Olive Branch Consultancy Ltd (also known as OBC) provide tailored in-house training for organisations. We also run a select provision of public training events each academic year. We are registered with the Information Commissioner’s Office (ICO) as a data controller: Registration number ZA417532
We collect, store and process personal data of clients, potential clients, colleagues and our presenters for the purposes of fulfilling our contractual and legal obligations and responsibilities.
Use of personal data
We use personal data to fulfil our contractual obligations with clients, colleagues and our presenters. Personal data of individuals who we provide services for, or on behalf of our clients is used to maintain our relationship and to deliver our training and consultancy services.
We will only send you newsletters or information about public training days via our mailing list if you have actively consented to us doing so. You will have opted to join our ‘monthly newsletter’ list, our ‘study day’ list or both. Individuals who have signed up to either mailing list can withdraw their consent at any point by unsubscribing via the email or individuals are welcome to contact us directly at firstname.lastname@example.org
What personal data do we collect?
- Clients who book us for in-house training, and clients/ delegates who book places on our public training days: we collect personal data (name, email address, job title, organisation) for the purposes of delivering and fulfilling our training and services.
- Colleagues and presenters: we collect personal data (name, address, contact details etc).
- We collect emails and names from people subscribing to our mailing list.
- From time to time, as part of our contractual relationships with our clients, we may process personal details of third parties and suppliers for the purposes of providing our services.
- We use standard Weebly Analytics statistics which record visitor numbers to our company website and referring sites.
The legal basis we use for processing data are:
- Legitimate interests for the purposes of fulfilling the provision of our services.
- Contractual basis for the purposes of fulfilling our obligations to our presenters and clients.
- Legal obligations for purposes of fulfilling any statutory obligations.
- On the basis of consent when people opt into our mailing list.
How long do we keep data?
We store and retain personal data for various periods of time in line with our legal obligations, financial regulations and internal/ administrative requirements.
How we keep data secure
Access: We have robust processes and procedures in place to ensure secure collection, storage and processing of personal data. Only authorised personnel, presenters and third party data processors (e.g. those who process data on our behalf) have access to personal data we hold.
Security: Personal data is stored securely on our network, on encrypted devices (iPads, laptops, smart phones etc) and within third party systems (e.g. bulk email distribution platform) whose tools we use to process data.
International transfer of data: Prior to engaging or using third party systems to process data, we ensure that sufficient safeguards, contracts/agreements are in place to protect personal data and that all parties comply with the requirements of the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Who we share data with
In line with our legal obligations we share data with appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.
We do not sell or share data with any other third parties other than those listed above and where we use a third party to securely process our data on our behalf.
Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the following rights:
- The right to request access to the data we hold about you.
- The right to have incorrect data rectified or incomplete data completed
- The right to have data erased (also known as the right to be forgotten)
You can make a request at any point by email email@example.com. We will respond to a request as soon as we can. However, where a request is received to erase data, we may not be able to delete all data (for example where data is linked to financial transactions that must be kept for a set period of time under financial regulations e.g. audits).
If you would like to find out more about how we process data, or if you would like to make a complaint, please contact us at firstname.lastname@example.org.
You also have the right to complain to the Information Commissioner’s Office if you feel that your data had been processed in a way that is not compliant with this policy or in line with the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. You can contact the ICO by visiting their website or by calling 0303 123 1113.