Deep C Limited (hereafter referred to as ‘Deep C’) is committed to respecting the privacy of all visitors to its website and of its clients, partners, suppliers, advisers and subscribers. Specifically, we are committed to complying with the principles governing the processing of personal data, as detailed in the 2016 EU General Data Protection Regulation (GDPR):
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality.
Our Status as a ‘Data Controller’
Deep C is registered with the relevant Supervisory Authority in this area: The Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. For further details about the ICO, see www.ico.org.uk.
Deep C complies with GDPR and UK Data Protection Act (DPA) legislation, as well as complying with general ICO guidelines. Under GDPR, we are classified with the ICO as a ‘Data Controller’; an entity responsible for determining both the purpose and the means of processing personal data belonging to clients, partners, suppliers, advisers and subscribers. Our ICO registration is ZA348255.
‘Personal Data’ and ‘Data Processing’ Explained
Personal data is information or data from which you can be identified – and which is about you. Typically, we will receive personal data in connection with your instructions for the provision of our services, the delivery of those services – or via your interaction with our website at www.deepcleadership.com. Further details of the data we may hold about you – and from where we might obtain it – are outlined below.
‘Processing’ means obtaining, recording or holding information or data about you – or carrying out any operation on it, including:
- Organising, adapting or altering it
- Retrieving, consulting about or otherwise using your data
- Disclosing by transmission, dissemination or otherwise making your personal data available
- Aligning, combining, blocking, erasing or destroying your personal data.
Responsibility for Data Protection
If you have any questions about this policy or how we handle your personal data, please contact the Data Protection Lead, Deep C Ltd., The Surrey Technology Centre, 40 Occam Road, The Surrey Research Park, Guildford, Surrey, UK, GU2 7YG (tel: +44 (0)1483 685035) – or via email at email@example.com.
The Personal Data That We May Hold About You
In order that we can provide our services to you, we will collect, store and use one or more of the following categories of personal data about you, depending on your instructions and the services that we provide:
- Biographical details such as your age, date of birth and gender
- Personal contact details, such as your name, title, addresses, telephone numbers and email addresses
- Education details, such as your qualifications and where and when these were obtained
- Details regarding your family, lifestyle and social circumstances, such as your marital status, hobbies and interests
- Employment details, such as your job title, business activities, responsibilities, achievements and career profile
- Personal assessment data, such as psychometrics, self-assessments, third-party commentary or feedback, interview data and performance reviews
- The services that you express an interest in, or which we have provided, together with any relevant rationale, such as business or personal need
- Bank account details, such as your bank account number, sort code or payment card details.
We may also need to collect, store and use sensitive personal data about you, where you explicitly consent to provide it and where it is relevant to the services that we provide to you, including:
- Your race or ethnic origin
- Details regarding aspects of your physical and/or mental well-being.
The Methods That We Use To Collect Personal Data About You
We may collect personal data about you from a variety of different sources:
- Information that you provide to us when you complete our online forms, register with our website; or sign-in to use an online facility
- Information that you provide via telephone or email enquiries or during business meetings and informal exchanges with us
- Information provided to us by third parties, including organisations with whom you are employed or engaged
- Information that we obtain directly and indirectly about you in the course of delivering our services to you
- Information that we collect via feedback surveys, product research or complaint handling
How We Use Personal Data
We will only process your personal data for lawful purposes in operating our business and to fulfil our contractual obligations with our clients.
Please note that we may process your personal data without your knowledge or consent, in compliance with this policy, where this is required or permitted by law.
The lawful purposes for which we may process your personal data include:
- Consent: where you have given us clear consent to process your personal data for a specific purpose
- Contract: providing information and services to you (or to your organisation), under the terms of a contract (or because you have asked us to take specific steps before entering into a contract with us)
- Legal obligation: where we need to comply with the law e.g. with HMRC and other government bodies
- Vital interests: where processing your personal data is necessary to exercise our duty of care to you and/or to protect your own (or someone else’s) life
- Public task: the processing of your personal data is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law
- Legitimate business interests: where processing is necessary for our legitimate interests as a business, or of a third party e.g. to maintain and improve our website and services and to keep you in touch for marketing purposes with developments in the field of business psychology and leadership. This lawful purpose applies unless there is a good reason to protect your personal data which overrides these legitimate interests.
