Policies

Privacy Policy

At Gort Scott your privacy is important to us. As such we have produced this policy to explain how we gather, store, use and transfer your personal data whether via our website, when you apply to use our services, when you attend any of our events, when you contact us via email, post or phone, or when you apply for a position within the practice and/or become employed by us.

This policy also provides you with assurance that we are complying with law, in particular the General Data Protection Regulation (GDPR) principles and informs you about your rights.

What is personal data

Personal data, or personal information, is information (name, email address, contact details, website statistics, etc and includes opinions) about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data). Individuals are sometimes referred to as data subjects.

Responsibilities

Gort Scott is the controller of the personal data we collect (referred to as ‘we’, ‘us’ or ‘our’ in this policy). We are responsible for ensuring our systems, processes, suppliers and people comply with data protection laws in relation to the information we handle.

All employees must follow this policy when handling personal data and must take part in data protection training we provide. Any breach will be taken seriously and may result in disciplinary action.

Annabel Rootes, Practice Manager at Gort Scott, has been appointed to oversea compliance with data protection laws and our policy and respond to any questions in relation to this policy or requests to exercise your legal rights.

Annabel Rootes
Practice Manager
annabelrootes@gortscott.com
55 Leroy Street, London SE1 4SN

+44 (020) 7254 6294

What type of data do we collect

We only collect information that is necessary to carry out our business, provide the particular service you’ve requested and to keep you informed. There are occasions when you can choose not to give us certain information, but this may limit the level of personalisation we offer, i.e. you may not hear about a particular event you would have liked to attend, or affect your access to, and functionality of, certain parts of our website.

Below outlines the types of personal data we may collect, use, store and transfer. Most of this data has been provided directly to us by you.

  • Identity data which includes first name, last name, title, job and gender.
  • Contact data which includes work address, email address and telephone numbers.
  • Financial data which includes bank account and payment card details.
  • Transaction data which includes details about payments from you and other services you have purchased from us.
  • Profile data which includes use of our services and your interest, preferences, feedback and survey responses.
  • Technical data which includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on the devices you use to access our website.
  • Usage data which includes information about how you use our website and services.
  • Marketing and Communications data which includes your preferences in receiving marketing from us and our third parties and your communication preferences (Mailchimp).

In addition to the above, we may collect Aggregate Data which is statistical or demographic data for any purpose. This type of data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate information you provide on applying for a job with us in order to monitor recruitment statistics and inform our recruitment practices in the future. Should this data be combined with your personal data it can directly or indirectly identify you and will be used in accordance with this privacy policy.

We may on occasion collect Special Categories of Personal Data (race, ethnicity, religious or philosophical belief, sex life, sexual orientation). Any such data will only be used as Aggregate Data. We do not collect any information about criminal convictions or offences.

How do we collect personal data

We recognise the importance and concerns individuals have with regard to their personal data. In line with GDPR regulations, the methods by which we collect data include:

  • Direct interaction where you have given clear consent that we may process your personal data for a specific purpose. For example, filling in a form, corresponding by post, email, phone and social media platforms, entering into a contractual or legal obligation.
  • Relating to clients and other contacts
  • Relating to providing our services
  • Relating to applying for a job or work placement
  • Relating to registering for marketing material, attend an event
  • Relating to entering a competitions, promotion or survey
  • Relating to providing feedback.
  • Automated technologies and interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.

  • We collect cookies to support essential functionality and gather some insight on how our website is used. These cookies are not used to transport personal data to third parties. Vimeo cookies are set on pages with a Vimeo video embed, and Vimeo embeds include the DNT (“do not track”) parameter. Find out more here.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
  • Google Analytics collect and assess Aggregated Data such as statistical or demographic data for marketing purposes: to recognise and count the number of visitors, and to monitor website navigation. This helps us to optimise website performances and provide an efficient way for users and search engines to find our content.
  • Financial and Transaction Data from banks based inside or outside the EU.
  • Identity and Contact Data from publicly available sources such as Companies House based inside the EU and/or public website which display information about you, such as LinkedIn.

