Privacy, data protection, and cookies

Summary

We have put in place appropriate systems to protect information about you.

We only use information about you when we are allowed to do so.

We use information about you only for the following purposes:

  • respond to you when you contact us;

  • provide our services;

  • perform marketing activities;

  • allow our website function;

  • fulfil a legal obligation; and

  • pursue, or defend against, legal claims.

The purpose that is likely to have the greatest impact on you is our marketing activities. We limit the effect our marketing has on you by always making it easy to opt-out and by sending only very limited marketing materials to other organisations and to individuals in the context of their employment.

Where we use any information about you on the basis of your consent, you have the right to revoke that consent at any time simply by letting us know.

We only share information about you with third parties in very limited circumstances.

You have a number of rights about personal information about you. They are explained below.

General information

This page of our website explains how we use and protect personal information. We also explain how we manage our website’s cookies.

We explain what we do with personal information about you when you make contact with us, use our website, or use one of our services. The section that deals specifically with cookies and other related issues can be found in the section about using our website.

This document is not about asking for your agreement about how we use personal information. Instead, it is designed to tell you what we do with personal information, why we do it, and what rights you have. If we ask for your consent for something, it will be made very clear to you when it happens and why it is happening.

This privacy notice will tell you:

  • who we are;

  • how to contact us;

  • how we protect information about you;

  • how we get information about you;

  • what information about you we use;

  • why and how we use information about you;

  • why we are allowed to use information about you;

  • how long we keep information about you;

  • what rights you have over information about you;

  • whether we provide other organisations access to information about you; and

  • if we transfer information about you to another country.

Our details

Wilson Brown Consulting Ltd is based in the UK. We provide project management, contract management, and service improvement. Wilson Brown Consulting Ltd’s company number is 12001181.

Our postal address is:

14 All Saints’ Street,
Stamford,
England,
PE9 2PA

If you have any comments or queries, please email Lorna Wilson Brown at Lorna@wilsonbrownconsulting.com.

Our website is powered by Squarespace. Their privacy policy can be found here. Their cookie policy can be found here.

If we make changes to this document, those changes will be posted to this webpage and, where appropriate, you will be notified by email or phone.

If you wish to complain to the Information Commissioner’s Office, you may do so here

How we protect personal information

Wilson Brown Consulting is committed to protecting your privacy and the security and confidentiality of personal information about you:

  • We follow the letter and the spirit of the principles of data protection and all related legislation including the EU General Data Protection Regulation and the UK’s Data Protection Act 2018.

  • We have processes in place to protect information about you. For example, only people employed by Wilson Brown Consulting have access to that information, connections to our website are encrypted, and all information we store is encrypted. 

  • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.

  • We never sell access to the information we collect and hold about you.

  • We only collect and use information needed to provide our services.

  • We only collect and use the minimum necessary amount of information to achieve our business purposes.

  • Personal information and what we do with it

Personal information and what we do with it

We will only collect and use personal information about you for the reasons described below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we intend to use personal information about you for an unrelated purpose, we will notify you and either ask your permission or explain why we are allowed to do so.

When you contact us

How do we collect, store, and use the information?

  • When you contact us, whether by email, post, or phone, we will automatically collect some information about you. What information is collected will depend on the way you made contact.

What information do we collect, store, and use?

  • If you email us, we will collect, store, and use your email address and any other information you include in your email, for example your name and telephone number, as appropriate.

  • If you call us, we will collect, store, and use your phone number and any other information you provide if you leave a recorded message, for example your name.

  • If you write to us, we will collect, store, and use any information you include in your letter, for example your name, phone number, and postal address.

Why are we allowed to collect, store, and use the information?

  • We can use this information because we have a legitimate interest in doing so.

  • We have concluded that we have a legitimate interest after assessing the information we use and the way we use it. Our assessment concluded that:

    • you would expect us to use personal information about you to contact you and reply to your comments and queries and it will cause you no harm for us to do so;

    • it is necessary and reasonable for us to use personal information about you like this;

    • there is no less intrusive way of achieving the result (i.e., replying to you);

    • the benefit of us using personal information about you in this way falls equally to you and to us; and

    • if we did not use information about you like this, our business would suffer greatly without any benefit to you.

When we provide our services

How do we collect and use the information?

  • When you contact us through post, email, phone call, or our website, we will automatically collect and store some information in our filing, email, phone, and website systems.

What information do we collect, store and use?

  • Biographical and contact information (e.g., your name, email address, phone number, and postal address).

Why do we collect, store and use the information?

  • Biographical and contact details are necessary to deliver the services we provide.

Why are we allowed to collect, store and use the information?

  • We can use contact information because it is necessary for negotiating, entering into, and performing a contract between us.

When we perform marketing activities

How do we collect and use the information?