You have the right to request that we do not use your personal data for marketing. You can exercise this right by contacting the Data Protection Lead at firstname.lastname@example.org. Even if you choose not to receive marketing information, we may still contact you to advise you of changes to our website, alert you to security concerns or where we are permitted by law to do so.
We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained. If we intend to do so, we will notify you in advance wherever possible to obtain your express consent or otherwise than is permitted by applicable law.
In order to protect your privacy, we do not routinely share personal data with third parties. However, we may share your personal data with:
- Our suppliers and contractors who enable us to provide our website and our online tools and materials
- Our Associate Consultants who are responsible for delivering services to you or to your organisation
- Our third-party partners for analysis and reporting. Where possible we try to carry out analytical activities using anonymised information
- Relevant parties if we have a legal duty or obligation to disclose your personal information
- Third parties, if we buy or sell relevant business assets which may include your personal data.
We will not without your express consent provide your personal data to any third parties for the purpose of direct marketing.
Protection and Retention of Your Personal Data
The personal data that you provide will be kept confidential. We have in place administrative, technical and physical measures on our website and offices designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that we hold.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider several factors. These include:
- The amount, nature and sensitivity of your personal data
- The potential risk of harm from unauthorised use or disclosure
- The purposes for which we process your personal data and whether we can achieve those purposes through other means
- The applicable legal requirements.
We generally hold appropriate records for the duration of your engagement with Deep C and for up to 2 years thereafter.
We have in place appropriate methods for deleting and destroying both digital and paper-based data and information records. In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
A cookie is a small text or data file which is written to the hard drive on your computer (or other electronic device such as a mobile telephone or tablet) when you use our website.
We do this to find out things such as the number of visitors to the various parts of the site i.e. what visitors to our website find most useful. We are interested in which pages are most popular and where visitors stay longest. Ultimately, we use this information to help users reach these pages quickly. This information is only processed in a way which does not identify you individually.
We use analysis software to look at IP addresses and cookies to improve your experience as a user of our website. We do not use this information to develop a personal profile of you. If we do collect personally identifiable information, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
You can refuse a cookie when your browser alerts you to its presence and you can also choose to refuse all cookies by turning them off in your browser. If you are unsure how to do this, you can find more information on the website of your browser manufacturer.
However, should you decide to disable cookies, some of our website features may not function as a consequence.
Linking to External Websites
We do not have any control over the content on these websites and we do not accept any liability arising from your use of the links that we provide. You use these sites at your own risk.
Use of our website is subject to English law and the user agrees that the courts of England and Wales will have jurisdiction over any issues relating to this use.
Your Data Rights
We will respect your personal data and undertake to comply with all applicable EU and UK data protection legislation. It is important that you are aware that you have various legal rights under data protection legislation, under certain circumstances. These include the right to:
- Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
- Request correction (‘rectification’) of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). However, there may be reasons why we cannot agree to a ‘request to be forgotten’ or for data to be erased, such as where we need to retain it for regulatory or other reasons
- Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on such grounds. You also have the right to object where we are processing your personal information for direct marketing purposes
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it
- Request the transfer of your personal data to another party
- Withdraw your consent for us to continue processing your data. Where you may have provided your consent to the collection, processing, and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Lead at email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so
- Complain to the Supervisory Authority(ICO), should you be unhappy with our conduct relating to the processing of your personal data.
These rights may not be available in all circumstances, and we will tell you if this is the case. Where you wish to exercise your rights, or you are unhappy with the way in which we are handling your personal data, please contact us via our Data Protection Leadat firstname.lastname@example.org and we will respond within the applicable statutory time period. If we are not sure of your identity, we may require you to provide further information for us to confirm who you are.
We may make changes to this policy from time-to-time as our business and internal practices and/or applicable laws change.
The latest version of this privacy notice will always be available at www.deepcleadership.com.
How to Contact Us
Please contact us if you:
- Would like us to update information we have about you
- Wish to make a Subject Access Request
- Wish to make rectification to your personal data
- Object to processing
- Have any other queries relating to privacy and your personal data in the context of our website or business activities
- Wish to complain about our processing of your personal data.
For all queries, please contact the Data Protection Lead via email at email@example.com. Alternatively, please write to us at the following address: Deep C Ltd, The Surrey Technology Centre, 40 Occam Road, The Surrey Research Park, Guildford, Surrey, GU2 7YG. (Tel: +44 (0)1483 685035).
Should you wish to contact the relevant Supervisory Authority, the ICO can be contacted at:
Tel: 0303 123 1113.
Last Updated: April 2020.