Our Privacy Policy
The Effective Board LLP (also referred to as “We”, “Us” and Our”) understand that Your privacy is important to You and that You care about how Your personal data is used. We respect and value Your privacy and will only collect and use personal data in ways that are described here, and in a way that is consistent with Our obligations and Your rights under the law.
1. What Does This Privacy Notice Cover?
1.1 This Privacy Notice explains how We, as Data Controller collect and process Your personal data. It also explains Your rights under the law relating to Your personal data (See Part 5).
1.2 This Privacy Notice (the “Notice”) applies to the processing of personal data by The Effective Board in connection with:
- 1.2.1 Client Services – the provision of services by Us to actual and Prospective Clients
- 1.2.2 Supplier Services – the provision of products and services to Us by Suppliers
- 1.2.3 Candidate Search Activities – the collection of personal data of individuals who We consider to be suitable Candidates for Our Clients.
1.3 References in this Notice to “You” or “Your” are to the relevant individual who is the subject of the personal data (the “Data Subject”) collected by Us in connection with 1.2.1 – 1.2.3 above.
1.4 Any reference in this Notice to Our Clients, Prospective Clients or Suppliers, includes their employees and other individuals who work for the Client, Prospective Client or Supplier such as (but not limited to), contractors, non-executive directors and consultants whose personal data We collect and process.
2. Information About Us and How to Contact Us
The Effective Board LLP is a limited liability partnership, registered in England and Wales under registration number OC419773.
Our contact details are as follows:
Registered address: - West Bergholt Hall, Hall Road, West Bergholt, Colchester, Essex, England, CO6 3DU.
Email address: tom@theeffectiveboard.com.
Telephone number: 07841 361 940.
Postal Address: West Bergholt Hall, Hall Road, West Bergholt, Colchester, Essex, England, CO6 3DU.
Our website address is www.theeffectiveboard.com.
Should You have any questions regarding the contents of this Privacy Notice or Our data protection policies in general, please contact Us using one of the methods above and making it clear Your query is in relation to data protection.
3. What is Personal Data?
Personal data is any information about You that enables You to be identified.
The personal data that We collect and process is set out in Part 6, below.
4. What happens You fail to provide the necessary personal data to Us?
Where we need to collect personal data by law, such as in order to enter into a contract with You, We may not be able to perform the contract with You if you fail to provde the necessary data to Us.
5. What Are Your Rights?
Under the law, You have certain rights, which We will always work to uphold. In brief, these rights are as follows:
- 5.1 The right to be informed about Our collection and processing of Your personal data. This Privacy Notice should tell You everything You need to know, but You can always Contact Us to find out more or to ask any questions using the details in Part 1.
- 5.2 The right to access the personal data We hold about You. Part 13 will tell You how to do this.
- 5.3 The right to request that Your personal data be rectified if any of Your personal data held by Us is inaccurate or incomplete. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to notify those parties of the rectification where possible
- 5.4 The right to request that We erase the personal data We hold about You (also known as the right to be forgotten).
- 5.5 The right to restrict (i.e. prevent) the processing of Your personal data.
- 5.6 The right to data portability. This means that, if You have provided personal data to Us directly, We are using it with Your consent or for the performance of a contract, and that data is processed using automated means (i.e. electronically), You can ask Us for a copy of that personal data to re-use with another service or business in many cases.
- 5.7 The right to object to Us using Your personal data for a particular purpose or purposes. You have an absolute right to stop your data being used for direct marketing.
- 5.8 Rights relating to automated decision-making and profiling. We do not use Your personal data in this way.
Please note that some of the rights listed above only apply in certain circumstances. Further information about Your rights can also be obtained from the Information Commissioner’s Office (“ICO”) www.ico.org.uk or Your local Citizens Advice Bureau.
Please be aware that when exercising any of Your rights, We may need to request specific information from You to help Us confirm Your identity and to ensure We do not disclose Your personal data to anyone who does not have the right to receive it.
For more information about Our use of Your personal data or exercising Your rights as outlined above, please Contact Us.
If You have any cause for complaint about Our use of Your personal data, You have the right to lodge a complaint with the ICO. We encourage You to Contact Us in the first instance as We aim to promptly and efficiently resolve any concerns or complaints You may have to Your satisfaction.
6. What Personal Data Do We Collect and What is Our Legal Basis for Processing the Data?
You are requested only to share personal data with Us when strictly necessary for the purposes for which You have engaged with Us. If You share anybody else’s personal data with Us You should inform them and refer them to this Privacy Notice For example, if You, as an employer share with Us personal data concerning an employee, You should inform that employee and refer them to this Privacy Notice.
