The protection of personal data is important to us. We process personal data in line with the General Data Protection Regulation (GDPR). This guidance is designed to inform you of the sort of personal data we collect, why we collect it, how we use it and data subjects’ legal rights in relation to this.
In this document you may find the following terms:
By this we mean whatever digital device e.g. personal computer, mobile phone or tablet you use to access the Internet and to visit Keith Borer Consultants’ website.
Your Consent is your agreement to allow us to process your personal data; it must be freely given, informed and specific to the purpose for which it is required. You can withdraw that agreement at any time.
· Data Controller or controller responsible for the processing
The Data Controller is responsible for determining what personal data is collected, what reasons it is required and how it is processed (which includes how it is stored and to whom and how it is transmitted). This includes occasions when data is collected or processed on behalf of the Data Controller by a third party.
· Data Processor
The Data Processor is an individual or organisation which processes (as defined above) personal data on behalf of the Data Controller
· Data Subject
An individual whose data/information is being processed.
· Personal data
Personal data means any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP Address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
By processing we mean the collection, recording, organisation, structuring, storage, alteration, retrieval, use, disclosure (by transmission, or otherwise making available), erasure or destruction of personal data.
Name and address of the Data Controller
Keith Borer Consultants is a division of Orchid Cellmark Ltd, who is the Data Controller. Address and contact details are as follows:
The Data Controller
Orchid Cellmark Ltd
16 Blacklands Way
Phone: 01235 528609
We routinely seek, receive and process personal data in order to provide our services.
We also collect and process personal data about visitors to our website, including:
information about the computer accessing our website and about visits to and use of this website (including the computer’s IP address, geographical location, browser type, referral source, length of visit and number of page views);
information provided to us for the purpose of subscribing to our website services, email notifications and/or newsletters, including email address and name;
any other information that the visitor chooses to send to us.
Our website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
Using personal data
Personal data submitted to us will be used for our legitimate business purposes, which include:
investigating, preventing or detecting crime;
providing a service requested by or on behalf of the Data Subject;
managing our website to improve its functionality and the Data Subject’s browsing experience;
providing statements and invoices, and collecting payments;
non-marketing communications with the Data Subject;
marketing communications (e.g. our newsletter) relating to our business which we think may be of interest to you. Where this is by email we will include the option to unsubscribe from future marketing communications.
Legal basis for processing
Article. 6(1) lit. (a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If processing personal data is necessary for the performance of a contract to which the Data Subject is a party, as is the case, for example, for the supply of our consultancy services, the processing is based on Article 6(1) lit. (b) GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of enquiries concerning our products or services.
Where KBC is subject to a legal obligation by which processing of personal data is required, such as for the maintenance of accounting records and the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. (c) GDPR.
If the Data Subject is a litigant or witness in a case in which KBC is, or may be, instructed, KBC has a legal basis for processing the Data Subject’s personal and case-related data pursuant to Article 6(1) lit. (e) GDPR in the public interest.
By choosing to share with us case-related information associated with a service we are providing, the Data Subject and/or the Data Controller of that data accepts that there is a legitimate interest in our processing the data under Article 6(1) lit. (f) GDPR. The contact details supplied to us may also be used for marketing purposes under the same premise.
We may disclose personal data to any of our employees, officers, agents, instructing parties, suppliers or subcontractors insofar as reasonably necessary for us to provide our services and for the purposes as set out in this Privacy Notice. In addition, we may disclose information:
Otherwise where personal data, other than those necessarily recorded by website analytical software for the purposes of website management and user experience optimisation, is to be transferred to countries which do not have data protection laws equivalent to those in force in the European Economic Areas (EEA), we will inform you in advance, unless that country is the country from where you, your advisors or our instructing parties have communicated with us.
Security of personal data in transmission
Data transmission over the internet is inherently insecure and we cannot guarantee the security of data sent this way.
All personal data received by KBC is subject to appropriate electronic and/or physical security measures including, electronic and physical access restrictions, defined retention periods and secure destruction policies.
Data retention / destruction
We will process and store personal data only for the period necessary to achieve the purpose of storage. Our policy for data retention is intended to protect personal interests and the interests of the public. Information held in relation to a forensic case has the potential to be of value in future proceedings (e.g. Appeal), even if this is not immediately obvious. We therefore hold case data for up to 30 years depending on the type of case, although we will destroy it within 18 months if it has not contributed to any service we have provided.
We will hold your contact details in case we need to get in touch regarding one of your cases or a service/update which we think may interest you. We will also keep a record of your preferences regarding email communications.
Where we identify that it is no longer necessary for us to hold personal data, we shall delete it or anonymise it such that it is no longer personal, in accordance with our company policies and legal requirements.
Data protection and staff recruitment
Keith Borer Consultants collects and processes the personal data of applicants in the process of staff recruitment. If an applicant submits an application by e-mail, online or by post and is successful the submitted data will be stored in compliance with legal requirements. If they are unsuccessful, the documents will be erased after one year, unless consent is given otherwise by the individual.
Data protection and Google Analytics and Google AdWords
KBC may employ both the Analytics and AdWords services provided by Google. Google Analytics is a web analytics service that collects data about the website from which a person has come, which pages on our website were visited, and how often and for how long a page was viewed. Google AdWords is a service for Internet advertising that allows KBC to place ads in Google search engine results and the Google advertising network which are designed to promote our service and encourage people to visit our website.
Google uses the data to evaluate the use of our website and to carry out analysis of our Internet advertising. Personal data is stored by Google outside of the EU in the United States of America and Google may pass this data on to other third parties. Google provides detailed instructions on how to block cookies at https://support.google.com/accounts/answer/61416
Data protection and social media
The relevant data protection guidelines can be found via these links:
Google Plus/YouTube, https://www.google.com/intl/en/policies/privacy/
Unless the legal requirements of our processing take precedence, Data Subjects have a right of access to the information we hold about them, to know why and for how long it is being held, to have it amended if inaccurate and erased if no longer required. In order to access the data, a subject access request must be made in writing to the Data Controller.
Please check this Privacy Notice occasionally on our website as we may update it from time-to-time. We may also notify our contacts of changes by email.
In the event of any questions arising about this Privacy Notice or our processing of personal data, please write to us by email to firstname.lastname@example.org or email@example.com or by post to the address listed on our contact page, marked for the attention of the Quality Manager.