The collection and use of personal data is regulated by the Data Protection Act 1998. (DPA) & the General Data Protection Regulations (EU 2016/679) (the GDPR). IDMB Advisory Ltd may collect, store and manage certain categories of personal information from those who contact us, visit our premises or use our website. IDMB Advisory Ltd is the controller of such data for the purposes of the GDPR.
This document seeks to explain, in a concise and transparent manner, when and why we collect personal information from those who visit and use our website. It also explains how we use your personal data, the conditions under which we may disclose it to others and how we keep it secure.
We seek to acquire information about you when you use our website. This includes; when you contact us through our website and when you purchase products and services from our website.
Whenever we request personal information from you on our website we will always aim to reasonably explain why we are collecting the information and refer you to this policy for more comprehensive detail.
Please note, we do not collect or store personal data about you supplied or obtained from any 3rd party sources. Any data we store is only that which we have collected from you directly.
When you contact us about our products and services we will request personal details such as your name, telephone number, email address, IP address, the pages you have visited on our website and where applicable, the company for whom you work.
We may use your information to:
· Respond to your enquiries.
· Process online orders that you have placed with us (products, services, or membership).
· Carry out our obligations arising from any contracts entered into by you and us.
· Seek your views or comments on the services we provide.
· Notify you of changes to our service.
· Send you communications which you have requested and that may be of interest to you.
If you purchase any products and services from us, then under UK tax law we are required to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it can be erased on your request. We will hold your personal information on our systems indefinitely for marketing purposes or until you notify us that you no longer wish us to do so, unless your request contradicts our statutory obligations.
As stated before, your privacy is important to us. That's why we will not, under any circumstances, sell or rent your personal information to any third parties. In addition, we will not share your information with third parties for their specific marketing purposes.
To respond to your enquiries, deliver products and services or to send your newsletters, we may need to pass your information to our 3rd party service providers. In all circumstances, we will remain the controller of your data and our 3rd party service providers will be processors of your data.
· if you subscribe to our newsletter service, your personal data may be processed by a 3rd party email processor such as Mail-Chimp who specialise in the delivery of GDPR compliant email newsletter services.
· If you purchase our Office Superchargers, then licence management and e-commerce transactions will be held in our Licence Server suite, managed by Concept Software.
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service. We also have contracts in place with all 3rd Party Service Providers that requires them to keep your information secure and not to use it for their own direct marketing purposes.
To complete some forms of communications or service delivery, we may need to pass your information to service suppliers who are registered outside the European Union (“EU”). For example, this will occur when we use a US based newsletter emailing service such as Mail-Chimp.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. When transferring your information outside of the EU, we take steps to ensure that your privacy rights continue to be protected.
It's important that you are aware that you have a choice about whether you wish to receive marketing information or service notifications from us.
If you have previously given us consent to process your personal data and send you marketing information, you can withdraw this consent at any time by unsubscribing at the bottom of all e-mails or by contacting us directly. We will cease the delivery of all marketing communications to you immediately on receipt on your objection or un-subscription.
You have the right to ask for a copy of the information we hold about you. You can request a copy of this data at any time by contacting us directly. We will, where possible, always supply your personal data in a convenient and transferable format within 30 days.
Your personal data probably changes from time to time. The accuracy of your information is important to us. You can manage your personal information and preferences by:
· Marketing - Click on the ‘update my preferences’ link at the bottom of any e-mail.
· Licencing - Login to our Software Portal and update your preferences.
· Support Site and Forum - Login to the site and update your preferences.
If you would like us to delete or erase your personal information from our systems, then where possible (if not required for statutory or contractual requirements) we will do so within 30 days and provide confirmation that your data has been removed from our systems. To request that your personal data is erased from our systems, please contact us directly by raising a support ticket on our Support Site: https://www.idmb.uk/Forum/.
Our website is protected. This means that any information we collect from you via our website is protected and secure. When you are asked for any personal data on our website, you will see a lock icon in your browser, ratifying that your data is secure.
Once we receive your information, we make our best effort to ensure its security on our systems. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
In the unlikely event of our systems and your data being breached, then we will notify you within at least 30 days including full details of what parts of your personal data have been compromised.
To better improve our products, services, marketing and website experience, we may analyse your personal information to create a profile of your actions, interests and preferences. Where applicable, we do this so that we can tailor your experience on our website and contact you with more relevant information specific to your needs.
Examples of this may include:
· Profiling your previous points of interest on our website and automatically tailoring the messages and images you see when returning to our website.
· Profiling your interests in our products and services and automatically sending you tailored marketing communications or newsletter variants.
Please be aware, that at no point is automated profiling used to assess your credibility or eligibility for contractual approvals or legal decision-making.
To provide you with further information or additional reference points, our website may contain links to other websites run by other organisations.
Please be aware, that we cannot be responsible for the protection and privacy of your information which you provide whilst visiting other websites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If at any point you wish to raise a complaint about how we have handled your personal data, then please contact the Hon. Secretary directly. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
We keep this Policy under regular review.
22nd May 2018.