This policy sets out the obligations of Claire Holly and Claire Holly Brand Coaching, both trading names of In Good Company (London) Ltd, a company registered in Company Number: 07500563, whose registered office is The Davies & Davies Building, 3rd Floor, 85 Stroud Green Road, London, N4 3EG, regarding data protection and the rights of individuals in respect of their personal data.
This policy aims to ensure compliance with Data Protection Principles of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR).
Claire Holly has specific legal obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out here must be followed at all times by the company, its employees, contractors, or other parties working on behalf of the company.
Throughout this policy the term “individuals” usually means customers but will also mean staff members (current and former employees), job applicants, contractors, suppliers, advisers and professional consultants. For the purposes of this policy, the term is usually synonymous with the legal term “data subject”.
All Personal Data Collected, Processed And Held By Claire Holly Must Be:
- processed lawfully, fairly and in a transparent manner without adversely affecting the rights of the data subjects;
- collected directly from data subjects for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Claire Holly collects personal data relating to the following services it provides:
– Brand strategy coaching
– Brand strategy consultancy
– Brand identity design and creative services (where applicable and managed through our sister company Barefaced Studios, who are another trading name of In Good Company (London) Ltd)
Individuals Personal Data
Claire Holly may collect the following categories of personal data:
– First Name, middle name and surname
– Previous name
– Date of birth
– Gender
– Pronouns
– Marital status
– Residential status
– Nationality
– Ethnicity
– Political status
– Name of business
– Business address and limited company information
– Photographic ID document (including passport, driving licence)
– Proof of address documents
– Current address
– Salary
– Employment details
– Bank details
– Web browser type and version
Claire Holly will collect the relevant personal data required to conducting its business from:
– Data subjects
= Business associates
This information will typically be collected by completing our standard forms, through our website, via email, during a telephone conversation, during an in person meeting, or at our offices.
Claire Holly will only collect, process and hold personal data for the following purposes:
– To verify your identity
– To register and assess coaching and consultancy applicants and to provide our services: brand strategy coaching, brand strategy consultancy and, where applicable, brand identity and creative design services
– To perform professional duties such as coaching, consultancy, research
– To contact you with the information that you require
– To contact you by email, telephone or post
– To comply with legal obligations such as to prevent and to protect against fraud, money laundering and other illegal activities
– To comply with industry standards
– To send promotional communication about our services, special offers or other information which we think you may find of interest using the email address or telephone contact number which you have provided
– To carry out research for our own purposes or where the research may involve the compilation of statistics, or the amalgamation of records into a form where no information about specific individuals are disclosed or can be inferred.
– To contact you for market research purposes about our services
– To comply with contractual obligations with you
– To subscribe to our e-newsletters and updates
– To report a problem with our website
– To evaluate job applicants for the recruitment of new staff members
– To register for working or training with us
Use Of Business Information And Photographs
Claire Holly will use information relating to customers’ businesses including photographs, descriptions and testimonials for general marketing purposes. We will always take reasonable steps to ensure no personal information relating to the customer apart from that relating to the customer’s business and their role within the business is used.
Website
We use the information about your visit to our website for the following purposes:
– to ensure that content of our website is presented in the most effective manner for you and for your computer or mobile device;
– to administer the website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
– to identify and implement improvements in the operation of the website, the content included on the web site and the way in which content is presented;
– as part of our efforts to keep the web site safe and secure;
– to measure or understand the effectiveness and relevance of advertising on the site
CCTV
At our offices there are CCTV cameras in areas where staff may meet customers, being the ground floor, first floor office and second floor office. The purpose of the CCTV, which is recorded, is for the security and safety of the staff and customers and for the security of the premises and to monitor the activities of contractors working on site. CCTV and recordings, including telephone conversations, may be used on occasion for staff training, authentication and security purposes.
Lawful Basis of Processing
Claire Holly processes your personal information under the following:
– Performance of a contract: where you enter into a contract with Claire Holly and we need to process your information as part of this contract in order to carry out our obligations and to provide you with the information and services you request from us
– Legitimate interests: some information is processed by Claire Holly as part of its legitimate interests which include: fraud, risk assessment, due diligence, developing our services and grow our business, providing network and information security, managing opting out of communications and marketing communication, monitoring and updating customer details.
