GAL Consulting is committed to processing your data securely and transparently. This privacy notice sets out the types of data that we collect, how we use that data, how long we keep it for and it also explains your data protection rights.
For the purposes of this notice the data controller (the party who determines how data will be processed) is GAL Consulting Ltd. Our contact details are as follows: George Lepine, 8, Baylis Crescent, Burgess Hill, RH15 8UP. You can email us at firstname.lastname@example.org
Data protection principles
In relation to your personal data, we will:
•Process it fairly, lawfully and in a clear, transparent way;
•Collect your data only for reasons that are proper to the activity that we have been invited or contracted to carry out in ways that have been explained to you;
•Only use it in the ways that we have told you about;
•Ensure it is correct and up to date
•Keep your data for only as long as we need it
•Process it in a way that ensures it will not be used for anything that you are not aware of or have not consented to (as appropriate), lost or destroyed
Types of data we process
We collect the following types of data (this list is offered for illustrative purposes and is not intended to be exhaustive):
•Personal information, including contact details (e.g. name postal address, email address, telephone number and date of birth);
•Information about personal opinions, preferences and interests and about conduct which we have been invited to investigate;
•Educational information (including qualifications and learning and development needs);
•Financial information such as bank details and payment details;
•Company information including employee details, for example when we carry out equal pay audits;
•Characteristics such as gender, ethnicity, nationality;
•Website usage data including IP addresses when you visit our website.
How we collect your data
We collect data about you in a variety of ways. This usually starts when you make contact with us by, for example, using the contact page on this website and continues when you email us, write to us or call us and when we engage with you to deliver the coaching, training and development, and other HR related services that you invite us to provide.
Why we process your data
We process your data to enable us to deliver the best possible service that we can tailored to meet your needs and to tell you about the services and products that we offer.
The General Data Protection Regulation requires organisations to consider the legal basis on which the process personal data. In most cases we will rely on your consent. To be valid consent must be freely given, specific, informed and unambiguous. We will always make sure that these criteria are met. Consent may also be withdrawn at any time.
We will also rely on our legitimate interests when, for example, processing your data is necessary to the successful completion of a service that you have invited us to provide or to decisions that we need to make in relation to those services. We do not believe that this will lead to us using your data in ways that you would not expect or that our legitimate interests are ever likely to override yours.
We may also rely on legal obligation
Sharing your data
Your data will not be shared with any third parties or used for any purpose other than that which we explicitly agree with you when we contract with you. We do not transfer data outside the European Economic Area.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have in place appropriate physical, technical and organisational measures to deliver this.
How long we keep your data for
We will only retain your data for so long as it is needed. Records of our coaching and learning and development activity will be kept for two years after the end of the last action that was taken. Records of our investigations into, for example, disciplinary or grievance matters will be retained for six years. Personal data related to other activities, such as audits, surveys and questionnaires will be kept only until the activity has been completed to the satisfaction of the client.
When it is no longer required your data will be securely and safely destroyed.
Your rights in relation to your data
You should be aware that you have the following data protection rights:
•The right to be informed. This means that we must tell you how we use your data, and this is the main purpose of this privacy notice;
•The right of access;
•The right for any inaccuracies to be corrected;
•The right to have information deleted, for example, where you believe there is no reason for us to continue processing it;
•The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct;
•The right to portability;
•The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests;
•The right to regulate any automated decision-making and profiling of personal data.
Making a complaint
The supervisory authority in the UK for data protection matters is the Information Commissioner’ Office (ICO). If you think your data protection rights have been breached in any way by us, you may make a complaint to the ICO.