By “personal data” we mean all data relating to a living individual who can be identified from that data. Identification maybe by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
We may need to update this notice from time to time. Should there be any substantial changes, we will let you know by email.
Who we are
Expert Thinking is a cloud technology consultancy, working with its customers to maximise value and benefit from their investment in cloud technology. We have offices in Canterbury but operate across the UK. Expert Thinking is the data controller. This means it decides how personal data is processed and for what purposes.
How we collect information about you
We collect personal data each time you are in contact with us, for example, when you:
We also collect some personal data automatically when you visit the website (e.g. your IP address) to enable us to provide you with a browsing experience more tailored to your individual needs through using cookies or gives us a better understanding of how you are using our services.
Personal data may also be given to us from trusted third parties (e.g. our partners). Personal data passed onto us in this way is only ever used to provide you with the services you have requested. We may sometimes pass on your personal data to our partners if we cannot offer you the services you have requested but believe they can assist you.
Why do we collect and use your information?
The legal basis for processing your personal data
Who sees your personal data/storing your personal data
Personal data is held securely on computers and servers within the EEA or EU. It is kept strictly confidential and is never sold, given away or otherwise shared with anyone (with the exceptions stated below) unless required by law. We store the majority of personal data in the cloud with access limited to specific relevant personnel. Where possible, personal data is encrypted during transit and at rest. We will not sell or pass any of your personal data to any other third parties without your express written permission, with the following exceptions:
Where such personal data is shared, your personal data is restricted to the purpose for which it is provided and we ensure it is stored securely and kept no longer than necessary.
The categories of information that we may collect, hold and share
Special category (sensitive) personal data
We may in some cases store special category (sensitive) personal data which can be defined as biometric data, genetic data, mental health, philosophical view or associations, physical health, political views or associations, racial or ethnic background, religious views or associations, sex life, sexual orientation or trade union membership.
Special category personal data will only ever be collected with your consent and only if there is a legitimate, lawful reason for its collection as well as meeting a specific condition outlined in Article 9 of the GDPR.
We hold your data for varying lengths of time depending on the type of information in question but in doing so always comply with GDPR.
We conduct annual checks to ensure that the personal data we are holding is accurate and that you agree to us holding it. If you would like to know specific retention periods please refer to the Retention Periods Policy which can be requested by email to firstname.lastname@example.org.
Keeping your personal data up to date
Please tell us as soon as any of your personal data change so that we can keep our records up to date. You can change the way we contact you or the kind of material we send you at any time by contacting us by email to email@example.com.
Requesting access to your personal data
You can request access to the personal data that we hold about you by emailing firstname.lastname@example.org. We will provide you with access to your personal data within 30 days unless we are legally authorised to refuse your request. We may refuse your request to access, amend or delete your personal data in certain circumstances. If we do refuse your request, we will provide you with a reason for our decision and, in the case of amendment, we will note with your personal data that you have disputed its accuracy.
Your rights under GDPR
Expert Thinking will take reasonable steps to keep secure any personal data, which we hold and to keep this personal data accurate and up to date. Personal data, held electronically, is stored in a secure server or secure files with restricted access and careful monitoring.
The Internet is not a secure method of transmitting information. Accordingly, we cannot accept responsibility for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Your personal data will be held for a reasonable period or as long as the law requires or permits.
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.
For more information on what cookies are and how we use them, see our Cookies Policy.
Our website may also include links to other websites. Links provided are for your convenience to provide further information such as LinkedIn, Twitter and our partners’ websites. Please look at the cookie and privacy policies on these third-party sites if you want more information about this. Users of our website click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links.
Any documents or files made available to download from our website are provided at users’ own risk
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
For further information on how your personal data is used, how we maintain the security of your personal data, and your rights to access personal data we hold on you please email email@example.com.