– Legal obligation: processing is necessary for compliance with a legal obligation to which Claire Holly is subject.
– Consent: where we process information under consent we will seek you clear and unambiguous consent prior to processing your data – to permit our trusted third parties to provide you with information about goods or services which you have expressed an interest in or to assist us in the improvement and optimisation of our advertising or marketing material and content, our services and our website.
Claire Holly will not disclose your personal data to any third parties except for the following:
– If we are under a duty to disclose or share your personal data in order to comply with any legal obligation
– When we are requested by HMRC for information in accordance with legislated authorities
– Where we are required to do so by law or in connection with legal proceedings
– To comply with Anti-Money Laundering Regulations
– We may disclose personal information to our accountants: Melinek Fine LLP; and our legal advisers.
– We may disclose personal information to our contractors and sub-contractors or associate firms when you have given consent to this or for the purpose of carrying out our obligations as part of a contract.
– Our associate firm Barefaced Studios – brand identity design and creative services providers where you have consented for us to do so
– Our associate firm Good Company – support group for female founders where you have consented for us to do so
– To any professional person acting on your behalf, including solicitors, marketing professionals, business advisors – where you have consented for us to do so
– To any other persons, where you have consented for us to do so
Your Rights And Options
1. The right to be informed – This policy informs all individuals about the collection and use of their personal data.
2. The right of access – You may make a request at any time to obtain the personal data which Claire Holly holds about you by email to claire@claireholly.co.uk. It is called Subject Access Request (SAR) and it can be made by filing in a Subject Access Request (SAR) form or by writing to us instead.
a) We will respond to any SARs within a month of receipt. However, this may be extended by up to two months if the SAR is complex and/or if numerous requests are made.
b) All SARs will be handled by the Company Director.
c) There is no fee for handling normal SAR requests. However, Claire Holly reserves the right to charge a reasonable fee for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly if it repetitive.
d) Staff members who wish to make a SAR should use a Subject Access Request Form and send it to Claire Holly’s company director.
3. The right to rectification – Claire Holly will ensure that all personal data collected, processed and held by is kept accurate and up-to-date. Data subjects have the right to request rectification of personal data. The accuracy of data will be checked at the time it is collected and at regular intervals thereafter.
If you require any rectification of information, please contact by email at: claire@claireholly.co.uk
If any personal data is found to be inaccurate or out of date, all reasonable steps should be taken without delay to amend or erase the data, as appropriate.
Claire Holly will rectify the personal data in question, and inform the you of that rectification, within one month of you informing us of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, we will inform you without delay.
In the event that any affected personal information has been disclosed to third parties, those parties will be informed of any rectification that must be made to that personal data
4. The right to erasure or “the right to be forgotten” – You have the right to request that the Company erases the personal data it holds about them in the following circumstances:
a. it is no longer necessary for Claire Holly to hold that personal data with respect to the purpose(s) for which it was originally collected or processed;
b. you wish to withdraw your consent to Claire Holly holding and processing your personal data;
c. if you object to Claire Holly holding and processing their personal data (and there is no overriding legitimate interest to allow the Company to continue doing so) (see Part 18 of this Policy for further details concerning the right to object);
d. the personal data has been processed unlawfully;
e. the personal data needs to be erased in order for Claire Holly to comply with a particular legal obligation
f. the personal data is being held and processed for the purpose of providing information society services to a child.
Unless we have reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and you will be informed of the erasure, within one month of receipt of the data subject’s request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject will be informed.
In the event that any personal data that is to be erased in response to a data subject’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).
If we have disclosed the personal data to others, we will contact each recipient and inform them of the erasure, unless this proves impossible or involves disproportionate effort. If asked to we will also inform the individuals about these recipients.
However, please note that the right to erasure does not apply if processing is necessary for one of the following reasons:
– to exercise the right of freedom of expression and information;
– to comply with a legal obligation;
– for the performance of a task carried out in the public interest or in the exercise of official authority;
– for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
– for the establishment, exercise or defence of legal claims.
