Who we are

This is the Privacy notice of Iain Tyrrell Consulting, referred to throughout the remainder of this notice as ‘we’, ‘us’, ‘our’ or ‘ours’.

The privacy and security of your personal information (also referred to as ‘data’)  is of the highest importance to us. This notice explains how and why we may collect your personal information, the types of information we collect, how we process/use it, how long we store it for, and who we may share it with.

This notice also explains your rights and how to make a request for access to the data we may hold about you, or how to make a complaint.

Data Controller

Iain Tyrrell Consulting is the controller of data we process unless stated otherwise.

Iain Tyrrell Consulting
Heritage Building
Aviation Park
Flint Road
Chester CH4 0GZ
United Kingdom

Telephone: 01244 538 568
Email: media@iaintyrrell.co.uk

How do we collect information?

The personal information we process is generally provided by you directly to us. This may be for any of the reasons stated below:
• You have subscribed to our blog, or marketing information;
• You have made a visit to our website (see more in the section on Cookies);
• You have made an enquiry regarding our products and services;
• You have applied for employment with us;
• You are representing your organisation (e.g. as a potential supplier);
• You have made an information request to us.

We may also receive personal information from a third-party organisation such as:
• your bank or building society
• a credit reference agency
• one of our employees provides your contact details in case of an emergency, or (as an applicant) names you as a referee in the course of their applying for employment with us
• your existing or previous employer
• other publicly accessible sources
• other professionals in the course of our dealings with you.

If it is not disproportionate or prejudicial, we will inform you that we are processing your personal information.

Blog comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Social media sharing

We use Google Analytics to track social shares made at our website. Google automatically collect and store certain information in their server logs which includes device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL, cookies that may uniquely identify your browser or your Google Account, in accordance with their data privacy policy: https://policies.google.com/privacy.

We embed a Facebook widget to allow you to see number of likes/shares/recommends and “like/share/recommend” our webpages. This widget may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the widget, including correlating your Facebook account with whatever action you take within the widget (such as “liking/sharing/recommending” our webpage), if you are logged in to Facebook. For more information about how this data may be used, please see Facebook’s data privacy policy: https://www.facebook.com/about/privacy/update .

We use a GooglePlus widget at our website. As a result, our website makes requests to Google’s servers for you to be able to share our webpages using your GooglePlus account. These requests make your IP address visible to Google, who may use it in accordance with their data privacy policy: https://policies.google.com/privacy .

We use a Twitter Tweet widget at our website. As a result, our website makes requests to Twitter’s servers for you to be able to tweet our webpages using your Twitter account. These requests make your IP address visible to Twitter, who may use it in accordance with their data privacy policy: https://twitter.com/en/privacy#update .

We use a Linkedin Share widget at our website to allow you to share our webpages on Linkedin. These requests may track your IP address in accordance with their data privacy policy: https://www.linkedin.com/legal/privacy-policy .

We use Pinterest Save widget at our website to allow you to pin images to Pinterest from our webpages. These requests may track your IP address in accordance with their data privacy policy: https://policy.pinterest.com/en/privacy-policy .

We use Reddit Badge widget at our website which may log information when you interact with the widget. This may include your IP address, user-agent string, browser type, operating system, referral URLs, device information (e.g., device IDs), pages visited, links clicked, user interactions (e.g., voting data), the requested URL and hardware settings, in accordance with their privacy policy: https://www.redditinc.com/policies/privacy-policy .

Media

If you choose to upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

There are presently no contact forms in use on this site; however there is a subscribe form on our blog (see next section on cookies).

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

See more in our Cookie policy.

Google Analytics Cookies

_ga
_gali
_gat_UA-1036645-1
_gid

These cookies collect information about how visitors use our website. We use the information to for statistical analysis to help us to improve users’ experience when using our website. These cookies collect information in an anonymous form (no personal information is collected) and include the number of visitors to the website and blog, where visitors have come from to the website and which sections/pages they viewed during their visit to the site. For further information see Google’s overview of privacy and safeguarding data.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We take no responsibility for such websites and therefore advise you to refer to their own privacy policies.

