Privacy Policy
CONTENTS
IF YOU ARE A VISITOR TO OUR WEBSITE
IF YOU HAVE APPLIED TO WORK FOR US
IF YOU ARE A CURRENT EMPLOYEE OR FORMER EMPLOYEE
This notice is intended to explain how we use your information and what your rights are in relation to how we use your information.
WHO WE ARE
Peacock Risk Management Limited (the ‘the Company’) is a Limited Company registered in England and Wales with company number 09159265. The Company’s registered office is at 385 Bury Road, Turton, Bolton, Lancashire, BL7 0BU.
The Company is the ‘Controller’ for data protection purposes. This means that the Company collects and holds your information and decides what it will be used for. The Company is subject to the requirements of data protection legislation applicable to the UK and must use your personal data in accordance with the law. The Company is registered with the Information Commissioner’s Office (ICO), with registration number ZA073337.
HOW YOU CAN CONTACT US
We have appointed Denise Butler as our Data Protection Manager and you can contact her to discuss this privacy notice any data protection related issues or queries.
Telephone: 07885 542197
Email: dbutler@peacockriskmanagement.com
Post: 385 Bury Road, Turton, Bolton, Lancashire, BL7 0BU
IF YOU ARE A VISITOR TO OUR WEBSITE
Analytics
When you visit our website, we use Google Analytics (a third-party service) to collect standard internet log information and details of visitor behaviour patterns. We do this so that we can find out how people use our website e.g. how many people visit our website and which areas they look at.
We have anonymised this information by ensuring that your IP address cannot be identified.
The information generated by Google Analytics is transmitted to and stored by Google on servers in the United States. Google adheres to EU-US Privacy Shield Framework which puts it under an obligation to meet certain security standards approved by the EU. Google will use the information on behalf of the firm for the purposes of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage.
You may refuse the use of the cookies used by Google Analytics via the settings in your browser (see cookies section below).To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Our lawful basis for using your information in this way will be two-fold:
For our legitimate interests in understanding how our website is used; and
Your consent to our use of cookies.
How we use cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by us to your computer and will be stored on your computer until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when you leave our site.
We this website. This list below explains the cookies we use and why:
(a) Google Analytics – understanding how our website is used
(b) Contact form – to be able to contact you about your enquiry
Cookies a & b are persistent cookies.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Our lawful basis for using your information in this way is for our legitimate interests in ensuring that our website works efficiently but you are free to opt out of cookies as detailed above
Using our contact form
If you submit your personal details to us by completing and submitting our contact form, we will use your information to:
- Contact you to respond to your request for contact;
- Send information to you about the Company and its services, where you have given us authority to do so.
We will add your contact details to our electronic database and keep them for as long as you provide your consent for us to use your contact details in this way.
Our lawful basis for using your information in this way will be two-fold:
- For our legitimate interests in marketing our services; and
- Upon your express consent (where required by law).
IF YOU ARE A CLIENT
We keep your information confidential and will not disclose it to third parties unless disclosure is:
Authorised by you;
Necessary as part of the legal services we are providing to you (to perform our contract with you);
Required by law or our professional rules;
Necessary for the purposes of our legitimate interests or those of a third party (in other words, we have a compelling justification for the disclosure); or
Necessary to protect your vital interests or those of another person i.e. to protect a life.
We use your information primarily to provide consultancy services to you. We also use your information for: accounting and billing purposes; to comply with our legal obligations, to manage our business effectively and to market our business.
We will add your contact details to our marketing database which we will use to send information to you about our services, issue our Compliance Bulletin to you, tell you about any events that we are attending or hosting and send any other information to you that we think might be of interest to you. Our legal basis for using your personal data in that way is for our legitimate interests in marketing our business. However, you have the right to object to direct marketing and can do this by contacting Denise Butler. We will also provide you with a means to unsubscribe in each marketing communication that we send to you.
If you request our assistance to negotiate with third parties on your behalf (e.g. professional indemnity insurance brokers, suppliers of goods or services) or with regulatory or professional bodies (e.g. Solicitors Regulation Authority, Law Society, Legal Ombudsman, Information Commissioner’s Office, Legal Aid Agency), then we will need to share your relevant personal data with these third parties in order to provide our services to you.
We may correspond with you by email if you provide us with an email address, unless you advise us in writing that you do not wish us to do so. You acknowledge that email may not be secure. Email will be treated as written correspondence and we are entitled to assume that the purported sender of an email is the actual sender and that any express or implied approval or authority referred to in an email has been validly given. Please be aware that the Company may monitor and read any email correspondence travelling between you and any mail recipient at the Company as part of its monitoring activities.
We will aim to communicate with you by such method as you request. More often than not this will be in writing but may be by telephone if it is appropriate.
Where you provide us with fax or email addresses for sending material to, you are responsible for ensuring that your arrangements are sufficiently secure and confidential to protect your interests. You must tell us if this method of communication is not secure so that can use an alternative method.
The Internet is not secure and there are risks if you send sensitive information in this manner or you ask us to do so. Please be aware that the data we send by email is not routinely encrypted.
We will take reasonable steps to protect the integrity of our computer systems by screening for viruses on email sent or received. We expect you to do the same for your computer systems.
It is very unlikely that we will change our bank account details during the course of your matter. In any event, we will never contact you by email to tell you that our details have changed. If you receive any communications purporting to be from this company, that you deem suspicious or have any concerns about (however slight), please contact us by telephone straightaway.
Once your consultancy services have ended, we will hold records of your information for 2 years from the date of the final invoice. After that period has elapsed, we will delete your electronic records and destroy any physical records securely. Once that has happened, your records will no longer be available.