  • When we use personal information for marketing purposes, we obtain it through internet searches, referrals, or your previous use of our services. We will always inform you of this during our initial contact with you.

What information do we collect, store and use?

  • Biographical, contact information, and employment information (for example, your role and the organisation for which you work).

Why do we collect, store and use the information?

  • Biographical, contact, and employment information is necessary to send marketing material to people to whom our services may be of interest.

Why are we allowed to collect, store and use the information?

  • We can use biographical, contact, and employment information to send marketing materials to you because we have a legitimate interest in doing so. We have concluded that our interest is legitimate because:

    • you would reasonably expect us to take these actions, in particular because we do not market to consumers but only to organisations or to individuals in the context of their employment;

    • there are very limited risks to you when we send our marketing materials;

    • it causes you no harm;

    • the amount of information about you, and how we use it, is proportional to our aim; and

    • any intrusion that you might experience is brief and can be eliminated by telling us to stop marketing to you.

When you use our website

This section includes references to ‘cookies’. You can find out more about cookies at www.aboutcookies.org and www.allaboutcookies.org. We explain briefly what cookies are and how we use them immediately below this section.

How do we collect and use the information?

  • We automatically collect a small amount of personal information about people who use our website.

Why do we collect, store, and use the information?

  • To make sure our website is able to function (this information is known as ‘strictly necessary’).

What information do we collect, store, and use?

  • a security cookie that prevents a ‘cross-site request forgery’, which is a way of tricking a web browser into doing something it shouldn’t; and

  • second cookie tracks whether you have pressed the ‘ok’ button for cookies, when prompted.

Why are we allowed to collect, store and use the information?

  • We have a legitimate interest in using strictly necessary cookies to collect certain personal information. We have concluded that our interest is legitimate because:

    • the cookies in question are absolutely necessary for the website to function securely;

    • it is reasonable for us to use information like this, you would expect us to do so, and it will not harm you when use it in the way that we do;

    • there is no less intrusive way of allowing people to use the website and access the functions they want to access; and

    • the information used is not sensitive.

Further information about cookies

Cookies are small pieces of information placed by websites on to electronic devices such as computers, smartphones, and tablets. These pieces of information are sent back to the website each time the user visits it. Cookies are very widely used and allow websites to function in a number of different ways. In particular, they allow website owners to understand more about how people use their websites, to remember a website user's preferences, to target adverts at users, and to permit logins. Cookies usually improve the browsing experience and make websites more efficient. They do not provide access to your electronic device.

We only uses cookies that are strictly necessary for the functioning of our website. Because we only use strictly necessary cookies, we do not need to ask users of our website for their consent to place cookies on their device.

 When you first used the website, you were told that only strictly necessary cookies are used on this website you were given the opportunity to agree by clicking “ok”. Clicking “ok” does nothing other than remove the banner.

We use only two cookies:

  • the first is a security cookie that prevents a ‘cross-site request forgery’, which is a way of tricking a web browser into doing something it shouldn’t. This cookie lasts for only the session in question.

  • the second cookie tracks whether you have pressed the ‘ok’ button for cookies, when prompted. This cookie lasts for 30 days.

Our website is powered by Squarespace. Squarespace's cookie policy can be found here. Squarespace notes in their policy that they "use cookies to provide insights regarding your End Users and Your Sites’ performance, such as page views, conversion rates, device information, visitor IP addresses and referral sites." You are the 'End User' and so that statement applies to you.

We don't advertise on our website. Any cookies placed on your computer when you access our website will not be used by Wilson Brown Consulting to advertise to you.

User choice and online privacy and security are important. One of the ways you can maximise all of these things is to choose to limit the way cookies interact with your device. 

The majority of web browsers allow users to prevent or limit the extent to which cookies are placed on their devices. You can do this by checking your browser privacy or cookie settings and changing them to suit the level of control you want. See the links below for how to do this for each of the most popular web browsers:

You can opt out of being tracked by Google Analytics at http://tools.google.com/dlpage/gaoptout. 

There are also a number of privacy-enhancing additions for most web browsers. These are called add-ons or extensions. They can be easy to use, free, and found (for the most popular desktop or laptop web browsers) at:

Legal claims and obligations

How do we collect and use the information?

  • Using all the processes we described in the above three sections (‘When you use our services’ ‘When you contact us’ and ‘When you use our website’)

Why do we collect, store, and use the information?

  • To pursue and defend against legal claims and to comply with legal obligations.

What information do we collect, store, and use?

  • If we need to defend or pursue a legal claim, or fulfil a legal obligation, we will use whatever personal information required. For legal claims this will be, at a minimum, your name and contact details. Other legal obligations will vary but include, for example, bank and payment details so we can fulfil our tax obligations. 

