By “personal data” we mean all data relating to a living individual who can be identified from that data. Identification maybe by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
We may need to update this notice from time to time. Should there be any substantial changes, we will let you know by email.
Who we are
Expert Thinking is a cloud technology consultancy, working with its customers to maximise value and benefit from their investment in cloud technology. We have offices in Canterbury but operate across the UK. Expert Thinking is the data controller. This means it decides how personal data is processed and for what purposes.
How we collect information about you
We collect personal data each time you are in contact with us, for example, when you:
- Visit our website
- Provide your contact details, either in writing or orally to Expert Thinking personnel
- Communicate with Expert Thinking by means such as email, letter, telephone, meeting, video conference call, via social media platforms, etc.
We also collect some personal data automatically when you visit the website (e.g. your IP address) to enable us to provide you with a browsing experience more tailored to your individual needs through using cookies or gives us a better understanding of how you are using our services.
Personal data may also be given to us from trusted third parties (e.g. our partners). Personal data passed onto us in this way is only ever used to provide you with the services you have requested. We may sometimes pass on your personal data to our partners if we cannot offer you the services you have requested but believe they can assist you.
Why do we collect and use your information?
- Communicate with you, for example:
- Provide information you request on our services and solutions or those of our partners
- Respond to enquiries received via our website or social media
- Provide relevant marketing communications
- Keep you informed of relevant news, updates or services
- To support you, for example:
- Resolve any issues you may have when using our website
- To successfully deliver our services and solutions, for example:
- We may pass on personal data to approved contractors or subcontractors who are involved in the supply or services
- To fulfil our remit as a technology consultancy
The legal basis for processing your personal data
- Consent: We hold personal data with the consent of the data subject, for example, when signing up to receive our newsletter or entering into an agreement for the supply of services
- Legitimate interests: We hold personal data within the legitimate interests of the business, for example, contacting you to provide relevant marketing communications or processing IP addresses in Google Analytics to help us better understand how customers use our website
- Legal obligations: Where processing is necessary for performing our legal obligations under appropriate laws
Who sees your personal data/storing your personal data
Personal data is held securely on computers and servers within the EEA or EU. It is kept strictly confidential and is never sold, given away or otherwise shared with anyone (with the exceptions stated below) unless required by law. We store the majority of personal data in the cloud with access limited to specific relevant personnel. Where possible, personal data is encrypted during transit and at rest. We will not sell or pass any of your personal data to any other third parties without your express written permission, with the following exceptions:
- By providing us with your personal data you are giving Expert Thinking permission to transfer your personal data to our service providers including CRM software, such as Zoho and HubSpot, which enable us to provide the best service to our customers
- By entering into an agreement with us for the supply of services we may share your personal data with third parties for the purposes of invoicing, accounting and project management, such as Xero and Harvest, and we may also pass on your personal data to third parties to formally agree work to be undertaken with you, such as DocuSign
- To show accountability under GDPR and ensure the security of personal data, it is necessary to back up our data in the cloud for which we primarily use Microsoft SharePoint.
- Personal data may also be passed onto our website provider, Monster Insights and Google Analytics for the purposes of analysing the flow of traffic or managing our domain
- Approved contractors and subcontractors involved in the supply of services may also see your personal data in the supply of the services
Where such personal data is shared, your personal data is restricted to the purpose for which it is provided and we ensure it is stored securely and kept no longer than necessary.
The categories of information that we may collect, hold and share
- Personal data (such as name, telephone number, email address, IP address, location etc.)
Special category (sensitive) personal data
We may in some cases store special category (sensitive) personal data which can be defined as biometric data, genetic data, mental health, philosophical view or associations, physical health, political views or associations, racial or ethnic background, religious views or associations, sex life, sexual orientation or trade union membership.
Special category personal data will only ever be collected with your consent and only if there is a legitimate, lawful reason for its collection as well as meeting a specific condition outlined in Article 9 of the GDPR.
We hold your data for varying lengths of time depending on the type of information in question but in doing so always comply with GDPR.
We conduct annual checks to ensure that the personal data we are holding is accurate and that you agree to us holding it. If you would like to know specific retention periods please refer to the Retention Periods Policy which can be requested by email to email@example.com.
Keeping your personal data up to date
Please tell us as soon as any of your personal data change so that we can keep our records up to date. You can change the way we contact you or the kind of material we send you at any time by contacting us by email to firstname.lastname@example.org.
Requesting access to your personal data
You can request access to the personal data that we hold about you by emailing email@example.com. We will provide you with access to your personal data within 30 days unless we are legally authorised to refuse your request. We may refuse your request to access, amend or delete your personal data in certain circumstances. If we do refuse your request, we will provide you with a reason for our decision and, in the case of amendment, we will note with your personal data that you have disputed its accuracy.
Your rights under GDPR
- The right to request a copy of your personal data which Expert-Thinking holds about you
- The right to request that Expert Thinking corrects any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for Expert Thinking to retain such personal data
- The right to withdraw your consent to the processing of personal data at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
- The right, where there is a dispute concerning the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data
- The right to lodge a complaint with the Information Commissioners Office (ICO)
Expert Thinking will take reasonable steps to keep secure any personal data, which we hold and to keep this personal data accurate and up to date. Personal data, held electronically, is stored in a secure server or secure files with restricted access and careful monitoring.
The Internet is not a secure method of transmitting information. Accordingly, we cannot accept responsibility for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Your personal data will be held for a reasonable period or as long as the law requires or permits.
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.
For more information on what cookies are and how we use them, see our Cookies Policy.
Our website may also include links to other websites. Links provided are for your convenience to provide further information such as LinkedIn, Twitter and our partners’ websites. Please look at the cookie and privacy policies on these third-party sites if you want more information about this. Users of our website click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links.
Any documents or files made available to download from our website are provided at users’ own risk.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
For further information on how your personal data is used, how we maintain the security of your personal data, and your rights to access personal data we hold on you please email firstname.lastname@example.org.