If you have any concerns, please feel free to contact us at email@example.com.
About Change Frontier
The personal information we collect, how we collect it, and why
Personal information means any information about an individual from which that individual can be identified. The following shows information we process about you, and the purpose for which we process that information. There may be more than one reason for which we collect such information and we have only listed the main reasons. If you would like further information, please contact us at firstname.lastname@example.org.
Basic Personal Information which you provide to us
When you use or purchase our Services, we may collect some or all of the following basic information from you:
Title, Name, Email, Address, Telephone number, Job role/Position
We collect this information so that we can personally and uniquely identify you, address you, personally communicate with you as part of our Services, confirm eligibility for them, and where applicable, customise our Services for you.
Information we may collect automatically
When visiting or using our Website or our Services generally, we may automatically collect some or all of the following types of information:
Unique customer number, IP address, email address, customer username.
We collect this information so that we can deliver a more personalised, tailored service, and so that we can continue to understand our customers and develop our Services over time.
We may also use any or all of the above information to establish, exercise and defend our legal rights.
In respect of all the personal information we collect, our overarching purpose is to enable us to deliver the best management consultancy service to our customers. We want all of our customers' information to be secure, but also visible to us so that we can provide them personalised customer service and a customised experience.
Our legal basis for processing personal information
We only ever use your information in line with applicable data protection laws - in particular, the EU General Data Protection Regulation 2016/679 ("GDPR") and the Data Protection Act 2018 ("DPA") (together, the "Data Protection Legislation"). In short, this means we only use it where we have a legal basis to do so. Under the Data Protection Legislation, these are the general legal bases for which we process your personal information, as detailed in the table above:
Consent - you have given us consent to process your personal information for a specific purpose that we have told you about.
Performance of our contract - processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
Legitimate interests - processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests (including where processing is required to comply with or enforce a legal obligation).
When do we disclose your personal information?
We may disclose your information for certain purposes and to third parties, as follows:
Third Party Providers: We use certain companies, agents or contractors ("Third Party Providers") to perform services on our behalf or to help deliver our services to you. We may contract with Third Party Providers, for example, software or business services for customer relationship management (CRM) and other reasonable things which may become necessary in the course of running our business. In the course of providing such services, these Third Party Providers may have access to your personal information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.
You can change your marketing preferences we have for you at any time by emailing email@example.com. If you choose not to receive this information we will be unable to keep you informed of new services and promotions that may interest you.
As detailed above, we may send you communications such as those which relate to any service updates (e.g. service availability) or provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can and to grow our business.
How long do we store your personal information?
We keep your personal information for only as long as is necessary to provide you with our Services and for our legitimate and necessary business purposes. Such purposes might include maintaining the high standards of service which we strive to uphold, making decisions on how progress our offering, complying with applicable legal obligations, and resolving any disputes which arise in the course of our business.
We are legally required to retain financial and transaction data for a minimum period of 7 years for tax, audit and accounting purposes.
If we have an unresolved issue with you, then we will retain your personal information until the issue is resolved.
Any Third-Party Providers that we engage will keep your personal information stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any third-party providers, we will make sure that they securely delete or return your personal information to us.
We may retain personal information about you for statistical purposes. Where information is retained for statistical purposes it will always be anonymised, meaning that you will not be identifiable from that information.
Security of your personal information
We are committed to securing and protecting your personal information, and we make sure to implement appropriate technical and organisational measures to help protect the security of your personal information. We implement policies to guard against unauthorised access and unnecessary retention of personal information in our systems.
Unfortunately, the transmission of your personal information via the internet is not completely secure and although we do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us over the internet and you acknowledge that any transmission is at your own risk.
You must be 16 years of age or older to use our Services.
We do not knowingly collect personal information from individuals under 16 years of age. If you are under that age limit, then please do not use or provide any personal information to us.
If you are a parent or legal guardian of a child under the applicable age limit, and you become aware that your child has provided his/her personal information to us, please contact us at firstname.lastname@example.org. If we learn that we have collected personal information of a child under the age of 16, then we will take all reasonable steps to delete that information from our systems.
In any case, we will only process personal information in line with GDPR and our legal obligations.
Your rights and choices
Under the Data Protection Legislation, as a user of our Services, you are entitled to certain rights. There are circumstances in which your rights may not apply. You have the right to request that we:
provide you with a copy of the information we hold about you;
update any of your personal information if it is inaccurate or out of date;
delete the personal information we hold about you - if we are providing services to you and you ask us to delete personal information we hold about you then we may be unable to continue providing those services to you;
restrict the way in which we process your personal information;
stop processing your data if you have valid objections to such processing; and
transfer your personal information to a third party.
For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us at email@example.com.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
As explained in the section on Communications, you have the right to ask us to stop processing your personal information for such purposes. Please note that we reserve the right to charge a fee for responding to requests where we reasonably determine that they are manifestly unfounded or onerous or being made in bad faith.
If you have any questions or concerns about how we handle your personal information, please contact us by email to firstname.lastname@example.org.
If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner's Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal information and privacy.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
This policy was last updated in December 2020.