Data Privacy Notice
Carter Research Navigation Ltd
Carter Research Navigation Ltd (CRN, the Company) provides professional advice on all aspects of research management, including strategy, policy, organisational and operational management, and systems. It does so through individual projects for specific clients and through public comment and presentations.
What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), as passed into UK law in the Data Protection Act 2018 (the “DPA”).
Who we are
Carter Research Navigation Ltd is the data controller (see below for contact details). This means it decides how your personal data is processed and for what purposes. CRN is registered as a data controller with the Information Commissioner’s Office (ICO); our registration number is A8359961.
How do we process your personal data?
The Company complies with its obligations under the GDPR and DPA by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use personal data for the following purposes:
- To enable us to provide a service to our clients;
- To maintain our company accounts and records;
- To manage our employees;
- To inform you of news, events, activities and services provided by the company.
What is the legal basis for processing your personal data?
Processing of personal data is carried out:
- As a Legitimate Interest in order to administer and manage client relations and specific contracts, employee agreements, and marketing of the Company’s business.
- Under explicit Consent of the data subject so that we can keep you informed about news, events, activities and services.
- As a Legal Obligation in relation to obligations under employment, social security or social protection law, or a collective agreement.
- Under Contract with respect to suppliers (to the Company) and their staff, sub-contractors or agents.
What personal data we collect and why we collect it
The personal data we collect is generally:
- Identity data: first name, surname
- Contact data: email, address, phone number
- Technical data: see below for information collected as a consequence of using our website
- Marketing data: where applicable, preferences for receipt of and media for marketing information
We do not collect any Special Category data.
We primarily collect personal data as part of the client interaction and contracting process, and in the delivery of the contracted consultancy services. The individual assignment agreed with each client may involve discussions with individuals identified by the client. Where personal data needs to be collected in the context of those discussions, informed consent will be used as appropriate.
With respect to business development, marketing and staff management, we collect personal data necessary to conduct and develop our business and to fulfil our legal obligations.
We make use of publicly-available personal information, e.g. from organisational websites or business social media sites such as LinkedIn, in order to identify relevant individuals.
We collect some personal data as a consequence of the operation of our website. Our website is based on the WordPress service, and utilises its standard methodologies. The following sections provide information on the relevant website functionality.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to our site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
iv) Embedded content from other websites
Articles on our site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website.
Sharing Personal Data
Personal data will be treated as strictly confidential and will only be shared with other members of the Company in order to carry out a service or for purposes connected with the Company. We will only share your data with third parties outside of the Company with your consent, or as legally required.
Website visitor comments may be checked through an automated spam detection service.
How long we retain personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Some of our assignments may cover programmes spanning a number of years and we may retain personal data in light of this duration.
By law we have to keep basic information about our clients (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
In some circumstances you can ask us to delete your data: see your right to request erasure below for further information.
Your rights and your personal data
Unless subject to an exemption under the GDPR and the DPA, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which the Company holds about you;
- The right to request that the Company corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the Company to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability) (where applicable);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data (where applicable);
- The right to lodge a complaint with the Information Commissioner’s Office.
- Specifically, if you have an account on the Company’s website, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
We do not make use of automated decision-making and / or profiling based on personal data that we have collected.
To exercise all relevant rights, queries or complaints please in the first instance contact Ian Carter at firstname.lastname@example.org, 0739 174 9967. Our website address is: http://carter-resnav.co.uk.
You can contact the Information Commissioner’s Office on 0303 123 1113 or via their website ico.org.uk or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.