Under GDPR there are two circumstances where the right to erasure will not apply to special category data:
1) if the processing is necessary for public health purposes in the public interest (e.g. protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
2) if the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (e.g. a health professional).
If you would like to request Claire Holly to delete the personal data we hold about you, you can contact our Director outlining what information you would like deleted by email at: claire@claireholly.co.uk
5. The right to restrict processing – This is not an absolute right and only applies in certain circumstances.
You have the right to request you restrict the processing of their personal data in the following circumstances:
– the individual contests the accuracy of their personal data and you are verifying the accuracy of the data;
– the data has been unlawfully processed (i.e. in breach of the lawfulness requirement of the first principle of the GDPR) and the individual opposes erasure and requests restriction instead;
you no longer need the personal data but the individual needs you to keep it in order to establish, exercise or defend a legal claim; or
– the individual has objected to you processing their data under Article 21(1), and you are considering whether your legitimate grounds override those of the individual.
Although this is distinct from the right to rectification and the right to object, there are close links between those rights and the right to restrict processing:
– if an individual has challenged the accuracy of their data and asked for you to rectify it (Article 16), they also have a right to request you restrict processing while you consider their rectification request; or
– if an individual exercises their right to object under Article 21(1), they also have a right to request you restrict processing while you consider their objection request.
Therefore, as a matter of good practice we will automatically restrict the processing whilst we are considering its accuracy or the legitimate grounds for processing the personal data in question.
You may request that Claire Holly cease processing the personal data held about you. If you make such a request, we will retain only the amount of personal data concerning you (if any), that is necessary to ensure that the personal data in question is not processed further.
If you wish to make a request for restriction please contact us by email at claire@claireholly.co.uk We will act upon the request without undue delay and at the latest within one month of receipt.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so)
6. The right to data portability
This only applies to the personal data you have provided to Claire Holly where the processing is based on your consent or for the performance of a contract and when processing is carried out by automated means. Under the data protection regulation, you have the right to receive a copy of your personal data and to use it for other purposes (namely transmitting it to other data controllers).
Where technically feasible, if requested your personal data will be sent directly to the required data controller.
All requests for copies of personal data shall be complied with within one month of the data subject’s request. The period can be extended by up to two months in the case of complex or numerous requests. If such additional time is required, we will inform you.
If you wish to make such a request you can contact us by email at claire@claireholly.co.uk
7. The right to object
You have the right to object to Claire Holly processing your personal data based on legitimate interests, direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes.
If you would like to object to any processing of your personal data Claire Holly you can contact us outlining what processing of information you would like to object to.
To update your preferences, ask us to remove your information from our mailing lists please contact our DPO Officer either by email at claire@claireholly.co.uk
Where you object to us processing your personal data based on our legitimate interests, we will cease the processing immediately, unless it can be demonstrated that our legitimate grounds for such processing override the data subject’s interests, rights, and freedoms, or that the processing is necessary for the conduct of legal claims.
Where you object to the Claire Holly processing your personal data for direct marketing purposes, the Company shall cease such processing immediately.
8. Rights in relation to automated decision making and profiling
Where personal data used in automated decision-making processes you have the right to challenge such decisions under the current regulation, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision.
The right does not apply in the following circumstances: the decision is necessary for the entry into, or performance of, a contract between the data controller (Claire Holly) and the data subject (you, the customer); the decision is authorised by Union or Member state law applicable to the controller; or the data subject has given their explicit consent.
When personal data is used for profiling purposes, the following shall apply:
– Clear information explaining the profiling shall be provided to data subjects, including the significance and likely consequences of the profiling
– Appropriate mathematical or statistical procedures shall be used
– Technical and organisational measures shall be implemented to minimise the risk of errors. If errors occur, such measures must enable them to be easily corrected.
– All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling
9. Opting out of processing
You can opt out of the collection of personal information by automated means e.g. when visiting our website by using the Cookie Consent tool displayed in the website (the browser you use may provide options on how to opt out of receiving certain types of cookies). Please note that without cookies you may not be able to use all of the website features and/or online services.
You can at any time tell us not to send you marketing communications by email claire@claireholly.co.uk or by unsubscribing via the “unsubscribe link” within the marketing e-mails you receive from us.
