OTHO Privacy Notice
1. Our contact details
OTHO Limited is a company registered in England and Wales, company number 07746026.
Our registered office address is:
2 Stafford Place
Our business operations are carried out at:
6 Beaufighter Road
Email address: firstname.lastname@example.org
Office telephone: (+44) 1934 411255
Main point of contact for data protection matters is our Data Protection Officer, Anthony Thompson, who can be contacted via email email@example.com and mobile (+44) 7706 112416, or by post to:
6 Beaufighter Road
We have been registered with the Information Commissioner’s Office in the United Kingdom since 28th September 2011. Our reference number is Z2870061.
2. What type of information we have
We collect, store and use Personal Information. Personal Information is any information that can be used to identify a living person. The types of personal information we hold are:
We collect, store and use transaction data where it is necessary for communicating with employees and customers, and those requesting information from us. Transaction data includes details about payments made for products and services, and communications relating to those products and services.
We collect, store and use feedback information and comments provided to us during and after the provision of goods and services by us. This includes, for example, positive and negative comments following the provision of training or consultancy services. We may use testimonials provided to us. These may be used for marketing purposes and demonstrating the work we have carried out. In every case we will seek the advance permission of the author before it is used in any way that identifies the author. We may use anonymised comments without seeking prior approval.
We may collect, store and use Personal Information for the purpose of carrying out due diligence enquiries to establish the bona fides of any person we may employ or contract with, or for the purposes of bidding for a contract, or for any other lawful transaction, including security checks. We do not collect, store or use special personal information. Special personal information is data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
3. How we get the information and why we do we have it
We collect the information from email messages and other electronic documents we receive in the course of business communications. We extract the data for the purpose of contacting the individuals again in the course of business dealings. We also collect information contained on business cards which are given to our consultants during business meetings, conferences and other networking occasions. The information is extracted and entered into Microsoft Outlook Contacts and on consultants’ mobile phones where there is an expectation for future business engagement.
We consider that we have a legitimate interest in collecting and holding personal information. We may have, or intend to have, a contract with the individual and we may be required to conduct a pre-contract request from the individual. We have a legitimate interest to contact an individual if that individual contacts us by completing an online request for information about our services or contacts us in person or by telephone.
Individuals have the ongoing power to decide whether or not we process their data and may request that we delete it. Should we receive a request for deletion of personal data, we will take immediate action to remove it from our systems and will inform the individual in writing when that has been done.
We will retain personal data when it relates to specific contracts and accounting purposes required by government authorities and regulators.
4. What we do with the information
We use the information for the purposes of legitimate interest on the basis there is a legitimate interest, either to you or to us, of doing so. Where we process your information on this basis, we do after having given careful consideration to:
Information we process because we have a legal obligation
Sometimes, we may process your information in order to comply with a statutory requirement. For example, we may be required to give information to regulatory and other authorities if they so request, or if they have the legal authorisation such as a search warrant or court order. This may include Personal Information. Information sharing with third parties
We do not share Personal Information with third parties unless we are required to do so by law, or we first obtain prior consent in writing. This will usually be by email.
We do not send Personal Information outside the European Union (EU) without the express consent of the individual concerned. For example, for the purposes of negotiating or fulfilling the requirements of a contract, or pre-contract qualification, we may be required to submit a curriculum vitae of one or more consultants to an organisation outside the EU. We always obtain the written consent of the individual prior to releasing this information. This consent will be obtained by email.
We do store electronic data held in cloud technologies outside the European Union. We use Dropbox which is a company based in the United States. All files stored online by Dropbox are encrypted and kept in secure storage servers located in data centres across the United States. We pay a fee for this service.
Automated Decision-Making and Profiling
We do not use any automated decision making using the information we hold and do not carry out profiling.
5. How we store your information
We store information electronically and in hard copy in secure, locked, metal storage cabinets in our office at The Hive, 6 Beaufighter Road, Weston-super-Mare, Somerset, BS24 8EE, United Kingdom. Hard copy information includes invoices and training data relating to courses individuals have attended either on our premises or elsewhere. This training information contains the name, address and contact information, the name of the course attended and the date and location where it was held.
Electronic files are referenced and indexed to ensure they are searchable and accessible. We keep electronic data on our computer system hard drives and backed up on the cloud using ‘Dropbox’. Our electronic systems are protected by firewalls and other branded protective measures. Our offices are secured and are locked when not occupied. We have a secure key-card access control system in use and the building is protected by CCTV and other intruder detection measures. A private security company provides additional security support and irregular periodic visits during times when the building is unoccupied.
Retention period for Personal Information
We keep Personal Information only for as long as required by us:
Deletion of Personal Information
Electronic data will be deleted from all hard drives and cloud storage facilities when no longer required for our legitimate interest purposes.
Hard copies of personal Information are kept securely in our office and destroyed by secure shredding using an external organisation. The external organisation provides a periodic mobile shredding service at our office location. The secure shredding is carried out at our office premises.
6. Your data protection rights
Under UK data protection law, you have rights including:
a) Your right of access - You have the right to ask us for copies of your personal information.
b) Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
c) Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
d) Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
e) Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
f) Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge to us for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us by email at firstname.lastname@example.org or our office telephone number (+44) 1934 411255 if you wish to make a request in connection with exercising your rights.
7. How to complain
If you have any complaints about how we are using, storing, or otherwise handling Personal Information please contact our Data Protection Officer, Anthony Thompson, who can be contacted via email email@example.com and mobile (+44) 7706 112416, or by post to:
6 Beaufighter Road
You can also complain to the Information Commissioner - who is an independent regulator - if you are unhappy about how we have used your data.
The ICO’s postal address is:
Information Commissioner’s Office
You can email your concerns or complaint to the Information Commissioner at firstname.lastname@example.org, or call the helpline number: 0303 123 1113 (this is the telephone number for calls from the United Kingdom). The Information Commissioner's website is: https://ico.org.uk/