How we use personal data

Please feel confident that we will only use personal data when the law allows us:

  • Where you have given clear consent personal data may be processed for a specific purpose.
  • Where we need to comply with contractual, legal and regulatory obligations.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where it is necessary to protect an individual’s vital interests.

We have outlined below all the ways in which we may use your personal data. Please note that we may use data for more than one lawful purpose where we reasonably consider that we need to, and it is compatible with the original purpose. We may also process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  • To register you as a new client, supplier, job applicant, employee or work placement.
  • To process payments and deliver/receive services to/from you.
  • To enable us to meet our contractual and legal obligations.
  • To send relevant communications.
  • To enable you to take part in a survey.
  • To administer and protect our business and our website.
  • To deliver relevant website content, including news articles, and measure or understand the effectiveness of the content we serve you.
  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
  • To make suggestions and recommendations to you about services, events and publications that may be of interest to you.

We may use your personal data to form a view on what you think you may want or need, or what may be of interest to you. This is how we decide what products, services and offers may be relevant for you. You will only receive such marketing communication from us if you have requested it from us or purchased services from us and, in each case, you have not opted out of receiving such material. We will obtain your express consent before we share your data with any third-party for marketing purposes.

We will apply the same rigorous rules to data transferred outside the EEA: we will only transfer such personal data as we believe is necessary for the purpose of our work or to meet contractual and legal obligations. We will request permission from you for any other instance where we may wish to transfer data outside the EEA. In addition, we will remind all parties who receive such data to only use the data for limited purposes and ensure they have appropriate technical and organisational measures to safeguard the data.

Storing and protecting personal data

We have put in place appropriate measures to secure personal data and protect it from accidental loss, used or accessed in an unauthorised way, disclosed or altered. In addition, in recognition that data security is a key element of data protection, we have Cyber Security Essentials Plus Certification and it is a requirement that all our people comply with this policy and our GDP and IT Security Policy, and that all third parties will only process personal data on our instructions, and they are subject to a duty of confidentiality.

We use appropriate technological measures to transmit large or sensitive documents or data to clients and other third parties. However, we cannot be held responsible for the security of correspondence sent by email, post or courier.

We only retain personal data for as long as is necessary to fulfill the purpose that we collect it for and in line with UK Records Management and Retention and Disposal Policy.

Sharing personal data

For the purposes set out above describing how we use personal data, we may share data with certain third parties and they may have access to personal data we possess. These third parties comprise of:

  • Service providers acting as processors based in the UK and inside and outside the EEA who provide IT and system administrative services.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK and who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers in the UK who require reporting of professional activities in certain circumstances.
  • Market researchers in the UK.

We will not give personal data to third parties for any other reason without your permission.

Your data protection rights

We process personal data in line with your rights as an individual. These rights include the right to:

  • Request a copy of your personal data.
  • Request that in any accuracies in your personal data are corrected.
  • Request that your personal data is deleted and destroyed when causing damage or distress.
  • Request to restrict or object to the processing of your personal data in certain circumstances.
  • Request to transfer your personal data to another organisation, or to you, in certain circumstances.

You can ask us or third parties to stop sending you marketing messages any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of the service.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

Should you wish to make a request in line with your rights as an individual, please forward the request in writing or by email to Annabel Rootes, Practice Manager, annabelrootes@gortscott.com.

All our people are aware that they must notify or inform Annabel Rootes immediately if they receive a request from a third party in relation to personal data which the practice processes.

How to make a complaint

We hope that you have no reason to make a complaint about how we gather, store, use and transfer your personal data, but should you wish to do so please contact Annabel Rootes, Practice Manager, acting on behalf of Gort Scott (the Data Controller).

All Directors and people at Gort Scott must also inform Annabel Rootes, Practice Manager, acting on behalf of Gort Scott (the Data Controller) immediately if they receive a compliant relating to how the practice has processed personal data of a third party so the practice’s complaints procedure may be followed.

Changes to this policy

We may update this policy from time to time to reflect, for example, changes to our practice or for other operational, legal or regulatory reasons. Any changes will be re-issued to our website as well as to all staff to ensure that the information available is correct at all times. It is your responsibility to ensure that you check this policy regularly are aware of any changes to its terms.