We will transfer your personal data outside of the European Economic Area (EEA), when we back up your personal data and records to cloud based storage provided by companies based in the US. However, our storage providers are certified to the EU-US Privacy Shield Framework which means that they agree to process personal data to the standards expected by Europe. Our storage providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your information safe.
IF YOU ARE A SUPPLIER
We keep your information confidential and will not disclose it to third parties unless disclosure is:
Authorised by you;
Necessary for the performance of a contract;
Required by law or our professional rules;
Necessary for the purposes of our legitimate interests or those of a third party (in other words, we have a compelling justification for the disclosure); or
Necessary to protect your vital interests or those of another person i.e. to protect a life.
We use your information for accounting and billing purposes and to manage our business effectively. Our legal basis for processing your personal data is two-fold:
To meet the contractual obligations that we have with you (performance of a contract);
For our legitimate interests in managing our business effectively.
We will hold your information for the duration of our contract with you and then for 3 years after our agreement has ended. After that period has elapsed, we will delete your information from our electronic records. Once that has happened, your information will no longer be available.
We will transfer your personal data outside of the European Economic Area (EEA), when we back up your personal data and records to cloud based storage provided by companies based in the US. However, our storage providers are certified to the EU-US Privacy Shield Framework which means that they agree to process personal data to the standards expected by Europe. Our storage providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your information safe.
IF YOU ARE A BUSINESS CONTACT
We keep your information confidential and will not disclose it to third parties unless disclosure is:
Authorised by you;
Necessary for the performance of a contract;
Required by law or our professional rules;
Necessary for the purposes of our legitimate interests or those of a third party (in other words, we have a compelling justification for the disclosure); or
Necessary to protect your vital interests or those of another person i.e. to protect a life.
We use your information to network with you. Our legal basis for processing your personal data is two-fold:
For our legitimate interests in networking and marketing our business;
Your consent to use contacting you.
We will hold your information for as long as we have your consent to hold it. After that period has elapsed, we will delete your information from our electronic records. Once that has happened, your information will no longer be available.
We will transfer your personal data outside of the European Economic Area (EEA), when we back up your personal data and records to cloud based storage provided by companies based in the US. However, our storage providers are certified to the EU-US Privacy Shield Framework which means that they agree to process personal data to the standards expected by Europe. Our storage providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your information safe.
IF YOU HAVE APPLIED TO WORK FOR US
All of the information you provide when you apply to work for us, will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties unless authorised by you or required by law.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. You don’t have to provide what we ask for, but it might affect your application if you don’t.
Our legal basis for processing your personal data is two-fold:
For our legitimate interests in ensuring that we have adequate recruitment procedures and undertake the right checks to ensure that we recruit the right candidate; and
To meet our legal obligations, particularly those relating to equality and diversity.
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the vacancy.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the vacancy.
Equal opportunities information is retained for 6 months following the closure of the vacancy whether you are successful or not.
We will transfer your personal data outside of the European Economic Area (EEA), when we back up your personal data and records to cloud based storage provided by companies based in the US. However, our storage providers are certified to the EU-US Privacy Shield Framework which means that they agree to process personal data to the standards expected by Europe. Our storage providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your information safe.
IF YOU ARE CURRENT EMPLOYEE OR FORMER EMPLOYEE
We obtain your personal information for the following purposes:
- Contact details;
- Bank details;
- Pension details;
- Tax details;
- Pay details;
- Annual leave details;
- Sick leave details;
- Performance details;
- Qualifications;
- Employment history;
- Ethnicity details;
- Disability details;
- Training records.
We keep your information confidential and will not disclose it to third parties unless disclosure is:
- Authorised by you;
- Necessary for the performance of a contract;
- Required by law or our professional rules;
- Necessary for the purposes of our legitimate interests or those of a third party (in other words, we have a compelling justification for the disclosure); or
- Necessary to protect your vital interests or those of another person i.e. to protect a life.
Our legal basis for processing your personal data is two-fold:
- For our legitimate interests in ensuring that we have adequate personnel records; and
- To meet our legal obligations as employers.
We will share your information with the following third parties:
- HMRC;
- Student Loan Company;
- The Company’s pension provider;
- The Company’s financial advisor;
- The Company’s IT support provider.
We will transfer your personal data outside of the European Economic Area (EEA), when we back up your personal data and records to cloud based storage provided by companies based in the US. However, our storage providers are certified to the EU-US Privacy Shield Framework which means that they agree to process personal data to the standards expected by Europe. Our storage providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your information safe.
Your employee file for the duration of your employment plus 6 years following the end of your employment.
YOUR RIGHTS
If you are an individual, you have the following rights under the General Data Protection Regulation (GDPR):
- Right to access personal data – you can request details from us of the personal data that we hold about you;
- Right to object to processing – you can tell us that you want us to stop processing your personal data;
- Right to object to automated individual decision making including profiling – you can object to us making decisions about you solely by using a computer system without any human consideration. We do not currently do this;
- Right to rectification – you can ask us to correct personal data that we hold because you believe it is inaccurate;
- Right to erasure – you can ask us to delete the personal data that we hold about you;
- Right to restrict processing – you can tell us that you only want us to use the personal data for a specific reason.
Please note that these rights are not absolute rights (they are not rights that will be automatically granted), as we have to consider whether there are any reasons why we cannot meet your request. For example, we will not be able to delete data that we are legally obliged to keep. We will let you know if we not able to meet your request and the reason why (where it is appropriate to disclose this information to you).
You also have the right to complain to the Information Commissioner’s Office (ICO) if you are not happy with the way that we handle your personal data. You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by calling the ICO’s helpline on 0303 123 1113.
Please note that where you provide consent to us using your personal data, you are entitled to withdraw that consent at any time. You can do this by informing your file handler or contacting our designated Data Protection Manager.