This policy explains how CIL Management Consultants Limited collects and uses your personal information.
The data controller with conduct of your personal information is CIL Management Consultants Limited (company number 05138157) of 12 Kingsway, Frome, Somerset, England, BA11 1BT.
Our data protection officer is Tom Fletcher of CIL Management Consultants Limited, 12 Kingsway, Frome, BA11 1BT, email: DPO@cil.com.
How we use your personal information
Depending on your relationship to us, we obtain, process, store and share your information in different ways. The following table explains how we use your personal information in our business depending on our relationship to you. Multiple sections may apply to you.
|Situation||Types of information||Purpose and lawful basis for processing|
|Website visitors, clients, suppliers and their staff|
|You make an enquiry regarding our services.||Name, contact information, details of your enquiry.||We have a legitimate interest in responding to your enquiry.
We may need to process your information to carry out pre-contractual steps relating to a potential contract between us.
We have a legitimate interest in keeping a record of your request as well as our response. This assists in the efficient operation of our business.
|We send you marketing communications regarding our products and services.||Name, contact information, marketing preferences.||We have a legitimate interest in contacting you about similar goods/services to those which you have purchased from us or negotiated to purchase from us.
In other circumstances we may send you marketing communications based on your consent.
|You provide us with information about your dietary requirements, health or accessibility requirements.||Name, details of your particular requirements.||We process this information to ensure we accommodate your particular requirements. Except in case of emergency, we will ask for your consent to process this information.|
|You or your organisation purchases goods or services from us.||Name, contact information, payment details||This processing is necessary for us to perform our contract with you.
If the contract is with your organisation then we have a legitimate interest in processing your personal information for the purpose of managing the contractual relationship between us and your organisation.
We have a legitimate interest in keeping a record of the contract between us (or your organisation and us) for the administration of our business and to address any disputes which may arise between us (or your organisation and us).
|You or your organisation supplies goods or services to us.||Name, contact information, payment details||This processing is necessary for us to perform our contract with you.
If the contract is with your organisation then we have a legitimate interest in processing your personal information for the purpose of managing the contractual relationship between your organisation and us.
We have a legitimate interest in keeping a record of the contract between us (ore your organisation and us) for the administration of our business and to address any disputes which may arise between us
|We have contacted you to conduct market research as part of the services we provide to our clients.||Name, contact information, business relationship to our client, survey responses.||We have a legitimate interest in processing this information in order to provide our services to our client who has requested that we contact you.|
|You have requested that we enter you into our prize draw.||Name, email address, details of the prize draw you have entered into.||We process your information to include your entry in our prize draw. This is based on your consent.
If you win, we have a legal obligation to publish your first name initial and surname publicly on our website and/or social media to show that a winner has been drawn.
We may additionally need to keep a record of your information to demonstrate our compliance with the law on operating prize draws.
HOW LONG WE KEEP YOUR INFORMATION FOR
We only keep your information for so long as is reasonably necessary. Generally speaking, we keep your information for the following periods of time:
- If you or your organisation make an enquiry with us but ultimately do not become a client of ours, 10 years from the date of our discussions ending (or if we did not reply, from the date of your enquiry).
- If you or your organisation are a potential supplier of ours but a contract is not entered into between us, 10 years from the date of our discussions ending (or if we did not reply to your enquiry, from the date of your enquiry).
- If you are or have been a client of ours, 10 years from the date your engagement with us ends.
- If you work for or represent a client of ours, 10 years from the date of the client’s last contact with us (or, if sooner, from the date we are notified that you are no longer a contact for that client).
- If you are or have been a supplier of ours, 7 years from the date your contract with us ends.
- If you work for or represent a supplier of ours, 7 years from the date the supplier’s contract with us ended (or, if sooner, from the date we are notified that you are no longer a contact for that supplier).
If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.
WHO IS YOUR INFORMATION SHARED WITH?
Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights, to perform our contractual obligations or to efficiently operate our business.