At Gort Scott your privacy is important to us. As such we have produced this policy to explain how we gather, store, use and transfer your personal data whether via our website, when you apply to use our services, when you attend any of our events, when you contact us via email, post or phone, or when you apply for a position within the practice and/or become employed by us.

This policy also provides you with assurance that we are complying with law, in particular the General Data Protection Regulation (GDPR) principles and informs you about your rights.

What is personal data

Personal data, or personal information, is information (name, email address, contact details, website statistics, etc and includes opinions) about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data). Individuals are sometimes referred to as data subjects.

Responsibilities

Gort Scott is the controller of the personal data we collect (referred to as ‘we’, ‘us’ or ‘our’ in this policy). We are responsible for ensuring our systems, processes, suppliers and people comply with data protection laws in relation to the information we handle.

All employees must follow this policy when handling personal data and must take part in data protection training we provide. Any breach will be taken seriously and may result in disciplinary action.

Annabel Rootes, Practice Manager at Gort Scott, has been appointed to oversea compliance with data protection laws and our policy and respond to any questions in relation to this policy or requests to exercise your legal rights.

Annabel Rootes
Practice Manager
annabelrootes@gortscott.com
55 Leroy Street, London SE1 4SN

+44 (020) 7254 6294

What type of data do we collect

We only collect information that is necessary to carry out our business, provide the particular service you’ve requested and to keep you informed. There are occasions when you can choose not to give us certain information, but this may limit the level of personalisation we offer, i.e. you may not hear about a particular event you would have liked to attend, or affect your access to, and functionality of, certain parts of our website.

Below outlines the types of personal data we may collect, use, store and transfer. Most of this data has been provided directly to us by you.

· Identity data which includes first name, last name, title, job and gender.

· Contact data which includes work address, email address and telephone numbers.

· Financial data which includes bank account and payment card details.

· Transaction data which includes details about payments from you and other services you have purchased from us.

· Profile data which includes use of our services and your interest, preferences, feedback and survey responses.

· Technical data which includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on the devices you use to access our website.[AR1]

· Usage data which includes information about how you use our website and services.

· Marketing and Communications data which includes your preferences in receiving marketing from us and our third parties and your communication preferences.

In addition to the above, we may collect Aggregate Data which is statistical or demographic data for any purpose. This type of data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate information you provide on applying for a job with us in order to monitor recruitment statistics and inform our recruitment practices in the future. Should this data be combined with your personal data it can directly or indirectly identify you and will be used in accordance with this privacy policy.

We may on occasion collect Special Categories of Personal Data (race, ethnicity, religious or philosophical belief, sex life, sexual orientation). Any such data will only used as Aggregate Data. We do not collect any information about criminal convictions or offences.

How do we collect personal data

We recognise the importance and concerns individuals have with regards to their personal data. In line with GDPR regulations, the methods by which we collect data include:

· Direct interaction where you have given clear consent that we may process your personal data for a specific purpose. For example, filling in a form, corresponding by post, email, phone and social media platforms, entering into a contractual or legal obligation.


- Relating to clients and other contacts

- Relating to providing our services

- Relating to applying for a job or work placement

- Relating to registering for marketing material, attend an event

- Relating to entering a competitions, promotion or survey

- Relating to providing feedback.


· Automated technologies and interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.

Cookies — We collect Craft cookies to support essential functionality and gather some insight on how the website is used, however, these do not contain any personal data.
Vimeo cookies are set on pages that include a Vimeo embed. You would also need to tell users about Google Analytics cookies here, if using.


· Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

- Google Analytics

- Financial and Transaction Data from banks based inside or outside the EU.

- Identity and Contact Data from publicly available sources such as Companies House based inside the EU and/or public website which display information about you, such as LinkedIn.

How we use personal data


Please feel confident that we will only use personal data when the law allows us:

· Where you have given clear consent personal data may be processed for a specific purpose.

· Where we need to comply with contractual, legal and regulatory obligations.

· Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

· Where it is necessary to protect an individual’s vital interests.

We have outlined below all the ways in which we may use your personal data. Please note that we may use data for more than one lawful purpose where we reasonably consider that we need to, and it is compatible with the original purpose. We may also process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

· To register you as a new client, supplier, job applicant, employee or work placement.

· To process payments and deliver/receive services to/from you.

· To enable us to meet our contractual and legal obligations.

· To send relevant communications.

· To enable you to take part in a survey.

· To administer and protect our business and our website.

· To deliver relevant website content, including news articles, and measure or understand the effectiveness of the content we serve you.

· To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

· To make suggestions and recommendations to you about services, events and publications that may be of interest to you

We may use your personal data to form a view on what you think you may want or need, or what may be of interest to you. This is how we decide what products, services and offers may be relevant for you. You will only receive such marketing communication from us if you have requested it from us or purchased services from us and, in each case, you have not opted out of receiving such material. We will obtain your express consent before we share your data with any third-party for marketing purposes.

We will apply the same rigorous rules to data transferred outside the EEA: we will only transfer such personal data as we believe is necessary for the purpose of bidding for new work or to meet contractual and legal obligations. We will request permission from you for any other instance where we may wish to transfer data outside the EEA. In addition, we will instruct all parties who receive such to only use the data for limited purposes and ensure they have appropriate technical and organisational measures to safeguard the data.

Storing and protecting personal data

We have put in place appropriate measures to secure personal data and protect it from accidental loss, used or accessed in an unauthorised way, disclosed or altered. In addition, in recognition that data security is a key element of data protection, we have Cyber Security Essentials Plus Certification and it is a requirement that all our people comply with this policy and our GDP and IT Security Policy, and that all third parties will only process personal data on our instructions, and they are subject to a duty of confidentiality.

We use appropriate technological measures to transmit large or sensitive documents or data to clients and other third parties. However, we cannot be held responsible for the security of correspondence sent by email, post or courier.

We only retain personal data for as long as is necessary to fulfil the purpose that we collect it for and in line with UK Records Management and Retention and Disposal Policy.

Sharing personal data

For the purposes set out above describing how we use personal data, we may share data with certain third parties and they may have access to personal data we possess. These third parties comprise of:

· Service providers acting as processors based in the UK and inside and outside the EEA who provide IT and system administrative services.

· Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK and who provide consultancy, banking, legal, insurance and accounting services.

· HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers in the UK who require reporting of professional activities in certain circumstances.

· Market researchers in the UK.

We will not give personal data to third parties for any other reason without your permission.

Your data protection rights

We process personal data in line with your rights as an individual. These rights include the right to:

· Request a copy of your personal data.

· Request that in any accuracies in your personal data are corrected.

· Request that your personal data is deleted and destroyed when causing damage or distress.

· Request to restrict or object to the processing of your personal data in certain circumstances.

· Request to transfer your personal data to another organisation, or to you, in certain circumstances.

You can ask us or third parties to stop sending you marketing messages any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of the service.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy .

Should you wish to make a request in line with your rights as an individual, please forward the request in writing or by email to Annabel Rootes, Practice Manager, annabelrootes@gortscott.com.

All our people are aware that they must notify or inform Annabel Rootes immediately if they receive a request from a third party in relation to personal data which the practice processes.

How to make a complaint

We hope that you have no reason to make a complaint about how we gather, store, use and transfer your personal data, but should you wish to do so please contact Annabel Rootes, Practice Manager, acting on behalf of Gort Scott (the Data Controller).

All Directors and people at Gort Scott must also inform Annabel Rootes, Practice Manager, acting on behalf of Gort Scott (the Data Controller) immediately if they receive a compliant relating to how the practice has processed personal data of a third party so the practice’s complaints procedure may be followed.

Changes to this policy

We may update this policy from time to time to reflect, for example, changes to our practice or for other operational, legal or regulatory reasons. Any changes will be re-issued to our website as well as to all staff to ensure that the information available is correct at all times. It is your responsibility to ensure that you check this policy regularly are aware of any changes to its terms.