Privacy and Client GDPR Policy.
This policy sets out Clancy Consulting’s (CCL) commitment to processing data in accordance with its responsibilities under the General Data Protection Regulation (GDPR).
This policy applies to the personal data of clients, former clients and other personal data processed for business purposes.
Mike Powers is the Data Protection Officer (DPO). His role is to inform and advise the organisation on its data protection obligations.
Data protection principles
CCL will process all data in accordance with the principles outlined in Article 5 of the GDPR:
Process personal data lawfully, fairly and in a transparent manner.
Collect data for specified and legitimate purposes and not process data in a manner that is incompatible with those purposes.
Collect data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Ensure that data is accurate and kept up to date and take every reasonable step to rectify or erase data that is inaccurate without delay. i.e. keep data only for the period necessary for the purposes of processing; and
Ensure that appropriate security is in place to protect data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
The information we hold and why
The data which you explicitly provide to us is the minimum we require and will only be used for the legitimate interests of CCL.
The activities we undertake are listed below:
On-Site Assessments
Report Writing
Calculations
Technical Drawings
Expert Witness Services
Project Management Services
Advisory Work
The following are the datasets that CCL require:
Name
Address
Telephone Number
Email Address
We will not share any of your data with other parties, without your consent, outside of the legitimate interests for providing CCL services and unless required to by UK Law and/or Legislation.
Rights
Subject Access Requests
Individuals have the right to make a subject access request. All requests should be directed to the enquiries email (details below) and will receive a response within one month of receiving the original request. If a subject access request is manifestly unfounded or excessive, CCL is not obliged to comply with it.
Other Rights
The right to be informed
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
Data breaches
If there is a breach of personal data that poses a risk to the rights and freedoms of individuals, it will be reported to the Information Commissions Office (ICO) within 72 hours of discovery. Individuals affected by the breach will be informed about its likely consequences and the mitigation measures taken.
Monitor and review
Personal data processing activities will be reviewed as and when.
Contact us
If you have any questions about our company privacy policy, the data we hold on you, or you would like to exercise one of your protection rights, please do not hesitate to contact us.
Email us at: enquiries@clancy.co.uk
Call us: 0161 613 6000
For the Directors
Chris Acton, Chief Executive
April 2024