We limit the personal data we hold to what is relevant for supplying or marketing our services or otherwise conducting business.
PERSONAL DATA WE MAY HOLD
Individuals from whom we obtain Personal Data include clients, potential clients, suppliers, service providers, journalists, academics, industry experts, employees and potential employees and others with whom we have a business or professional relationship (collectively “Contacts”). The types of contact data we may hold include:
- Telephone/address information (such as telephone numbers, street address, e-mail address)
- Other business or marketing-related personal details (such as education, business or professional role, business title, hobbies and interests, and dietary or facilities preferences required for meeting planning)
- Bank details required for invoicing or payments, but only if this is supplied by you.
SOURCES OF PERSONAL DATA
The provision of personal data is essential for us to be able to provide those services for which we have been engaged, or may be engaged. This means that our lawful basis for holding this personal data is one or more of the following:
- ‘Performance of a contract’ i.e. we have agreed under engagement terms to deliver a contract which requires us to hold and process personal information about or on behalf of our clients.
- ‘Compliance of a legal obligation’ i.e. we are required as our clients engaged advisors to submit certain legal and personal information to HMRC to fulfil our clients legal and statutory obligations.
- ‘Legitimate interests’ i.e. as public relations specialists to share with you relevant information about items of interest to you.
We obtain Personal Data when individuals:
- Are designated by their employer as our contacts for the purpose of submitting proposals, managing client assignments, invoicing, or (for companies providing services to Lucre) for managing the service relationship and paying invoices
- Have consented to be on a Lucre new business mailing list
- Submit their CV for recruitment purposes
- Request information from us or
- Otherwise provide Lucre or a Lucre employee with their contact details or other personal data.
HOW WE USE PERSONAL DATA
We use Personal Data to:
- Process employee data
- Advise clients and potential clients about products and services offered by Lucre
- Instruct our suppliers and service providers and compensate them for their services, and
- Correspond with our Contacts
- Connect with journalists to provide our public relations services on behalf of clients
We will never share personal data with any third party unless it is within our lawful basis for doing so and we will never share your data outside of Lucre for marketing purposes.
When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security policies.
Personal data held by us may be transferred to:
- Regulatory authorities like HMRC and other fraud prevention agencies for the purposes of fraud prevention and to comply with any legal and regulatory issues and disclosures;
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so;
- Third party organisations that provide applications/ functionality, data processing or IT services to us, to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based accounting software, identity verification, data, data back-up, security and storage services;
- Third party organisations (eg Auditors, other professional advisers and pension administrators ) that otherwise assist us in providing goods, services or information within our lawful basis for doing so but will never include sharing data for marketing purposes
HOW WE PROTECT PERSONAL DATA
We take the security of all the data we hold very seriously. We use a range of measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
Your information will not be transferred outside of the EEA or to an international organisation. We have in place safeguards including encrypted back-up, Intrusion Prevention Systems (IPS), Gateway antivirus, malware scanning and content filtering to ensure the security of your data. A copy of the safeguards can be obtained from the Board director responsible for IT.
STORAGE AND PROCESSING OF DATA
The information which you provide to us will be stored within the EU. Occasionally however, data may be transferred to countries outside of the EU via the use of services utilised by our IT providers. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.
Subject access requests
The General Data Protection Regulation (GDPR) grants you, the data subject, the right to access particular personal data that we hold about you. This is referred to as a “Subject Access Request”. We shall respond promptly and certainly within one month from the point of receiving the request and all necessary information from you.
- You may request access to the personal data concerned.
- You may request that any incorrect personal data that we are processing be rectified.
- In certain circumstances (normally where it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned.
- Where we are processing your personal data for marketing purposes or otherwise based on our legitimate interests, you may in certain circumstances have a right to object to that processing.
- Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent, after which we shall stop the processing concerned.
To exercise any of your rights (including withdrawing relevant consents or obtaining access to your personal data), you should contact us as set out below.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with the Information Commissioner.
Our contact details are:
The Privacy Officer
Lucre, 30 Park Square West, Leeds, LS1 2PF