Privacy and Client GDPR Policy.

 

This policy sets out Clancy Consulting’s (CCL) commitment to processing data in accordance with its responsibilities under the General Data Protection Regulation (GDPR).

This policy applies to the personal data of clients, former clients and other personal data processed for business purposes.

Mike Powers is the Data Protection Officer (DPO). His role is to inform and advise the organisation on its data protection obligations.

Data protection principles

CCL will process all data in accordance with the principles outlined in Article 5 of the GDPR:

  1. Process personal data lawfully, fairly and in a transparent manner.

  2. Collect data for specified and legitimate purposes and not process data in a manner that is incompatible with those purposes.

  3. Collect data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

  4. Ensure that data is accurate and kept up to date and take every reasonable step to rectify or erase data that is inaccurate without delay. i.e. keep data only for the period necessary for the purposes of processing; and

  5. Ensure that appropriate security is in place to protect data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

The information we hold and why

The data which you explicitly provide to us is the minimum we require and will only be used for the legitimate interests of CCL.

The activities we undertake are listed below:

  • On-Site Assessments

  • Report Writing

  • Calculations

  • Technical Drawings

  • Expert Witness Services

  • Project Management Services

  • Advisory Work

The following are the datasets that CCL require:

  • Name

  • Address

  • Telephone Number

  • Email Address

We will not share any of your data with other parties, without your consent, outside of the legitimate interests for providing CCL services and unless required to by UK Law and/or Legislation.

Rights

Subject Access Requests

Individuals have the right to make a subject access request. All requests should be directed to the enquiries email (details below) and will receive a response within one month of receiving the original request. If a subject access request is manifestly unfounded or excessive, CCL is not obliged to comply with it.

Other Rights

  • The right to be informed

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling

Data breaches

If there is a breach of personal data that poses a risk to the rights and freedoms of individuals, it will be reported to the Information Commissions Office (ICO) within 72 hours of discovery. Individuals affected by the breach will be informed about its likely consequences and the mitigation measures taken.

Monitor and review

Personal data processing activities will be reviewed as and when.

Contact us

If you have any questions about our company privacy policy, the data we hold on you, or you would like to exercise one of your protection rights, please do not hesitate to contact us.

Email us at: enquiries@clancy.co.uk

Call us: 0161 613 6000

For the Directors

 

Chris Acton, Chief Executive

April 2024