Privacy Notice – The Honest Manager
Introduction
The Honest Manager (THM) collects and processes personal information, or personal data, relating to its customers and prospective customers to manage the client - customer relationship. This personal information may be held by THM on paper or in electronic format.
THM is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your working relationship with THM. We are required under the UK GDPR to notify you of the information contained in this notice.
This privacy notice applies to all current and former customers and prospective customers. It is non-contractual.
Data Protection Principles
Under the UK GDPR, there are six data protection principles that THM must comply with. These ensure that the personal information we hold about you must be:
1. Processed lawfully, fairly and in a transparent manner.
2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
3. Adequate, relevant and limited to what is necessary in relation to those purposes.
4. Accurate and, where necessary, kept up to date.
5. Kept in a form which permits your identification for no longer than is necessary for those purposes.
6. Processed in a way that ensures appropriate security of the data.
What Types of Personal Information Do We Collect About You?
Personal information is any information about an individual from which that person can be directly or indirectly identified. There are also “special categories” of personal information as well as criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.
THM collects, uses and processes a range of personal information about you. This includes (as applicable):
• Contact details, including your name, address, telephone number and personal e-mail address
• Date of birth
• Gender
• Bank account details and fee records / PayPal address
• IP address
• Photograph
THM may also collect, use and process the following special categories of your personal information if explicit consent from you is received.
• Information about whether you have a Disability
How Do We Collect Your Personal Information?
THM may collect personal information about customers and prospective customers in a variety of ways. It is collected during the signup process directly from you. We will also collect additional personal information in the course of your purchasing activities.
Your personal information may be stored in different places, including Teachable and in other IT systems, such as the e-mail system.
Why And How Do We Use Your Personal Information?
We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
• Where we need to do so to perform the contract for services we have entered into with you.
• Where we need to comply with a legal obligation.
• Where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.
We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between THM and you as its customer; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information; and conducting due diligence on customers and prospective customers. We believe that you have a reasonable expectation, as our customer, that we will process your personal information.
The purposes for which we are processing, or will process, your personal information are to:
• Enable us to maintain accurate and up-to-date contact details
• Administer the contract we have entered into with you
• Contact you with available services that may be of interest
• Send you a regular newsletter
• Manage, plan and organise services
• Meet our obligations under health and safety laws
• Make decisions about continued engagement
• Prevent fraud
• Ensure adherence to company rules, policies and procedures
• Enable us to establish, exercise or defend possible legal claims
Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.
Why And How Do We Use Your Sensitive Personal Information?
We will only collect and use your sensitive personal information, which includes special categories of personal information, when the law allows us to.
Change Of Purpose
We will only use your personal information for the purposes for which we collected it.
Who Has Access to Your Personal Information?
Your personal information may be shared internally within THM, including payroll staff.
THM may also share your personal information with third-party service providers (and their designated agents):
• Teachable – the company who facilitates our training software and who administers payments.
Contracts for data processing are in place.
How Does THM Protect Your Personal Information?
THM has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees who have a business need to know in order to perform job duties and responsibilities.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
THM also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
For How Long Does THM Keep Your Personal Information?
THM will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, reporting or accounting requirements.
THM will generally hold your personal information for as long as you are an active customer with us. The exceptions are:
Once you have deactivated your account or your engagement has been terminated, we will generally hold your personal information for six years after the termination of your engagement in order for us to have a history of previous transactions. This is also to protect against legal risk, e.g. if they could be relevant to a possible legal claim in County Court or High Court. We will keep tax records for seven years after the termination of your engagement. Overall, this means that we will start to “thin” the file of personal information that we hold on you one year after the termination of your engagement, so that we only continue to retain for a longer period what is strictly necessary.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
Your Rights in Connection with Your Personal Information
It is important that the personal information we hold about you is accurate and up to date. Please keep THM informed of any changes to your personal details or update your account on Teachable. THM cannot be held responsible for any errors in your personal information in this regard.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
• Request access to your personal information
• Request rectification of your personal information
• Request the erasure of your personal information
• Restrict the processing of your personal information
• Object to the processing of your personal information
• Data portability
If you wish to exercise any of these rights, please contact [email protected]. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
Transferring Personal Information Outside the European Economic Area
If you are in the UK and EEA, THM will not transfer your personal information to countries outside the UK and European Economic Area.
Changes To This Privacy Notice
THM reserves the right to update or amend this privacy notice at any time, including where THM intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
Contacting THM
If you have any questions about this privacy notice or how
we handle your personal information, please contact our Data Protection Manager
via email at [email protected] or by writing to ‘FAO DPO, The
Honest Manager, 6 International House, Waldon Way, Holsworthy Industrial
Estate, Holsworthy, Devon, EX22 6ER.