Version 8.0 Effective From: February 2020
At Wood for Trees, we make the following commitments to you:
- We will only ever process or retain your data if we have a legal basis for doing so.
- We will always be transparent about the data we hold on you and what we do with it.
- We will only collect the minimum data we need for an agreed purpose, no more.
- We will take steps where possible to make sure that data is accurate and up-to-date.
- We will keep your data safe and secure.
- We will respect and protect your fundamental rights to control YOUR data.
- We will treat any threats to your data as a top-level priority and deal responsibly with any actual loss, compromise or corruption of your data.
Navigate the sections below to understand more about how we handle your data.
If We Hold Your Data on Behalf of Another Organisation
If you are a customer of a company that uses our services or products to process your data, that company is responsible for determining how they use your data and for what purpose(s). We only ever process your data according to terms agreed with that company when they sign up to our services. If you would like further information on this, please contact the company that collected your data. If you have any concerns on how Wood for Trees processes your data on another company’s behalf, please get in touch with our Data Protection Officer at firstname.lastname@example.org as we would be happy to assist in any way we can.
What Personal Data Do We Collect?
When you browse our website, or open and interact with one of our emails, we collect unique identifiers such as your IP address, browser type, click rates and trackable website usage (for example, which of our website pages you have visited).
If you complete one of our website forms and/or are a potential client, we will collect any of the following pieces of information:
- Your Name
- Your Address (personal or corporate)
- Your Email Address (personal or corporate)
- Your Phone Number (personal or corporate)
- Job Title and Organisation
- Other Information Publicly Available (e.g. your LinkedIn profile)
- CCTV Images (if you visit our offices)
If you have signed, or are in the process of signing, a contract agreement with us, we will also collect the following:
- Billing Information
For clarity, we do not collect any personal data classed as ‘Special Categories’ under the EU General Data Protection Regulation (GDPR) for our own purposes.
How Do We Collect Your Data?
If you submit a form on our website, we collect the data you provide on the form. If you are a potential client, we also obtain limited information from publicly available sources including LinkedIn profiles and Twitter handles; we do this to understand how our products are most likely to be of use to the business you work for and therefore whether you are likely to be interested in hearing about them.
If you decide to sign up to one of our products or services, we will request information from you where it is required to enable us to effectively meet our contractual obligations to you.
How Will We Use Your Data?
If you are a user of our website forms and/or a potential client, we will use the data collected to market products and services to you that we think you are likely to be interested in. If you receive any such communications, we will always make it clear from the outset how you can easily opt out of further communications.
The data we collect when you browse our website is used to understand and manage the usage of our website.
When you sign up to a service or product with us, the information collected as part of contractual arrangements is used to deliver our products and services to you. This includes the provision of Customer Support services such as delivery of change notifications and the use of our support portal.
Why Do We Collect This data?
We only collect (minimal) data for marketing purposes if we believe our products and services are likely to be relevant to, and useful for, your business. We have identified this as a legitimate interest that conforms to standards set by the UK’s Data & Marketing Association along with the EU GDPR.
We have also assessed that we have a legitimate interest in collecting information on website usage. For example, this helps us to identify the content that people are most interested in and use this information to improve user experience. It also allows us to keep our website secure and prevent fraudulent activity. We use consent as the lawful basis to utilise cookies where they are not essential for the performance of our websites.
If we collect data as part of providing a product or service to you, we require it in order to meet our contractual obligations effectively. For example, we would need to know who we should contact in your business to provide notification of service updates.
Who Do We Share Your Data With?
We also share your data with a select number of third-party suppliers that we utilise to meet our obligations to you. For example, we use Microsoft to support our internal infrastructure activities. Where we share your data with third parties, we will always ensure that it is subject to the same level of data protection standards that we offer to you. Such parties are contractually obliged to only use your data for limited and specific purposes we agree with them to support the fulfilment of our contract with you.
In rare circumstances, we may also be legally required to share your data; for example, if we receive a summons for its use in a court of English law.
We will never sell your data onwards.
How Long Will We Keep Your Data?
We will only keep your data as long as it is required for the processing purposes outlined in section “How Will We Use Your Data?”.
This does not preclude that in certain circumstances you have an absolute right to request that we stop using and/or delete your data; for example, if we are relying on legitimate interests to use it for direct marketing. In these cases, we will always uphold such a request.
See the next section ‘How Can You Control How Your Data Is Processed?’ for further information on making such a request.
How Can You Control How Your Data Is Processed?
Your data is just that; yours.
At Wood for Trees we have built our business on trust as a fundamental principle and aim to empower you to control your data and how it is used.
Depending on the reason for processing your data, you can request the following:
- Access to your data (i.e. a view of the data we hold on you).
- Amendments to your data (for example, if we have an incorrect address).
- Restrictions to how we use your data (if you are happy for it to be used for some processing but not others).
- Deletion of your data (if you want us to ‘forget’ you entirely).
- Transfer of your data (for example, to another provider).
- Object to the processing of your data (if you disagree with how, or why, we are processing it).
To raise a request, please contact the Data Protection Officer whose contact details can be found in the section ‘How Can You Find Out More?’ below.
How Can You Find Out More?
If you would like more details on how we handle your data or raise one of the requests outlined in section ‘How Can You Control How Your Data Is Processed?’ you can contact our Data Protection Officer by email at email@example.com or at the following address:
Any concerns relating to how we handle your data should be raised with the Data Protection Officer; however if you are not happy with our response, you also have the right to raise a complaint with the UK Information Commissioners’ Office.
Wood for Trees has been built on the fundamental concept that individuals should be at the heart of how organisations collect, use and share their data. Thank you for taking the time to read about how we handle your data.