1. Purpose of this Privacy Notice
Since 2018, the EU General Data Protection Regulation (“GDPR”) protects individuals and creates greater transparency for individuals about what happens with their personal data. FireDrake Limited (“FireDrake” or “the Company” or “we” or “us”) will be a “data controller” for the purposes of GDPR.
This privacy notice describes how FireDrake Limited (“FireDrake”, “we”, “us”, the “Company”) uses your personal information when you make contact with us.
This privacy notice tells you:
- How we obtain your personal data
- The type of information we hold
- How your information is used
- Our policy on sensitive information
- Your rights
- How to make a complaint
This privacy notice applies to visitors to the FireDrake Limited website (www.firedrakeconsulting.co.uk).
3. How we obtain your personal information
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made a complaint or enquiry to us
- You have made an information request to us
- You wish to attend, or have attended, an event
- You subscribe to our e-newsletter
- You have applied for a job or contract with us
- You are representing your organisation
- You are requesting permission to access your company’s private area, hosted by us
4. The type of information we hold
Personal information or data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (that is, anonymous data).
If you submit a form on our website or contact us in some way (via email or telephone), we may collect the following personal information:
- Job Title
- Contact information, including email address, phone number, Company you work for and place of work
- Preferences and interests relevant to our products and services
- Any other information you enter in to the form
If accessing your company’s private data via our website, we may need to include the capture of a username and passcode/word.
We will collect, store, use and protect your personal data in a manner that is lawful, legitimate and necessary.
5. Our Policy on holding personal and sensitive information
We will not as a matter of course hold or process “sensitive personal information” as defined by the UK Data Protection Act (the “DPA”) or “special category data” as defined by the General Data Protection Regulation (“GDPR”) for recruitment purposes including as related to your racial or ethnic origin, political opinions, alleged or proven criminal activity, religious and philosophical beliefs, trade union membership, biometric and genetic data, sexual life or any other category of data defined by law as “sensitive personal information” or “special category data”.
6. How your information will be used
We will generally use your personal information in the following situations:
- To provide you with information and/or services that you request from us or which we think may interest you;
- To respond effectively to any communication that we receive from you;
- To carry out obligations arising from any contracts entered into between you and us;
- To improve our products and services;
- To notify you about changes to our services;
- To periodically send promotional emails about new products or other information which we think you may find interesting using the email address you have provided;
- To help us assess the effectiveness of our product development and communication strategy, we may monitor if you open or interact with our marketing emails;
- To protect our rights or property;
- To comply with law or regulation, court order or other legal process
We will only use your personal information when the applicable laws allow us to.
We will retain your personal information for as long as is required for the relevant purpose or purposes for which it is held and processed, and the associated “lawful basis” (which could be based on your consent, to fulfil a contract or other legitimate interest).
If your personal information is included within the emails, these emails may be processed on the servers of an email hosting/service provider who is able to offer IT security at the same level as that which we provide on our own IT infrastructure.
7. Disclosure of your personal information to third parties outside of FireDrake
Other than a transfer to an email service provider or website cloud-based host, we will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required by law to do so.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We will not share your personal information with other parties for the purposes of direct marketing.
8. Our policy on automated decision-making
We do not currently use automated decision making (including profiling) under any circumstances at the moment.
9. Policy on retention personal information
Your personal data will be stored as follows:
- For visitors to the Site – at least three years from the date of our last interaction with you
- For Service provision to any client – at least six years from the date of our last interaction with that client
We may then destroy such files without further notice or liability.
If personal information is only useful for a short period e.g. for specific marketing campaigns, we may delete it.
10. Your rights
Under the General Data Protection Regulation (GDPR), you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
If you have a complaint, you should set out in detail the reason for your complaint with sufficient information to allow us to conduct a thorough investigation. We will acknowledge receipt of your complaint promptly and aim to resolve the matter within 5 days, with more complex complaints possibly taking longer to resolve.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
11. How we protect your personal information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Your personal information will be held within the EEA or held on cloud hosting service outside the EEA if the processor is recognised as having data protection security that meets the requirements of GDPR regulation, more specifically a provider that has certification under the EU-US Privacy Shield Framework (see https://www.privacyshield.gov/welcome).
12. Links to other websites
Our website and our emails may contain links to third party websites which may be of interest to you. We do not have any control over third party websites so we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
13. Non-personal information
Each time you visit this site to read or download information we may collect certain information from your computer's web browser and may include information such as the following ("non-personal information"):
- The type of web browser software you use (for example: Firefox, Internet Explorer, etc.)
- The internet address and name of the domain from which you access the internet
- The internet address of the web site from which you linked directly to our site
- The date and time you access our site
- The pages you have visited on our site
- Information that has been de-identified
If you only read or download information on our site, we do not collect or learn your name, email address, home address or other personal information about you; however, certain non-personal or anonymous information may be passively collected using various technologies, such as cookies, internet tags or web beacons and navigational data collection. Your internet browser automatically transmits to this site some of this anonymous information such as the URL of the web site you just came from, the internet protocol (IP) address and the browser version your computer is currently using.
14. What do we do with non-personal information?
There are no restrictions on the way we can use or share non-personal information. We will use non-personal information to help us ensure that content from our website is presented in the most effective manner for you and your device. We may prepare reports and other materials using non-personal information. Since these reports and materials contain no personal information, we may share them with others.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
There are two kinds of cookies: "session" cookies and "persistent" cookies.
- Session cookies are stored in your computer’s memory and only exist while your browser is open. They are deleted from your computer when you close your browser.
- Persistent cookies outlast user sessions and remain stored on your computer until they reach their expiry date or you delete them.
Cookies do not contain any information that personally identifies you unless you have entered that information into a form on our website. A cookie does not give us access to your computer or any information about you, other than that which you deliberately provide.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
16. Cookies on this Website
We use persistent cookies on this website to provide links to social network sharing services and provide website usage data.
17. Web Analytics
We use web analytics to generate statistical and other information about website usage by means of cookies, which are stored on users' computers. We collect information in an anonymous form, including the number of visitors to our website, the URL from which visitors have come to our website and the pages they have visited. The exact information which Google Analytics stores in cookies is described at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
This approach enables us to analyse data about webpage traffic and improve our website in order to tailor it to customer needs.
From 25th May 2018, as controller of our Google Analytics account, we have the option to limit the period for which that individual user and event data is retained. We have selected the default retention period of 26 months, commencing from the most recent user session on our site. This retention period does not apply to aggregate data.
18. Changes to this privacy notice
This privacy notice may need to be updated from time to time. You should therefore check this page from time to time to ensure that you are aware of any changes.
19. Contacting us regarding data privacy
If you have any concerns as to how your data is processed you can contact firstname.lastname@example.org or write to the following address of FireDrake Limited, 3 Lloyds Avenue, London, EC3N 3DS.