In order to achieve these purposes, we share your data with the following people or group of people:
- In order to manage our business, operate a central marketing database and pursue and fulfil contracts, we may from time to time share your information with other companies within our corporate group. Where the receiving group company is based outside of the UK, the sharing and receiving company will each sign a set of standard contractual clauses which safeguard your data. The receiving group company will also adhere to our group-wide data protection policies and procedures which are compliant with data protection law.
- If you are an employee of a client or supplier of ours then we may share your information with your employer. Similarly, if you are a sole trader or partner in a business partnership then we may share your information with your employees (and if applicable, other partners). This is only done to the extent necessary for us to properly provide our services or receive your (or your organisation’s) goods/services.
- Our outsourced service providers will sometimes be given access to our databases in order provide certain services to us (e.g. IT support). Our outsourced service providers have strict contractual obligations to handle your information in accordance with data protection law and to keep it confidential at all times. If the service provider is based outside of the UK and is not in a country which offers equivalent protections for personal data then your data will be safeguarded by a set of standard contractual clauses which each party will sign.
- Where you provide us with dietary or allergy information, or information about your health-related requirements, we may share that information with facility providers such as caterers (for dietary requirements) or venue organisers (e.g. hotels and transportation companies). You will have been notified of this fact at the point you shared that information with us (e.g. when signing our consent form).
- Our outsourced financial administrator receives personal information for the purpose of, amongst other things, raising client invoices on our behalf. The provider is based in Israel. Israel is the subject of a UK government adequacy regulation meaning your personal data is subject to equivalent protections as in the UK. The provider is also subject to strict contractual duties to ensure the confidentiality and security of your information.
- Our professional advisers (including accountants, book keepers and lawyers). All such people are subject to professional duties of confidentiality.
- Potential purchasers of our business would have access to redacted information about our clients, suppliers and their workers/representatives. Before we share such information the potential purchaser would need to sign a non-disclosure agreement which fully complies with data protection law.
AUTOMATED DECISION MAKING
We do not make automated decisions about you based on your information. If this changes in the future then we will let you know.
Under data protection law you have the following rights:
- the right to be informed about what we do with your information. This Policy provides you with this information;
- if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by and notifying us using the details set out in section 9 Consent to marketing communications can be withdrawn by following the steps outlined in that communication, such as clicking the ‘unsubscribe’ link in the marketing emails we send. The lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent.
- the right to access a copy of your information which we hold. This is called a ‘data subject access request’. Additional details on how to exercise this right are set out in section 6, below.
- the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or by contacting us using the details set out in section 9, below.
- the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing.
- the right to object to us processing your personal information in certain other situations.
- the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate.
- the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
- the right, in certain circumstances, to request that we erase, rectify, cease processing and/or delete your information.
You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 9, below. The Information Commissioner’s Office website is www.ico.org.uk.
ACCESS TO INFORMATION
Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details in section 9 below.
You do not need to pay a fee to exercise this right unless you are requesting copies of documents you already possess, in which case we may charge our reasonable administrative costs. We are also allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are entitled to refuse to comply with your request if it is particularly onerous.
In certain circumstances, you are entitled to receive the information in a structured, commonly used and machine-readable form.
CHANGES TO OUR PRIVACY NOTICE
This notice was last updated on 14 December 2021. Any material changes we may make to our privacy notice in the future will be uploaded to our website and if the change is significant we will send you the updated notice by email.
THIRD PARTY SITES
Our site may, from time to time, contain links to and from partners’, affiliates’ and social network sites. If you follow a link to any of these websites, please note that these sites have their own privacy notices and that we do not accept any responsibility or liability for those notices. Please check their privacy notices before you submit any personal data to those websites as they may not be on the same terms as ours.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to our Data Protection Officer, Tom Fletcher, using the following details:
- by post to Tom Fletcher, CIL Management Consultants Limited, 12 Kingsway, Frome, BA11 1BT; or
- by email to DPO@cil.com.