Why are we allowed to collect, store, and use the information?

  • We are allowed to use personal information to pursue and defend against legal claims because it is in our legitimate interest to do so. We made this conclusion because:

    • the information is absolutely necessary for us to be able to pursue or defend against a legal claim;

    • it is reasonable for us to use information like this;

    • we would be expected to do so;

    • there is no less intrusive way of fulfilling this purpose.

Transferring personal information outside the UK

Squarespace (the company that manages our website) and Google (the company that manages our email system, which is connected to our website) are located in the USA. We rely on the Privacy Shield Framework to transfer information to Squarespace and Google. Both Squarespace and Google are part the Privacy Shield Framework.

Marketing opt-out

You always have the right to ‘opt-out’ of receiving our marketing.

You can opt-out do this at any time by contacting us through our website (www.wilsonbrownbconsulting.com) or by contacting Lorna Wilson-Brown at Lorna@wilsonbrownconsulting.com.

If you opt-out of our marketing materials you will be added to a list we keep of people who have opted-out. This is a suppression list. This helps us make sure that we do not accidentally send you further marketing. We sometimes need to contact you for administrative or operational purposes, but we will make sure that those communications don't include direct
marketing.

We keep our suppression list indefinitely to comply with our legal obligations to ensure we don't accidentally send you any more
marketing, unless you ask us to erase all information about you.

How long we keep personal information

To decide the correct amount of time that we will keep information about you, we have considered the amount, nature, and sensitivity of information about you, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we use it, whether we can achieve those purposes through other means, and the applicable legal requirements.

Information we collect and use because we negotiated for, or entered into a contract is kept for a period of up to 6 years after your account is closed to enable us to deal with any after-sales enquiries or claims and as required for tax purposes.

Information we collect and use because you used our website: we keep this information about you for up to 12 months from when it is collected or the relevant cookie expires.

Information collected and used as a consequence of you contacting us for reasons other than that we have negotiated or entered into a contract is kept for up to 6 years from the date we obtain the information.

Sharing personal information

We sometimes give access to information about you to third parties. Third parties are required to respect the security of personal information about you and to treat it in accordance with the law. If the third parties are using personal information about you on our behalf as ‘data processors’ then they must comply with a number of specific contractual requirements to protect information about you. These include that they only act on our written instructions and that they agree to treat the information confidentially and keep it secure.

We give access to personal information about you to third parties if:

  • it is part of delivering our service to you (e.g., our website and email host);

  • we have a legal duty to do so (e.g., where we are compelled by law enforcement agencies); or

  • we need to use the information for our own legal proceedings.

Your rights

You have a number of rights about personal information we hold about you. They are described briefly below. More information about your rights can be found on the webpage of the Information Commissioner's Office (ICO). Under some circumstances, by law you have the right to:

Be informed in a clear, transparent and easily understandable way about how we use personal information about you and about your rights. If you need more information about how we use personal information about you, please let us know.

Request access to personal information about you (this is known as a ‘data subject access request’). This right lets you receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This lets you correct any incomplete or inaccurate information we hold about you.

Request erasure of personal information about you. This means you can ask us to delete or remove personal information where there is no good reason for us continuing to store or use it. An example of a good reason for us to keep it is to continue to comply with our legal obligations. You can also ask us to delete or remove personal information about you where you have exercised your right to object to us storing or using or personal information about you (see below).

Object to us storing or using personal information about you where we rely on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to us using information about you on this basis. We might have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms, in which case your objection may not be accepted. For example, we may need personal information about you to defend a legal claim. You also have the right to object where we are processing personal information about you for direct marketing purposes.

Request the restriction of the storage or use of personal information about you. This allows you to ask us to temporarily stop what we are doing with personal information about you. For example, if you want us to establish the accuracy of personal information about you.

Request the transfer of personal information about you to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.

Withdraw consent. If we rely on your consent to collect and use personal information about you for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process information about you for the purpose or purposes you originally agreed to, unless we have another compelling legitimate interest in doing so.

Lodge a complaint. If you think that we are using information about you in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).

If you want to contact us to review, verify, correct, request erasure, object, withdraw your consent, or request that we transfer a copy of personal information about you to another party, please contact us at info@wilsonbrownconsulting.com or through our website at www.wilsonbrownconsulting.com.

No fee is usually required to access personal information about you or to exercise any of the other rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.

What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity, and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If we request any identification from you for this purpose, it is on the basis that it is necessary to comply with our legal obligations, and we will only keep and use this until your identity has been verified.

Timescale. We will respond to your request as soon as we can. This should be within one calendar month from when we receive your request but, if the request is going to take longer to deal with, we will let you know. For example, if identification is necessary, the time limit will be from the day we receive that information.