Optima Consulting Partners Limited (“Optima” or “the Firm”) is a company registered in England and Wales with company number 08880228.
For the purposes of the General Data Protection Regulation (‘GDPR’), Optima will normally be the ‘controller’ of personal data that we have received. On occasion Optima may act in the capacity of a Data Processor where we have entered into a contract for the provision of Services.
Please read the following information carefully in order to understand the Firm’s practices in relation to the treatment of your personal data.
What data privacy principles does the Firm adhere to?
- The Firm will process all personal data in a lawful, fair and transparent manner;
- The Firm will only collect personal data where it is necessary;
- For the Firm to provide a service to you and to the company that you represent (hereinafter referred to as “you” as is appropriate to the context);
- For you and the company that you represent to provide a service to the Firm;
- For the Firm to keep you informed of its products and services; or
- For the Firm to comply with its legal and regulatory obligations.
- The personal data collected by the Firm will be adequate, relevant and limited to what is necessary in relation to the specific purpose for which your data will be processed;
- The Firm will take all reasonable steps to ensure that personal data is accurate and, where necessary, kept up-to-date;
- The Firm will maintain personal data in a form that permits identification no longer than is necessary for the purposes for which the personal data has been collected for processing, in accordance with the Firm’s record retention procedures;
- The Firm will hold and process personal data in a manner that ensures appropriate security;
- The Firm may share personal data with other entities within the Optima group where necessary for the provision of services. Where such entities are outside of the EEA, personal data will be treated as is required under GDPR;
- The Firm will only share personal data outside of the Optima group where it is necessary to provide the agreed service or where it is necessary for the Firm to comply with its legal requirements;
- The Firm will only utilise a service provider based outside of the EEA for the processing of personal data where this is strictly necessary to facilitate our services to you. In all cases, we will ensure service providers are fully compliant with GDPR ahead of transferring any personal data.
What personal data does the Firm collect and why?
The type of personal data (e.g. name, contact details, address etc.) that we may collect will depend upon the relationship between Optima and you. The data so collected may be provided directly by you or, where appropriate, provided by third parties e.g. references, credit checks etc.
As a client, a contact, a service provider or employee (or prospective employee) of Optima we will require some personal information in order to verify your identity and have the applicable relationship with you. Some of this information may be required to satisfy legal obligations (e.g. HMRC) whereas other information may be required in connection with the provision of services to you. The information collected will vary depending on the service the Firm provides to you or you provide to the Firm, but typically includes:
- Personal information: Such as your name, date of birth, passport number or national insurance number;
- Contact information: Including your address, telephone number and email address.
Where does the Firm store my personal data?
The Firm has comprehensive policies and procedures in place to ensure your personal data is kept safe and secure, with these including:
- Data encryption;
- Intrusion detection;
- 24/7 physical protection of the facilities where your data is stored (i.e. Microsoft’s UK data centres);
- Background checks for personnel that access physical facilities; and
- Security procedures across all service operations.
How long does the Firm retain personal data?
Optima will retain personal data for as long as is necessary for the purposes for which it was collected (or longer period if so required by law or legitimate interests) which will be at least for the period in which Optima has a business interest with you.
Any information that is outside the scope of this requirement will be retained whilst relevant and useful, and destroyed where this ceases to be the case or where the data subject specifically requests this.
How have I been categorised in accordance with GDPR?
The GDPR requires the Firm to inform you of the legal basis on which we maintain your personal data. As a general rule the following is applicable:
- Clients – Information is maintained on the basis of contractual obligation and/or legitimate interests (where relevant);
- Service providers – Information is maintained on the basis of contractual obligation;
- Database/marketing contacts – Information is maintained on the basis of legitimate interest; and
- Other contacts – we may on occasion request your consent to use and process personal data.
What are my rights?
You have certain rights which apply in respect of your personal data, depending on your relationship with the Firm and the Firm’s legal and regulatory obligations.
- You have the right to request a copy of the information that we hold about you. If you would like a copy of some, or all, of your personal information, please email the Firm (details shown below). The Firm will provide this information to you within one month (with the ability to extend this by an additional two months where necessary), free of charge.
- You have the right to request that the information the Firm holds about you is erased under certain circumstances including where there is no additional legal and/or regulatory requirement for the Firm to retain this information.
- You have the right to request that any personal data you have provided to the Firm be transmitted to another controller in a commonly used and machine-readable format, otherwise known as ‘data portability’.
- You have the right to ensure that your personal information is accurate and up to date, or where necessary rectified. Where you feel that your personal data is incorrect or inaccurate and should therefore be updated, please contact the Firm (details shown below).
- You have the right to object to your information being processed, for example for direct marketing purposes.
- If Optima has relied upon ‘consent’ for the processing of personal data then you have the right to withdraw such consent.
- You have the right to restrict the processing of your information, for example limiting the material that you receive or where your information is transferred.
- You have the right to object to any decisions based on the automated processing of your personal data, including profiling (although Optima does not use any automated processing or profiling).
- You have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/concerns/ if you are not happy with the way that we manage or process personal data.
Will I be notified of changes to this policy?
The Firm may, from time to time, review and update this policy. The Firm will maintain the latest version of this policy on its website, and where the changes are deemed material, it will make you aware of these.
Who should I direct questions to?
If you have any questions, concerns or complaints about the practices contained within this document or how the Firm has handled your data, please email us at firstname.lastname@example.org
Alternatively, you may write to:
Optima Consulting Partners Ltd
4th Floor Portland House
London SW1E 5RS