whichever happens later.
If you wish to find out more about your specific data retention, please contact us.
We seek to uphold our legal obligations as covered by the Data Protection Act 2018, General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations. Our Data Protection Authority is designated as the Information Commissioners Office (UK) (Registration ZA828834).
Due to our global reach, we do not warrant compliance with all legal obligations in countries that we operate in outside of the UK.