Exceptional Thinking GDPR Policy
Exceptional Thinking is committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to data protection. This privacy statement explains what personal data we collect from people through our interactions with them, through our services and how we use that data.
Collection of personal information
We obtain personal information when we are contacted about our services for example via our website or when people sign up to our newsletter. We also obtain personal information through the course of our daily activities in relation to the services we provide to our customers such as when using social media, or via third party data providers. Data may also be lawfully processed by us for the purposes of our commercial interest as defined under legitimate interests.
Type of information collected
The personal information we collect might include a person’s name, email address, postal address, landline telephone or mobile number and date of birth, depending on the activity involved.
When people visit our website, we may automatically collect the following information: technical information, including Internet Protocol (IP) addresses from visitors to our website, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We also collect information about visits, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); information viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We may receive information about people if they use any of the other services we provide. We are also working closely with third parties, for example: our clients, business partners, sub-contractors, advertising networks, analytics providers and search information providers; and may receive information about you from them.
How we use personal information
We may use information to:
- To carry out our obligations arising from any contracts entered into by our clients and ourselves
- Seek views or comments on the services we provide
- Notify clients of changes to our services
- To provide people with information about our services, activities or online content that they have requested from us as well as providing information about other services we offer that are similar to those that have already been purchased or enquired about.
- To provide, or permit selected third parties to provide people, with information about products or services we feel may be of interest, including those on behalf of our clients. With existing contacts, we will contact them with information about products and services similar to those which were the subject of a previous instruction or engagement or negotiations of such to them. If they are not an existing client and where we permit selected third parties to use their data, we (or they) will contact them by electronic means only if they have consented to this.
- Communicate activities, promotions of our associated companies goods and services.
- Process a grant or job application.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example tax and accounting purposes). We will hold personal information on our systems for as long as is necessary for the relevant activity, or as specified in any contract we hold with our clients.
Disclosure of Personal Information
We do not sell, rent or lease any personal information we hold to third parties. We may share information:
- With business partners, suppliers and sub-contractors for the performance of any contract we have entered into.
- With analytics and search engine providers that assist us in the improvement and optimisation of our Website.
- To a prospective buyer or seller, where necessary, in the event that we sell or buy any business or assets.
- If we are under a duty to comply with any legal obligation, or in order to enforce or protect our rights, or to protect the rights, property or safety of Exceptional Thinking, our customers or others.
Accessing and updating information
The Data Protection Act 1998 gives people the right to access information that we hold about any person. Any access may be subject to a fee of £10 to meet our costs in providing people with the details of the information we hold about them. If any of the other information we hold is inaccurate or out of date, we can be contacted via email, in writing or by telephone: firstname.lastname@example.org or in writing to Exceptional Thinking, Suite 1, Haddonsacre Business Centre, Station Road, Offenham, Evesham, WR11 8JJ. You can also telephone us on 01386 298 042.
Right to remove data
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing under the following circumstance:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (ie otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
Exceptional Thinking can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
- for public health purposes in the public interest;
- archiving purposes in the public interest, scientific research historical research or statistical purposes; or
- the exercise or defence of legal claims.
Security of personal information
When people give us personal information, we take steps to ensure that it’s treated securely. We do not hold sensitive information such as credit card details, as payments are usually made by bank transfer. On the rare occasion that payments are accepted by credit card, we only use secure online third party payment providers for any of the transactions.
Non-sensitive details (email address etc.) are transmitted normally over the Internet and this can never be guaranteed to be 100% secure. As a result, while we strive to protect personal information, we cannot guarantee the security of any information transmitted to us and people do so at their own risk. Once we receive information, we make our best effort to ensure its security on our systems. Where we have given (or where someone has chosen) a password which enables them to access online accounts, or share information with them, they are responsible for keeping this password confidential.
We may analyse personal information to create a profile of interests and preferences so that we can contact people with information relevant to them. We may make use of additional information when it is available from external sources to help us do this effectively. We may also use personal information to detect and reduce fraud and credit risk.
Use of ‘cookies’
It is possible to switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality when using our website.
Links to other websites
In addition, if someone links to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that people check the policy of that third party site.
Transferring your information outside of Europe
As part of the services offered through our website, the information which is provided by users to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting personal data, users are agreeing to this transfer, storing or processing. If we transfer information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that users privacy rights continue to be protected as outlined in this Policy.
If our services are used while outside the EU, user information may be transferred outside the EU in order to provide them with those services.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in March 2018.