Shape New Ideas Limited Data Protection Policy and Privacy Notice
This document describes how Shape New Ideas Limited collects and uses personal information about you during and after your working relationship with you in accordance with the General Data Protection Regulation (GDPR). When we refer to “we”, “us”, “our”, “Shape” we are referring to this company. “you” and “your” refer to individuals using or otherwise interacting with our Services.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for the purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes that we have told you about and limited only to those purposes
- Accurate and where necessary kept up to date
- Kept only as long as necessary for the purposes we have told you. Further processing is allowed for archiving, scientific, statistical and historical research purposes.
- Kept securely with appropriate technical and organisational measure put in place
Personal data is information relating to an identified or identifiable person who can be identified directly or indirectly by that data on its own or together with other data. It does not include data where the identity has been removed (anonymous data).
Data controllers, data processors
Shape New Ideas Limited is the data controller and data processor.
The data we collect about you
We may collect, use, store and transfer different kinds of personal information subject to our relationships with you, for example
Identity data: name, job title, employer
Contact data including email address, telephone numbers
IP addresses, social handles
Bank account details for the purposes of compensation of employees and contractors
Under specific circumstances we may collect special categories of personal data with your consent if you are a market research participant (such as sex life, sexual orientation, political opinions, information about your health and medical conditions).
How is your data collected
We use different methods to collect data from and about you including:
Via third parties such as clients and agencies
Via social media, newsletter subscriptions
Purposes for which we use your personal data
We will only use your personal information when the law allows us to.
Most commonly this will be:
Where we need to perform a contract with you or the business you are working for or with
Where you have given us consent
Where we need to comply with a legal obligation
Where it is necessary for legitimate interests such as managing and conducting business with you; determining how well we perform our client services and assess customer satisfaction; better understand how people interact with our websites and marketing campaigns; offer consulting advice; keep you informed of our products and services
A legal or regulatory obligation
We retain your personal data for as long as it is necessary to fulfil the purposes we collected it for. We retain information that relates to client projects to meet our contractual archiving requirements with them.
We have put in place measures to protect the security of your information, prevent it from being accidentally lost, used or accessed in an unauthorised way. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and securely. However, due to the nature of Internet communications, we cannot guarantee or warrant that your transmission to us is secure.
Disclosures of your personal data
We may have to share your personal data with the parties set out below:
Service providers who provide IT, system administration services and e-marketing on our behalf. Professional advisers including lawyers, bankers, auditors, contractors and insurers, who provide consultancy, legal, insurance and accounting services.
HM Revenue and Customs, regulators and other authorities based in the UK who require reporting activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We limit access to employees, agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions and they are subject to a duty of confidentiality and to comply with this policy.
Some of our external third parties are based outside of the European Economic Area (EEA) so their process of your personal data will involve a transfer of data outside the EEA. Whenever we transfer data out of the EEA we ensure a similar degree of protection by ensuring one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data share between Europe and the US.
Your legal rights
Under certain circumstances you have rights under data protection laws in relation to your personal data.
Request access to your personal information (commonly known as a ‘data subject access request’)
Request correction of the personal information we hold about you.
Request erasure of your personal information
Object to processing of your personal information where we are relying on a legitimate interest
Request the restriction of process of your personal information
Request the transfer of your information to another party
Withdraw consent at any time where we are relying on consent to process your personal data.
If you would like to exercise any other about rights, please contact the Data Privacy Manager:
Data privacy manager: James Jesty
Telephone number: 01483 824234
Email address: firstname.lastname@example.org
Right to lodge a complaint to the Information Commissioner’s Office (ICO)
We take the protection of your data seriously. Please contact our Data Privacy Manager if you have any concerns. If you are not happy with how we have handled your enquiry you have right to make a complaint to the ICO at www.ico.org.uk/concerns.
Changes to this privacy notice
We reserve the right to update this document at any time.
Latest updated August 2018.