Analytics

This site uses Google Analytics to help us improve the performance of the site; no data collected identifies you as an individual.

What legal basis do we have for processing your personal data?

There are six possible legal grounds upon which we may process your personal data, which are:

  1. consent
  2. contract
  3. legitimate interests
  4. vital interests
  5. public task
  6. legal obligation

Categories and Legal bases for processing

Should we need  to collect or process sensitive personal data in the normal course of our business, we rely on one of the following legal bases:

  • To enable us to operate our business including the delivery of our services, managing our assets such as delivering content to you: To fulfil our ‘contract’ with you or when taking steps at your request before entering into a contract together.
  • When performing security related checks to verify your identify, or for any required processing purposes in order  to comply with our legal and regulatory obligations relating to our business: To comply with our regulatory and ‘legal obligations’.
  • Collecting and providing information required by regulatory bodies such as in the course of any audits, enquiries or investigations: To comply with our regulatory and ‘legal obligations’.
  • To comply with our own business policies, such as policies covering access, security and internet usage: For our ‘legitimate interests’ or for those of a third-party, i.e., to ensure we abide by our own internal policies and procedures in order to deliver the best levels of service to you.
  • To help improve our operations, such as services delivery, training and quality standards: For our ‘legitimate interests’ or for those of a third-party, i.e., to ensure we abide by our own internal policies and procedures in order to deliver the best levels of service to you.
  • For safeguarding the confidentiality of commercially sensitive information: For our legitimate interests or those of a third-party, i.e., to protect our intellectual property and other commercially sensitive or valuable information: To comply with our regulatory and ‘legal obligations’.
  • In performing statistical analysis to help us manage our business operations, such as our financial performance, customer base, working best practices or other efficiency measures: For our ‘legitimate interests’ or for those of a third-party, i.e., to ensure we abide by our own internal policies and procedures in order to deliver the best levels of service to you.
  • When implementing security measures for preventing any unauthorised access and modifications to our systems: For our ‘legitimate interests’ or those of a third-party, i.e., to prevent and detect criminal activity that could be damaging for us and/or you: To comply with our regulatory and ‘legal obligations’.
  • For maintaining accurate and up to date client records: For the performance of our ‘contract’ with you or to take steps at your request before entering into a contract and to comply with our regulatory and ‘legal obligations’ or for our legitimate interests or those of a third-party, such as ensuring we maintain contact with our clients regarding existing and new services.
  • For statutory returns: To comply with our regulatory and ‘legal obligations’.
  • To ensure safe working practices relating to staff administration and assessments: To comply with our regulatory and ‘legal obligations’, or for our ‘legitimate interests’ or those of a third-party, to ensure we adhere to our own internal procedures and that we are working efficiently to deliver the best quality of service to you.
  • For marketing our services to existing and former clients and/or third-parties that have previously expressed an interest in our services, or third-parties with whom we have had no previous dealings: For our ‘legitimate interests’ or those of a third-party, i.e., to actively promote our business to prospective, existing and former customers.
  • To enable us to conduct credit reference checks via external credit reference agencies: For our ‘legitimate interests’ or a those of a third-party, relating to credit control or to ensure our clients’ ability to pay for our services.
  • When conducting external audits and quality checks: For our ‘legitimate interests’ or a those of a third-party, so that we maintain the highest quality standards: To comply with our regulatory and ‘legal obligations’.

How we use your personal information

We will only use your personal data where we have a genuine reason for doing so, such as:

  •  to process your enquiry about our services or to undertake necessary activities prior to entering into a contract with you
  •  to set up and administer a business account with you
  •  to effectively carry out and ensure the performance of our contract with you
    for our legitimate interests, i.e., when we have a genuine business or commercial reason to use your information (so long as this is not overridden by your own rights and interest)
  •  where you have freely given your consent, eg subscribing to our blog
  •  to comply with any legal or regulatory obligations
  •  to deliver updates on our blog, or for marketing and events communication.

