This Privacy Notice tells you what to expect in relation to your personal information which is collected, handled and processed by Gerald Edelman.
Gerald Edelman of 73 Cornhill, London EC3V 3QQ is a data controller and data processor.
We acknowledge and agree that any personal data of yours that we handle will be processed in accordance with all applicable data protection laws in force from time to time. With effect from 25 May 2018, the General Data Protection Regulations (“GDPR”) will come into force.
All of our staff, contractors, consultants and partners are familiar with GDPR and their personal responsibilities. You may request to see our GDPR policy via email@example.com. All staff are trained on induction and every three years (or sooner if there is a major change in legislation).
The information we may collect and the legal basis for processing the data
We will collect personal data for a variety of purposes:-
To enable us to provide a variety of professional services to our clients
Personal data may include financial or non-financial information necessary for us to provide our services. This may include contact details, payroll data, employee information, lists of shareholders, customers and suppliers, tax identifiers, information about business activities, investments, financial interests and any other relevant data.
The legal basis for holding the data is to enable us to carry out our contractual obligations.
To provide information to business contacts and potential clients
We may hold data to promote our services, provide technical updates and host events.
Personal data may include contact details and notes of any meetings.
The legal basis for holding the data is having obtained consent.
To receive goods and services from our suppliers
We collect and process personal data about our suppliers, subcontractors and individuals associated with them. The data is held to manage our relationship, to contract and receive services from them, and in some cases to provide professional services to our clients.
To carry out our obligations as an employer
We may hold personal data on our staff and partners, which is set out in the staff handbook.
The legal basis for holding the data is to enable us to perform our legal obligations.
How long do we hold the data?
We will retain the data for as long as is required for the purposes which it was intended. This will reflect any legal or regulatory time limits, which is generally six years. Data is then deleted or destroyed.
How we hold the information
Personal data is held in a ‘live’ or archived format. Electronic data is stored on our databases or on cloud based facilities in the UK. Paper based personal data is held in secure offices or if archived, held at secure third party locations.
Disclosure of your information
We may share your information with HM Revenue and Customs and other government agencies such as Companies House. We may also share your information with professional or legal advisers.
You have the right to ask for a copy of the information about you that we hold. If you would like to make a request for information please email firstname.lastname@example.org.
In addition to this right of access, you have the following rights: erasure, restriction of processing, objection and data portability.
Retention of your data
Your data will be retained for no longer than is necessary and in accordance with our Data Retention Policy.
Withdrawal of consent
If you have provided us with your consent to process your data, for the purpose of using our services, you have the right to withdraw this at any time. In order to do so you should contact us by emailing email@example.com.
We have a notification process in place for any breach.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioners Office at https:\\ico.org.uk\concerns\.
Please address any questions, comments and requests regarding our data processing practices to our GDPR administrator firstname.lastname@example.org.
Changes to the Privacy Notice
This Privacy Notice may be changed by us at any time and will reflect any future changes in legislation.