This notice explains what we do with your personal information, why we want to use it, how we protect it, and what rights you have to control our use of your personal data.
We have complete respect for your rights over your personal data and we will only use it where necessary to deliver our services to you or your employer, or to keep you up to date about developments in circular economy and sustainability that we think you’ll find interesting and useful.
The data controller
The data controller is Novem Vitas Limited (“Novem Vitas”). Our company number is 13692491. We are listed as a data controller on the ICO’s register of fee payers, our registration reference is ZB301004.
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at email@example.com. We use this email address for all data protection and data access matters.
The purpose and lawful basis for processing your personal data
We use information for a few different purposes and these each have a different lawful basis. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you.
If you use our website contact form we use your name and email address to send a reply to you. It is in our “legitimate interests” to reply to you and we won’t keep your details for any longer than 2 months. Your personal information won’t be used for any other reason – we promise.
When you visit our website, we may record your journey on our website to help us improve it but this doesn’t record any personal information (such as your computer’s IP address). We use special software that does not track your personal information – this is called “privacy by design”.
If you work for a company that is a Novem Vitas client or project partner, we hold your name and contact details because we have a legitimate interest in delivering services to you. We need your contact details to deliver our services (such as send you update emails when you need to take actions, send you invoices and so on.) We may also contact you after project completion to ask about post-project progress and identify any further requirements you may have for our services.
We will hold your information for six years from the end of our project with you, for legal records.
If you are a supplier or other business associated with Novem Vitas’s field of work, we will hold your contact details because we have a legitimate interest in doing business with your company. We will hold this information for three years since we were last in contact with you. It’s possible we picked this information up from public directories (such as LinkedIn and internet searches) or that you passed your details to us with a business card.
If you visit our website, we may record your computer’s IP address so we can tell how each user and repeat visitor is using our site (your IP address is also a piece of your personal data). We have a legitimate interest in tracking user journeys on the site so that we can improve our site. We will hold IP information for a maximum of three years from the time of your last visit to our site or application.
Who receives your personal data?
We use a small range of service providers to do our day-to-day work. These include:
- An accountant and a bookkeeper
- Email service provider
- Software and web service providers such as CRMs and bookkeeping applications,
- Associates and subcontractors
We have arrangements in place with each organisation to protect the personal data under our control. If you’d like more information about our suppliers please contact us at firstname.lastname@example.org
International transfers of personal data, and their safeguarding measures
We use some cloud-based systems, which means the information is held in information data centres in different locations.
Where possible, we only process your personal data on servers based in the European Economic Area (EEA). Some of the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA. To ensure that your personal data is protected to the standards required by GDPR we have implemented the appropriate standard contractual clauses approved by the EC.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over them. You can exercise any or all these rights when you choose, and the easiest way is by dropping us an email at email@example.com.
You have the right to request a copy of all personal data we hold relating to you and we must provide this within 30 days. You also have the right to require us to correct any records that are wrong.
You have the right to require us to erase personal data and we must comply unless we need it for one of the purposes described above (for example, this might include the fact that we need to deliver certain work to your employer.) We also retain the right to keep data that is needed to establish, exercise or defend a legal claim.
Where we process your data based on a “legitimate interest” you still have the right to object to our processing of that data. From that point, we must stop processing your data until we have determined whether your rights override our interests.
Finally, you have the right to have your personal data transferred to another organisation, and we’re obliged to provide it to you in a clear and reasonable format.
Your rights to lodge a complaint with the Regulator
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns or by calling them on 0303 123 1113.
Of course, we hope that we can resolve your issue quickly and fairly – you can contact us at firstname.lastname@example.org.
Our contractual requirements to use your personal data
If you work for a Novem Vitas client or partner organisation, it’s likely to be a requirement that we collect personal information from you so that we can enter into a contract with your employer (for supply of goods, or supply of services).
If you’re an employee (or temporary or associated worker) at a client or partner company, we have a legitimate interest in using your personal data so we can deliver services to your employer or our client. They will require us to do this through our contract with them or with someone that we have a contract with (like a non-governmental organisation). If you ask us to restrict processing of your personal data, we may not be able to deliver our agreed work and this could affect your or your employer’s participation in our projects.
Other purposes for processing personal data
We don’t perform any automated processing or decision making using personal data.
We don’t process your personal data for any other purpose than we’ve described here. We won’t sell your personal data to other companies..
Should we decide that we want to develop a new processing purpose, we will contact you to let you know what we intend to do, the lawful basis we will use, and your rights over our intended new processing. We’ll also publish information about it here.
If you have any questions, concerns or just want some more information about our privacy management, drop us a line at email@example.com