This policy is effective form 24 May 2018. We may update it in future, so in order to keep abreast of any changes, please check from time to time.
This document is designed principally to help ensure that we trade lawfully -- in particular within the requirements of GDPR and other legislation relating to personal data. In addition, we hope that it will help make for smooth trading – especially by minimising the risk of unwelcome surprises for our individual stakeholders regarding our use of their data.
1. Who are you dealing with?
Our company name is Frontinus Ltd. We're a limited company registered in England. Our registration number is 6777037. Our registered office address is 4 The Links, Cambridge Road, Newmarket, Suffolk, CB8 0TG, UK. Our registration number with the Information Commissioner's Office is A8235108.
The person with overall responsibility for data protection is Karen Haynes. If you wish to discuss any matters concerning data or privacy, please contact Karen via email (firstname.lastname@example.org), telephone (01638 663456), or our correspondence address: 4 The Links, Cambridge Road, Newmarket, Suffolk, CB8 0TG, UK.
2. Why do we collect data and on what basis in law do we process it?
The bases on which we process are as follows:
1. ‘Contractual obligation’: that is, the data is necessary for us to perform a contract with you or you have asked us to do something (for example, provide a quotation) prior to forming a contract.
2. ‘Legal obligation’: that is, the data is required to ensure that we conform to common law or statutory obligation. Please note that such requirements always take precedence: no provision or undertaking in this policy overrides legal obligation.
3. ‘Legitimate interest’: that is, the data is necessary for pursuing commercial, individual, or societal interests (either our own or those of their parties). This applies only when the processing is in ways that you may reasonably expect and has minimal impact on your privacy or where there is (to quote the Guide to General Data Protection, available from the UK’s Information Commissioner: ico.org.uk) ‘compelling’ justification.
4. ‘Consent’, that is you have given explicit consent for your data to be used for specified purposes.
When we process data, we record the relevant basis for doing so.
Our purposes for collecting data follow from the above bases. Typically, we require data to:
• Negotiate contracts
• Fulfil contracts
• Make or collect payment
• Maintain accountancy records
• Operate our bank accounts
• Provide the state with legally required information – for example, when requested by HMRC or Companies House
• Obtain and operate insurance policies
• Avoid or prevent criminal activity
• Resolve disputes
In addition, we may use your data to:
• Inform you (for example, via a catalogue or URL) about our products or services and to promote them (for example, through special offers)
• Explore an opportunity to contract your services or offer you work
These uses too will be constrained by the need for a lawful basis – here either consent or legitimate interest.
3. What kinds of data do we collect and where do we collect it from?
We don’t buy personal data.
The main source of personal data consists of the individuals themselves, typically directly -- via face-to-face conversations, emails or online messaging, business cards, telephone or video calls (e.g., Skype) including voicemail, stationery, correspondence, documents (including applications, proposals, and CVs), presentations, research outputs, or publications or drafts of intended publications -- or indirectly via their own websites or online profiles or posts (e.g., on LinkedIn). Supplementary sources include publicly available online information (e.g., the websites of individuals’ employers) and networking communications.
The data we collect pertain to the lawful bases and defined purposes outlined above. Typically they include: names and personal titles; job titles and affiliations; contact details; account details (e.g., bank, PayPal) so that we can pay you; dietary requirements or disability needs (for meetings or events); substantive information relating to the management and fulfilment of projects (e.g., periods of availability, preferred meeting places, personal circumstances).
4. What happens – and what doesn’t happen − with your personal data?
• sell personal data
• use automated processing (i.e., making a decision solely by automated means without any human involvement) of any kind, including profiling
We may transfer your personal data outside the European Economic Area (EEA) in order for us to use the services of our suppliers where they are based outside the EEA. Such countries have different data protection laws to the United Kingdom and EEA. Where we transfer of your personal information to non-EEA countries we will do so in accordance with the General Data Protection Regulation. In most cases, the safeguard will be the use of standard data protection clauses adopted by the European Commission.
Where we process data on the basis of consent we may retain it unless and until you ask us to delete it or any deadline for retention specified in the consent agreement is reached – whichever is the sooner. Where the basis is contractual obligation, we may retain it only until it is evident that the contract has been fully performed. Where the basis is legal obligation, the duration of retention will be determined by the government through law or regulation. Where the basis is legitimate interest, we may retain the data unless and until retention (a) exceeds what you would reasonably expect or (b) impinges more than minimally on your privacy or (c) is no longer necessary for pursuing legitimate commercial, individual, or societal interests.
5. With whom may we share your data?
Sharing of your data may occur only on the basis of one or more of the lawful basis identified above. The types of parties we may share your data with include:
• our employees (who will be subject to this policy)
• our suppliers or sub-contractors – for example, freelancers whose services we employ (e.g., editors), our printers and distributors, our accountants, lawyers, insurers, and bankers
• the state, where there is a legal obligation
6. What are your rights?
You have the right to:
• be informed about the collection and use of your data
• access your personal data
• have inaccurate data corrected and incomplete data made complete
• ‘be forgotten’ (i.e., to have data erased)
• request that your data be restricted or suppressed
• portability (i.e., to obtain and re-use your personal data)
• object to the processing of your personal data
Each of these rights, in the sense intended here, is characterised more fully in the Guide to General Data Protection (available from the UK’s Information Commissioner: ico.org.uk)
In addition, if you have given us consent to use your personal data, you have the right to subsequently withdraw that consent. Please do so by notifying us in writing by a signed letter or email attachment.