We do not collect data concerning children, criminal offences or convictions, or special category data (special category data includes data concerning details of Your race/ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information and genetic and biometric data).
Personal data may be collected directly from You which could mean it is collected when You contact Us in person (or give Us a business card), contact Us via telephone, email, post or social media. It could also be collected when You provide Us with certain data in connection with entering into a contract with Us, or market or provide goods or services to Us.
Personal data may be collected automatically as You use Our website by using cookies and similar technologies. Please see Part 6 below for more details about this.
Personal data may be received from third parties such as:
• Your employer
• A third party referral
• Via publicly available internet professional networking sites such as Linked In
• Via other publicly available sources such as Companies House and the Charities Commission
• Analytics providers such as Google Analytics
• Search information providers such as Google.
Under the law, We must always have a lawful basis for processing personal data. The data We may collect (depending upon Your relationship with Us), the purpose of processing Your personal data and the legal basis for processing Your personal data relied upon by Us are as shown in the table below.
| CLASSIFICATION OF DATA | WHAT THE DATA COLLECTED MAY INCLUDE | WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA? |
|---|---|---|
| Communication Data This includes any communication that You send to Us such as letters, via emails, phone calls, SMS, social media messaging, social media posting or any other communication You send Us |
| The processing of Communication Data is to enable Us to take steps at Your request to enter into a contract with You, or to actually enter into such contract. Processing is in Our legitimate interests in enabling Us to answer queries and respond to communications from You, manage Our relationship with You, keep records, and to establish, pursue or defend legal claims if necessary. Such processing is also necessary due to Us having a legal or regulatory obligation |
| Prospective Client Data This is data gathered from publicly available sources such as Companies House and Linked In |
| The processing of Prospective Client Data is in Our legitimate interests in enabling Us to communicate with Prospective Clients about Our services, to enable Us to keep records, respond to enquiries, to maintain and manage Our business. and to establish, pursue or defend legal claims if necessary. Such processing is also be necessary due to Us having a legal or regulatory obligation |
| Client Data This is data which may be collected and processed should You become a Client. |
| The processing of Client Data is to enable Us to take steps at Your request to enter into a contract with You or to actually enter into such contract. Processing is in Our legitimate interests to enable Us to communicate with You throughout Our relationship in order to maintain and manage Our business and provide Our services, keep records, and to establish, pursue or defend legal claims if necessary. Such processing is also necessary due to Us having a legal or regulatory obligation |
| Candidate Data |
| Processing of Candidate Data may be carried out with the consent of the Candidate. Processing of Candidate Data is also in Our legitimate interests to enable Us to communicate with potential candidates and Clients for recruitment purposes and to keep candidates informed of available opportunities, to keep records, maintain and manage Our business and to establish, pursue or defend legal claims if necessary. The processing of Candidate Data is also necessary due to Us having a legal or regulatory obligation |
| CLASSIFICATION OF DATA | WHAT THE DATA COLLECTED MAY INCLUDE | WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA? |
| Supplier Data This is data which may be collected and processed should You become a Supplier of goods or services to Us |
| The processing of Supplier Data is to enable Us to enter into a contract with You for the supply of Your products and/or services to Us. It is also in Our legitimate interests to process this data for the purposes of communicating with You, managing Our account with You, payment to You and obtaining the products and services required by Our business, and to establish, pursue or defend legal claims if necessary. It is also in the legitimate interests of Our Suppliers to enable them to receive Our custom and be paid for goods/services supplied. The processing of Supplier Data is also necessary due to Us having a legal or regulatory obligation |
| Consultant Data This is data which may be collected should you engage with Us to provide consultancy services to Us |
| The processing of Consultant Data is to enable Us to enter into a contract with the consultant for services to be provided to Us. Processing of this data is also in Our legitimate interests in that it enables Us to communicate with consultants who are working for Us and to manage the working relationship between Us and the consultant and to establish, pursue or defend legal claims if necessary. The processing is also in the consultant’s legitimate interests to enable payment of the consultant’s fee for services provided. The processing of Consultant Data is also necessary due to Us having a legal or regulatory obligation |
| Usage Data This is data concerning Your use of Our website that We have obtained via the use of Analytics and Cookies. |
| The processing of Usage Data is in Our legitimate interests in that the collection of such information allows Us to administer and protect Our business and website. |
7. Cookies
Cookies are small pieces of data, stored in text files, that are stored on Your computer or other device when websites are loaded in a browser. They are widely used to ensure a consistent and efficient experience for visitors, and perform essential functions enhancing users’ experience of use of websites. If You are uncomfortable with the use of Cookies, You can disable Cookies on Your device by changing the settings in the preferences or options menu in Your browser. You can set Your browser to reject or block Cookies or to tell You when a website tries to put a cookie on Your device. You can also delete any Cookies that are already stored on Your device. However, please be aware that if You do delete and block all Cookies from Our website, parts of the site my not fully function. For more information see Our Cookie Policy available on Our website or upon request by Contacting Us.
