Data Controller

For the purposes of this notice the data controller (the party who determines how data will be processed) is GAL Consulting Ltd.  My contact details are as follows: George Lepine, Caigers Cottage, Westergate Street, Woodgate, PO20 3SQ.  You can email us at george@galconsulting.co.uk

Data protection principles

In relation to your personal data,I will:

•Process it fairly, lawfully and in a clear, transparent way;

•Collect your data only for reasons that are proper to the activity that I have been invited or contracted to carry out in ways that have been explained to you;

•Only use it in the ways that I have told you about;

•Ensure it is correct and up to date

•Keep your data for only as long as I need it

•Process it in a way that ensures it will not be used for anything that you are not aware of or have not consented to (as appropriate), lost or destroyed

Types of data I process

We collect the following types of data (this list is offered for illustrative purposes and is not intended to be exhaustive):

•Personal information, including contact details (e.g. name postal address, email address, telephone number and date of birth);

•Information about personal opinions, preferences and interests and about conduct which we have been invited to investigate;

•Educational information (including qualifications and learning and development needs);

•Financial information such as bank details and payment details;

•Company information including employee details, for example when we carry out equal pay audits;

•Characteristics such as age, disability, gender reassignment, marriage and civil partnership, pregnacy and maternity, race, religion or belief, sex and sexual orientation;

•Website usage data including IP addresses when you visit our website.

How we collect your data

I collect data about you in a variety of ways.  This usually starts when you make contact with me by, for example, using the contact page on this website and continues when you email me, write to me or call me and when I engage with you to deliver the coaching, training and development, and other HR related services, for example, audits or investigations that you commission me to provide.

Why we process your data

I process your data to enable GAL Consulting Ltd. to deliver the best possible service that I can tailored to meet your needs and to tell you about the services and products that I offer.

The General Data Protection Regulation requires organisations to consider the legal basis on which the process personal data.  In most cases I will rely on your consent.  To be valid consent must be freely given, specific, informed and unambiguous.  We will always make sure that these criteria are met.  Consent may also be withdrawn at any time.

I will also rely on GAL Consulting Ltd's legitimate interests when, for example, processing your data is necessary to the successful completion of a service that you have invited me to provide or to decisions that I need to make in relation to those services.  I do not believe that this will lead to GAL Consulting using your data in ways that you would not expect or that our legitimate interests are ever likely to override yours.

We may also rely on legal obligation.

Sharing your data

Your data will not be shared with any third parties or used for any purpose other than that which we explicitly agree with you when we contract with you.  I do not transfer data outside the European Economic Area.

Protecting your data

I am aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse.  I have in place appropriate physical, technical and organisational measures to deliver this.

How long we keep your data for

I will only retain your data for so long as it is needed.  Records of recruitment and selection activity for unsuccessful candidates will be retained for six months from the end of the selection process.  Records of coaching and learning and development activity will be kept for two years after the end of the last action that was taken.  Records of our investigations into, for example, disciplinary or grievance matters will be retained for six years.

Personal data related to other activities, such as audits, surveys and questionnaires will be kept only until the activity has been completed to the satisfaction of the client.

When it is no longer required your data will be securely and safely destroyed.

Your rights in relation to your data

You should be aware that you have the following data protection rights:

•The right to be informed. This means that we must tell you how we use your data, and this is the main purpose of this privacy notice;

•The right of access;

•The right for any inaccuracies to be corrected;

•The right to have information deleted, for example, where you believe there is no reason for us to continue processing it;

•The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct;

•The right to portability;

•The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests;

•The right to regulate any automated decision-making and profiling of personal data.

There is no charge for exercising your rights. If you make a request, then I have one month to respond to you. Please contact me at george@galconsulting.co.uk if you want to make a request.
I

Making a complaint

If you have any concerns about my use of your personal information, you can make a complaint to me at george@galconsulting.co.uk.

You can also complain to the supervisory authority in the UK for data protection matters.  If you think I have breached your data protection rights in any way by us, you may make a complaint to the Information Commissioner's Office (ICO).

The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.  Their helpline number is: 0303 123
1113.  The ICO website can be reached at: https://www.ico.org.uk