Withdrawal of consent
If we obtain your information by consent you have the right to withdraw any consent you previously provided to us.
If we process your information under a legitimate interest you can object at any time to the processing of your personal information. Claire Holly will apply your preferences going forward. But this will mean that you cannot take advantage of certain products, services and campaign promotions.
The right to consent removal may be limited in some circumstances by local law requirements and you will be informed appropriately.
Data Retention
Claire Holly will not keep personal data for longer than it is necessary for the purpose or purposes for which it was originally collected, processed and held and will take all reasonable steps to erase and dispose of that personal data without delay.
However, Clients details must be held by us for accounting, taxation and legal purposes for six years from the end of the accounting period to which they relate, or from when the account shows a nil balance following a cessation of the contractual relationship, whichever is the later.
Where We Store And How We Protect Your Personal Data
All data collected will be kept securely on our computers and servers, with our secure cloud-based contact management software providers, project management software and paper files. Claire Holly will take all steps reasonably necessary to ensure that all data is treated securely and in accordance with the data protection principles and requirements of good practice. We maintain administrative, technical and physical safeguards designed to protect all personal data against any accidental, unlawful or unauthorised erasure, loss, modification, access, disclosure or use.
Disposal Of Data
When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of or anonymised.
International Data Transfers
It may be sometimes necessary to transfer personal data overseas. When this is needed, information is only shared within the European economic area (EEA). Any transfers made will be in full compliance with all aspects of the data protection regulation.
Data Breach Notification
All personal data breaches must be reported immediately to the Company Director.
If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Director must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
In the event that a personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the Director must ensure that all affected data subjects are informed of the breach directly and without undue delay.
Organisational Measures
The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:
– All members of staff, contractors, or other parties working on behalf of Claire Holly shall be made fully aware of both their individual responsibilities and the Company’s responsibilities under the GDPR and under this policy, and shall be provided with a copy of this policy
– Only members of staff, contractors, or other parties working on behalf of Claire Holly that need access to, and use of, personal data in order to carry out their assigned duties correctly shall have access to personal data held by the Company
– All members of staff, contractors, or other parties working on behalf of Claire Holly handling personal data will be appropriately trained to do so
– All members of staff, contractors, or other parties working on behalf of Claire Holly handling personal data will be appropriately supervised
– All members of staff, contractors, or other parties working on behalf of Claire Holly handling personal data must exercise care, caution, and discretion when discussing work-related matters that relate to personal data, whether in the workplace or otherwise
– Methods of collecting, holding, and processing personal data shall be regularly evaluated and reviewed.
– All personal data held by Claire Holly shall be reviewed periodically
– The performance of those employees, contractors, or other parties working on behalf of Claire Holly handling personal data shall be regularly evaluated and reviewed;
– All employees, contractors, or other parties working on behalf of Claire Holly handling personal data will be bound to do so in accordance with the principles of the GDPR and this Policy by contract;
– All contractors or other parties working on behalf of Claire Holly handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of Claire Holly arising out of this Policy and the GDPR, and
– Where any contractor or other party working on behalf of Claire Holly handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless Claire Holly against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.
Please note, any companies or organisations referred to in this policy may, at any time, be changed due to commercial or other business reasons and this policy will be amended after such time as these changes occur.
V2023.03.05 Data Protection and Privacy Policy
Data Request
You have the right to access, rectify, erase, restrict, challenge, object and migrate the data we hold on you. For more detailed information please read our Privacy Policy above.
We strongly advise reading our Privacy Policy first, but to make things as simple as possible we’ll break it down for you: you can ask us what data we hold on you and you can request to update or remove partially or wholly the data we hold on you (as long as it’s not data that we legally have to hold on to – for example, if you’re a current client for whom we manage a property for, in which case there’s some data we are required to safely retain on record for a set amount of time).
If you want to get in contact with us about your data please email our Company Director c/o Claire Holly on claire@claireholly.co.uk
We aim to respond to data enquiries promptly but at busy times may take up to 30 days to get back to you.
Join the club
Sign up to my mailing list for access to exclusive content and free stuff