8. How Do You Use My Personal Data?
We will only collect and process Your personal data for the purposes for which We collected it or for a reasonably compatible purpose. If We need to use Your data for an unrelated purpose, We will notify You and explain the legal basis which allows Us to do this.
Your personal data may be used for one or more of the following purposes:
- Managing Our relationship with You
- Developing and supplying Our services to You
- Entering into and fulfilling a contract with You
- Communicating with You
- Administration and management of Our website
- Record keeping
- Managing Our account with You with respect to the goods and/or services You provide to Us and payment to You
- Providing and managing Your account with Us with respect to payment, fees and charges (including the recovery of money owed to Us)
- Managing and protecting Our business including dealing with any complaints or legal proceedings
- Interaction with government or regulatory authorities in relation to You
- To comply with legal requirements or as requested by a Government authority
- Obtaining or maintaining insurance policies
- Obtaining professional advice.
We will not use Your personal data to send you marketing materials if You have requested not to receive them. If You request that We stop processing Your personal data for marketing purposes, we shall stop immediately. We would encourage You to make such requests via the links provided for that purpose in any marketing materials We send you or by contacting Us.
9. How Long Will You Keep My Personal Data?
We will not keep Your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. For details of storage periods, please ask for a copy of Our Data Retention Policy.
10. Do You Disclose My Personal Data?
We may have to disclose Your personal data to the following:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, accountants, auditors, bankers, insurers
- Government bodies that require Us to report processing activities or otherwise disclose Your personal data
- Fraud prevention organisations
- Third parties to whom We may sell, transfer or merge parts of Our business or assets.
If any of Your personal data is shared with a third party, as described above, We will take steps to ensure that Your personal data is handled safely, securely, and in accordance with Your rights, Our obligations, and the third party’s obligations under the law.
We will never share Your personal data with third parties for marketing purposes.
11. Do You Transfer Personal Data Outside the EEA?
We may transfer some or all of Your personal data to, or store some or all of Your personal data in, countries that are not part of the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Countries not within the EEA are known as “Third Countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that We will take additional steps in order to ensure that Your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows:
- We will only transfer Your personal data to Third Countries if the European Commission has deemed that they provide an adequate level of protection;
- We will use clauses in contracts with Suppliers based outside the EEA which have been approved by the European Commission as giving personal data the same protection it has in Europe; or
- With your informed and explicit consent.
- Where necessary for the performance of a contract between You and Us or for pre-contractual steps taken at the Your request;
- Where necessary for the performance of a contract made in Your interests between the controller and another person.
- The transfer is necessary for important public interest reasons;
- The transfer is necessary for the conduct of legal claims;
- The transfer is necessary to protect the vital interests of the Data Subject or other individuals where the Data Subject is physically or legally unable to give their consent; or
- The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.
12. Data Security
The security of Your personal data is essential to Us, and to protect Your data, We have taken reasonable measures to prevent Your personal data being accidentally lost, deleted/destroyed, altered, disclosed or accessed. Only authorised personnel have access to Your personal data and all are subject to an undertaking to keep it confidential and are aware of their obligations when processing personal data.
We are aware of Our legal obligations regarding suspected data breaches and have the appropriate procedures in place regarding the notification of the ICO and of the Data Subjects affected by the breach.
13. How Can I Access My Personal Data?
If You want to know what personal data We have about You, You can ask Us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “Subject Access Request”.
All Subject Access Requests should be made in writing and sent to the email or postal addresses shown in Part 1.
There is not normally any charge for a Subject Access Request. If Your request is ‘manifestly unfounded or excessive’ (for example, if You make repetitive requests) a fee may be charged to cover Our administrative costs in responding.
We will respond to Your Subject Access Request within one month of receiving it. Normally, We aim to provide a complete response, including a copy of Your personal data within that time. In some cases, however, particularly if Your request is more complex, more time may be required up to a maximum of three months from the date We receive Your request. You will be kept fully informed of Our progress.
14. Changes to Your Personal Data
If any of Your personal details change (such as You change your job title, move from Your existing company, change your email address etc.), You are encouraged to let Us know so that We can update the information We hold about You.
15. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if We change Our business in a way that affects personal data protection.
The date of and the version number of this Notice is shown at the top. If You are viewing this Notice on Our website, We encourage You to check that You have read the latest version each time You visit Our website.