Privacy & Fair Processing Notice

Tantivy Consulting > Privacy & Fair Processing Notice

PRIVACY AND FAIR PROCESSING NOTICE FOR WEBSITE USERS, POTENTIAL CLIENTS AND CLIENTS

Tantivy Consulting collect data about our website users, potential clients and clients. This Fair Processing Notice explains what data we process, why we process it, our legal basis, how long we keep it and your rights.We will always make sure that any personal data is protected and treated securely. Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other UK or EU data protection legislation.  

Our contact details

Entity name: Tantivy Consulting Limited 

Company Registration number: 10925515

ICO Registration number: ZA447555

Registered office: 4 Prince Albert Road, London, NW1 7SN

Head office: White Collar Factory, 1 Old Street Yard, London, EC1Y 8AF

When you email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy.  Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.  

WHEN YOU USE OUR WEBSITE

Visitors to our website

When someone visits our website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. Your IP Address is processed in line with our Cookies Policy.

Use of cookies by Tantivy Consulting Limited

You can read more about how we use cookies on our Cookies page.     

WordPress

We use a third-party service, WordPress.com, to publish our website. These sites are hosted at WP-Engine. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice.  

When you use our website, we will process the following personal data about you:

  • If you submit a ‘Get in Touch’ form, we will process your name, email, phone and your message 
  • If you submit a request for the ‘Cyber Resilience Insider’ newsletter, we will process your name and email address.
  • In addition to the above, we will process your CV and/or covering letter when applying to work with us via our ‘Apply Now’ form. Depending on your CV, this could include your address, work history, date of birth, National Insurance number, or anything else you choose to disclose on your CV
  • IP address when you use the website

Why do we need it?

We need your name and contact details in order to answer your enquiry, send you a newsletter or consider your application and we process this data with your consent. We need your IP address for security reasons. 

WHEN YOU ARE A CLIENT OR A POTENTIAL CLIENT

When you are a potential client or a client, we will process the following personal data about you:

In order to provide our services, we collect and process your personal data. We process information about you when you begin using our services and we process it on an on-going basis, should you become a client.We will process the following:

  • name, address, phone number(s), email, job title;
  • a record of the information that you provide to us;
  • the date on which you started using our services;
  • the date on which you ceased to use our services;
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliments.

Why do we need it?

Tantivy Consulting needs to process personal data about our clients in order to provide an effective and high-quality service and to fulfil our legal obligations. We will process your data to:

  • provide you with the services or information that you have asked for;
  • keep a record of your relationship with us
  • send you correspondence and communicate with you;
  • meet our legal obligations;
  • respond to or fulfil any requests, complaints or queries that you may have; and
  • understand how we can improve our services or information;

Job applicants, current and former Tantivy Consulting Limited employees

  • When individuals apply to work at Tantivy Consulting, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference, we will not do so without informing them beforehand unless the disclosure is required by law.
  • Personal information about unsuccessful candidates is destroyed or deleted.
  • Once a person has taken up employment with Tantivy Consulting Limited, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Tantivy Consulting has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

By law, we need a legal basis for processing the personal data of a website user or client. We will process your data using the legal basis of consent, contract, legal obligation and legitimate interests.  

Contract

Contract is where we either have a contract with you or you wish to enter into a contract with us. For example, we have a contract for our services.  

Consent

Consent is given where we ask you for permission to use your information in a specific way and you agree to this.  Where we use your information for a purpose based on consent, you have the right to withdraw consent for this purpose at any time. For example, you consent to receive our marketing communications by email.  

Legal obligation

We have a basis to use your personal information where we need to do so to comply with one of our legal obligations.  For example, we may need to hold your data for seven years due to HMRC requirements.   

Legitimate interests

We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights). We only rely on legitimate interests where we have considered any potential impact on you, whether or not our processing is excessive and that our processing does not override your rights. We process the following data because we have a contract:

  • name, address, phone number, email, job title;
  • a record of the information that you provide to us;
  • the date on which you started using our services; and
  • the date on which you ceased to use our services.

We process the following data because we have a legitimate interest:

  • the IP address when you visit our website enables us to keep our website secure
  • a record of any complaints/ compliments made by you and the action taken in respect of any such complain/ compliments.

We will process the following personal data with your consent:

  • your email when you consent to receive our marketing communications
  • your name, phone, email and message when you submit an enquiry via our ‘Get in Touch’ form
  • Any other personal information provided by you on your CV and/or covering letter when applying to work with us via our ‘Apply Now’ form.

We process the following personal data due to our legal obligation to store it:

  • store your records for 7 years after you cease to be a client or employee/subcontractor for HMRC requirements

HOW LONG DO WE HOLD YOUR PERSONAL DATA?

We hold your data:

  • for enquires – until you withdraw consent
  • for marketing – until you withdraw consent
  • for security – 1 year
  • after ceasing to be a client or employee/subcontractor – 7 years

WHO DO WE SHARE YOUR INFORMATION WITH?

  • Our software and cloud service providers.
  • If you become a Tantivy Consulting employee or subcontractor (or with your permission prior to when an offer is made), with third parties (clients or prospective clients) during the proposal stage.

DATA TRANSFERS OUT OF THE EU OR EEA

We do transfer personal data out of the EU or EEA under the EU-US Privacy Shield.

YOUR RIGHTS UNDER THE GDPR

You have rights in respect of our processing of your personal data which are:

  • To access to your personal data and information about our processing of it.  You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    • we no longer need it;
    • if we are processing your personal data by consent and you withdraw that consent;
    • if we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out by automated means.

If you want to exercise any of these rights, please contact us. If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.   

Complaints or queries

Tantivy Consulting tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Tantivy Consulting’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.  

Changes to this Privacy and Fair Processing Notice

We keep our privacy notice under regular review. This privacy notice was last updated on 10 April 2018.  

How to contact us

If you want to request further information about our privacy policy, you can email us or write to:

Managing Director

Tantivy Consulting

White Collar Factory

1 Old Street Yard

London EC1Y 8AF

Email: james.baker@tantivy.co.uk