Marketing and other communications

We may process your personal data to send you updates (by email, text message, landline or mobile telephone or post) relating to information that might be of interest to you, such as information relating to our services, including new services or products, events or promotions.

We have a legitimate interest in processing your personal data for promotional purposes, which means in certain cases we may not need your explicit consent to send you promotional communications. However, where consent is required (eg, email, mobile telephone, text message), we will ask for your consent separately. We will treat your personal data with the utmost respect at all times and we will never sell or share your personal data with other organisations for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by clicking the ‘unsubscribe’ link in our emails or contacting us by post.

We may request that you confirm or update your marketing preferences if you request us to provide further services to you in the future, or following any relevant changes in the applicable law, regulations or due to changes in our business.

Who we share your data with

As part of our business operations we may routinely share personal data with:

  • professional advisers instructed by you on your behalf
  • other third-parties where necessary to provide our services
  • credit reference agencies
  • our insurers and brokers
  • external auditors (eg chartered accountants)
  • our bank
  • other external service suppliers or agents used by us to assist us in effectively operating our business.

Our service providers are only allowed to handle your personal data where we have their assurance that they take all necessary measures needed to protect your personal information. We also impose strict contractual obligations to ensure our service providers only use your personal data to provide their services to us and/or you.

We may be required to disclose and exchange information with law enforcement agencies or regulatory bodies to comply with our legal and regulatory obligations. It may also be necessary for us to share some personal data with other parties, such as potential investors/buyers of some or all of our business in the future. Under normal circumstances information will be anonymised; however, this may not always be possible. The recipient of the information will be bound by a confidentiality agreement and we will not share your personal information with any other third-parties.

How long we retain your data

We will keep your personal data following our provision of services to you, for one of the following reasons:

  • to respond to any questions, complaints or claims made by you or on your behalf
  • to show that we treated you fairly
  • to keep any records as required by law.

We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data.  When it is no longer necessary to retain your personal data, we will delete or anonymise it.

Blog comments

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

You have the following rights, which you may exercise free of any charge:

  • Access: The right to be provided with a copy of your personal data
  • Rectification:     The right to require us to correct any mistakes in your personal data
  • Erasure (the right to be forgotten): The right to require us to delete your personal data—under certain circumstances
  • Restriction of processing: The right to require us to restrict processing of your personal data—in certain circumstances, eg where you dispute the accuracy of the data
  • Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third-party of your discretion in certain situations
  • To object: At any time to your personal data being processed for direct marketing (including profiling); or under in certain other circumstances to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.
  • Profiling: Not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you would like to exercise any of your rights please contact us by email, telephone or by post, providing us with sufficient information to enable us to identify you. Please provide proof of your identity and address (such as a copy of your driving licence or passport and a recent utility or bank statement). Please also inform us of which right you want to exercise and the information your request relates to.

For further information regarding your rights, including the circumstances under which they apply, please contact us or refer to the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation (GDPR).

Where we send your data

Visitor comments may be checked through an automated spam detection service.

How we protect your data

The security of your information is a priority to us and as such we undertake all necessary security measures to prevent your personal data from being accidentally lost accessed and used unlawfully. We restrict access to your personal information to those who have a genuine (business or legal) reason to access it.

Persons processing your information will do so only in an authorised manner and are they are bound by a duty of confidentiality.  Additionally, we have procedures in place to deal with any suspected data security breach and we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Automated decision making and/or profiling

We do not presently utilise any forms of automated profiling.

Changes to this policy

We will update this policy from time to time either due to changes in our business or relevant changes in legislation. Please revisit this page from time to time to ensure you are aware of any changes.

Last updated: December 2018