LEGAL
Privacy Notice
Introduction
1.1 Gradient Consultancy Ltd (“Gradient Consultancy”/“We”/“Us”/“Our”) is committed to protecting and respecting your privacy.
1.2 This privacy notice (“Notice”) sets out the basis on which any personal data we receive from you, or that we gather in any other way, will be processed by us. It applies to any personal data gathered due to your use of www.gradientconsultancy.com (our “Website”) or otherwise as a consequence of any dealings we may have with you. Please read and understand this Notice carefully to understand our views and practices regarding your personal data and how we will treat it.
1.3 For the purposes of this Notice, “UK GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018. “Consent”, “Controller”, “Personal Data”, “Process”, “Processing”, “Profiling”, and “Third Party” shall have the definitions prescribed to them under the UK GDPR. Where you are subject to Regulation (EU) 2016/679, references to the UK GDPR under this Notice shall be deemed to be references to the GDPR.
1.4 For the purposes of the UK GDPR, we shall be the “controller”.
Information We May Collect From You
2.1 During the course of our business, we may collect and process personal data that you provide to us by filling in contact forms on our Website or by corresponding with us by phone, e-mail, or otherwise. The personal data you give us may include, without limitation:Personal identification information and employment details such as your name, age, and job role; Contact details such as your home or office address, e-mail address, and phone number; andAny other information relevant to the work that we undertake (or plan to undertake) that you provide to us.
2.2 Certain personal data about you may be recorded and logged automatically when you access the Website. This is often referred to as "log data". Each time you visit or use our Website, we may automatically collect the following information about you or your devices: Technical information, including the type of device(s) you use, a unique device identifier, the Internet protocol (IP) address used to connect your device(s) to the Internet, network information, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform; Information and details about your use of our Website (including but not limited to traffic data; location data; weblogs and other communication data; the full Uniform Resource Locators (URL) clickstream to, through, and from our Website (including date and time); what you viewed or searched for; page response times, download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page); and We may receive personal data about you from other sources such as analytics providers and search information providers.
Uses Made of the Information
3.1 Your personal data is only collected and processed by us where we have a lawful basis under the UK GDPR to do so. The lawful bases are: You have consented to the processing of your personal data; We are required to process your personal data to comply with legal obligations to which we are subject; It is necessary to enable us to defend, prosecute, or make a claim against you, us, or a third party; It is necessary for us to process your personal data in order to perform a contract we have entered into with you or to take steps (at your request) necessary to enter into a contract with you; orIn certain cases, where we have a legitimate business interest in processing your personal data (i.e., when it is essential for us to process your personal data to enable us to operate the Website).
Disclosure of Your Information
4.1 We do not sell, share, or transfer your personal data except as set out in this Notice.
4.2 We may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries (as applicable) from time to time.
4.3 We may share your personal data with selected third parties including: Our mailing partner, to deliver messages to you in accordance with the purposes set out above; Clients, business partners, suppliers, and sub-contractors as necessary for the performance of any contracts we enter into with them in relation to a project in which you are involved; Analytics and search engine providers that assist us in the improvement and optimisation of our Website; Suppliers of IT systems and services for the purpose of ensuring the correct operation, or enhancing the operation of IT systems, or to ensure the safety and security of personal data; and Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
4.4 Examples of when we may disclose your personal data to third parties include, without limitation: In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; andIf we are under a duty to disclose or share your personal data to comply with any legal obligation, or obligations under other agreements, or to protect our rights, property, or safety, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where and How We Store Your Personal Data
5.1 Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access. For example, we use secure servers to store all personal data you provide to us. Unfortunately, the transmission of any information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any personal data transmitted on or via our Website; any transmission is at your own risk.
5.2 Personal data that we collect from or about you may be transferred to, and stored at, a destination outside the UK and the European Economic Area (“EEA”) as part of the operation of our customer relationship management system, as part of our mailing system, when necessary as an integral part of a cross-border work project, or in such circumstances where the transfer of personal data is necessary for the performance of a contract between us and you, or a contract between us and a third party concluded in your interest. Any personal data transferred internationally is subject to appropriate legally recognised safeguards such as the Standard Contractual Clauses approved by the European Commission, which ensure the lawful transfer of your personal data outside of the UK and EEA. We take all reasonable and appropriate steps to ensure the privacy and security of any personal data transferred internationally (whether by us or our partners), and we only transfer personal data to third parties who have provided us with the necessary assurances and protections regarding the security of your personal data.
5.3 We will store personal data for as long as necessary to fulfil the purposes for which it was originally collected, as explained in this Notice, or for any other lawful or connected purpose subsequently communicated to you, and for other essential purposes such as complying with our obligations at law. The retention period may therefore vary for different types of personal data depending on how and why it was gathered. Criteria relevant to determine retention periods include:Where the personal data is necessary for the performance of a contract, we will retain it while we perform our obligations under that contract, and for a period thereafter for the purposes of dispute resolution, enforcing our rights under the contract, or where additional connected contracts are likely to arise; Where the personal data is processed pursuant to your consent only, and consent is withdrawn, we may delete such personal data immediately if we are unable to process that personal data on another legal basis, or we may cease processing and retain the personal data for a period thereafter if we need to keep it for dispute resolution or the enforcement of our rights; and Where in certain cases we may be legally obliged to hold personal data for a certain period of time, or to delete the personal data at a certain time, including in accordance with the exercise of your rights as a data subject as explained in this Notice.
Your Rights
6.1 We will not use your personal data for direct marketing purposes unless you have provided your consent to us or to a third party via which we have received the data. You have the right to ask us not to process your personal data for these purposes.
6.2 In certain circumstances, the UK GDPR may provide you with the right (subject to certain exceptions) to: Request from us further details as to how your personal data is processed; Request from us a copy of any personal data we hold about you; Request that we rectify or complete your personal data, where it is inaccurate or incomplete for the purposes of our processing of the data; Request that we erase your personal data where we have no legal basis to continue processing that personal data; Request that we restrict how we process your personal data; Request that we provide you with your personal data in a structured, commonly used, and machine-readable format, or transfer such data to a third party, where this is technically feasible; Object to any processing of your personal data carried out on the basis of our legitimate interests.
6.3 If you wish to exercise any of the above rights, please contact us at: dpo@gradientconsultancy.com.
Changes to Our Privacy Notice
7.1 Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
Contact
8.1 Questions, comments, and requests regarding this privacy notice are welcomed and should be addressed to: dpo@gradientconsultancy.com.
