Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) and some other UK legislation.
Who are we?
Romulus Advisory LLP (RA) is the data controller. This means we decides how your personal data is processed and for what purposes. RA is a limited liability partnership incorporated and registered in England and Wales with partnership number. Where contracts with clients require, RA acts as data processor and complies with the same regulations in such cases.
What information do we collect about you?
When you do business with us, become a client of our partnership, register for or attend any events or subscribe to our blog or other publications we collect some or all of the following personal information from you:
- Your name
- Your postal address, email address and telephone number
- Any information relevant to the services may be providing to you.
How do we process your personal data?
RA takes your privacy very seriously complies with its obligations under the “GDPR” as follows:
- by keeping personal data up to date;
- by storing and destroying it securely;
- by not collecting or retaining excessive amounts of data;
- by protecting personal data from loss, misuse, unauthorised access and disclosure and
- by ensuring that appropriate organisational and technical measures are in place to protect personal data.
We use personal data for the following purposes:
- To enable us to provide you with consultancy, information or other services that you have asked us to provide.
- To maintain our own accounts and records.
- To manage our associates.
- To inform you, with your consent (see below), about our products and services or information that is likely be relevant to you or your organisation, such as funding opportunities or changes in good practice, regulation or the law.
Our website, cookies and other information-gathering technologies
When you visit our website, we use Google Analytics to collect standard internet log and visitor behaviour information, e.g. to understand the number of visitors to the site.
This information is only processed in ways that do not identify anyone. We do not attempt, and do not allow Google or other providers to attempt, to find out the identity of anyone visiting our site.
Our website contains links to other websites.
This Privacy Notice applies only RA’s website so when you access links to other websites you should read their own privacy notices/policies.
What is the legal basis for processing your personal data?
- Where personal data is collected in the course of fulfilling our contractual and legal obligations to you or when you have asked us to provide services to you, only necessary data is collected, and it is securely stored and access restricted only to staff who need it. This data is processed to fulfil our contractual obligations to you, to comply with other legal obligations or in our and your legitimate interests (e.g. to provide you with information and services requested by, or promised to you, to ensure continuity of services and manage repeat business effectively and/or to defend any legal claims). The other considerations set out elsewhere in this policy also apply.
- Explicit consent of the data subject so that we can keep you informed about information that is likely be relevant to you or your organisation, including new information available from us (such as blog posts) and other information about our products and services. You can withdraw your consent at any time by emailing firstname.lastname@example.org .
- Processing of personal data relating to associates of RA is necessary for carrying out obligations under health and safety, social security or social protection law, or a collective agreement. It is processed to fulfil our contractual obligations and legal obligations only.
Sharing your personal data
We will only share your data with third parties outside RA with your explicit consent, unless we are legally or contractually required to do so, or:
- for the purposes of securely storing the data, for example on cloud-based servers managed by third party providers (such as Apple, Dropbox, Google, Microsoft, MailChimp etc.)
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
The information you provide will not be transferred to countries outside the European Economic Area (EEA).
How long do we keep your personal data?
We keep data in accordance with the GDPR and only for as long as is necessary (for example to keep you informed about information that is likely be relevant to you or your organisation including new information available from us and other information about our products and services or to comply with the record keeping requirements of HMRC or other regulators).
In general we will retain data for 2 years after our last contact with the data subject. We may retain some data for longer periods for reasons of continuity of service delivery, to ensure availability of relevant information about repeat clients, to defend legal claims or protection or legal rights or where we are contractually or legally required to do so. For further information on our detailed retention policies please email email@example.com
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data RA holds about you.
- The right to request that RA corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary or required for RA to retain such data. This right does not apply where we have a legal obligation to retain your data.
- The right to withdraw your consent to the processing at any time (if we are processing on the basis of your consent).
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability) . This right only applies where we are processing your personal data based on consent or for the performance of a contract with you and in either case we are processing the data by automated means.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data. This right only applies where we are processing your personal data based on legitimate interests.
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Privacy Statement, then we will publish a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact our designated partner, Gavin Lendon on firstname.lastname@example.org.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
As a result of viewing this website some information may become stored upon your computer. This information may be in the form of a ‘cookie’ or similar file which may help Romulus Advisory LLP in many ways, for instance to improve the content of the website or to improve the matching of your interests or preferences. If you do not want a cookie to be stored in your computer, most internet browsers have functions to erase cookies from the computer’s hard drive or to block all cookies or to receive a warning before a cookie is stored. You are welcome to use such facilities to prevent the installation of any cookie but by accessing our website you consent to Romulus Advisory LLP’s use of any information gathered for the purposes mentioned above.