This data protection notice explains what personal data we hold about you, how we collect it, and how we use it. We are required to notify you of this information under the General Data Protection Regulation that entered into force on 24th May 2016 and should be applied by United Kingdom and EU member states since 25th May 2018.
Please ensure you read this policy (or “privacy notice”) and any other similar notice we may provide to you from time to time when we collect or hold personal data about you. This privacy notice contains important information on who we are, how and why we collect, store, use and share personal information, and your rights in relation to your personal data and on how to contact us and/or supervisory authorities in the event you have a complaint.
Personal data, also known as personally identifiable information (“PII”), is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymising anonymous data can be considered PII.
Where you provide personal data about another person, this privacy notice will also apply to that data so please show it to that person. This privacy notice applies to any personal data which you may provide to us in person, over the telephone, by email, on our website and/or by post. This privacy notice also applies to any personal data which we may collect from third parties about you and/or which we may collect when you access our website and/or in the course of our business relationship.
You can choose not to give any personal data. We may need to collect personal data by law, or under the terms of a contract and/or relationship that we have with you. If you choose not to give us the personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services and it may lead to a cancellation of a service you have with us.
Wherever we refer to “processing” of personal data in this privacy notice, this includes any combination of the following activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This privacy notice only applies to personal data collected by or on behalf of Design Ensemble Ltd. or its affiliated companies. design-ensemble.co.uk may from time to time contain links to and from other websites. If you follow links to external websites with associated privacy policies, separate from ours, we do not accept any responsibility or liability for these policies. Please check their policies before you submit any personal data to these websites.
Who we are?
Design Ensemble Ltd (known as Design Ensemble) collects, uses and is responsible for certain personal data about you. When we do so we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union and the United Kingdom and we are responsible as a ‘controller’ of that PII for the purposes of those laws.
References to, “we” or “us” in this privacy notice mean ‘Design Ensemble’.
Protecting your data
- To keep your personal data safe and only process it for legitimate business reasons or on a valid legal basis
- To keep our records up to date and delete or correct inaccurate personal data
- Not to keep your personal data after the purpose has ended
- Not to sell your personal data
Personal data we collect
We may collect personal data from you in the following ways:
- Enquiries or contact requests you make via our website
- When you contact us in person, over the telephone, by email or post
- Customer questionnaires or surveys you take part in
- Via social media communication
- When you use our services
The type of information we may ask you to provide includes (but is not limited to) the following:
Your name, company name, office address, contact details (mobile and/or landline phone numbers), work e-mail address and any other relevant information to enable us to perform our service contract with you.
We will inform you at the point of collecting information from you, whether you are required to provide any of this information to us.
Data collected from other sources
We also obtain personal information from other sources if legally or contractually required, such as:
Name, company name, office address, telephone numbers, emails, financial details and any other relevant information.
How your personal data is used
We typically collect and use this information for the following reasons:
- For the performance of a contract you have with Design Ensemble
- To respond to your enquiry
- To send you information about our services
- To keep our records up to date
- To develop and carry out marketing activities
- To comply with laws and regulations that apply to us
- To detect, investigate, report, and seek to prevent financial crime and fraud
- To monitor customer satisfaction
- To run our business in an efficient and legitimate way. This includes managing our financial position, business capability, planning, communications, corporate governance, regulatory compliance and audit.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.
You can withhold or withdraw your consent at any time by contacting us.
Sharing your personal data
We may share your personal data with partner organisations appointed by Design Ensemble for the purpose of delivering marketing services or for providing technical or specialist services which are outside the capability of Design Ensemble. This includes (but is not limited to) marketing agencies, design companies, PR agencies, website development agencies, SEO specialists, hosting companies, research companies, consultants, production companies, photographers etc.
The information we might share includes the following categories of personal data:
name, email address, company name, office address, telephone numbers.
Personal data may also be shared with the following categories of recipients, who are suppliers of services to Design Ensemble:
HMRC, accountants, service providers, subcontractors, outsourced IT companies, consultants etc.
This data sharing enables us to perform our business and contractual obligations.
Some of those third-party recipients may be based outside the EEA — for further information including on how we safeguard your personal data when this occurs, see “Transfer of your information out of the EEA”.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Where your personal data is kept
Information may be held at our premises, on company equipment and by third-party service providers, as described above.
We have security measures in place to seek to ensure that there is an appropriate level of security for information we hold.
How long personal data is held
For staff we will hold name, date of birth, office address, home address, telephone numbers, emails, bank details, National Insurance number, employment details, emergency contact details and any other relevant information for at least 6 years or as required by law.
Why we collect and use your personal data
We rely on the legitimate interest for processing set out in GDPR Article 6.1 (b) “processing is necessary for the performance of a contract to which the data subject is party” as the lawful basis on which we collect and use your personal data. These reasons are:
- To fulfil a contract, we have with you or to take steps at your request prior to entering into a contract with you, or
- When it is our legal duty, or
- When there is a legitimate business interest or the legitimate interest of a third party except where such interests are overridden by your interests or your fundamental rights and freedoms, or
- When you consent to it.
A legitimate business interest is when we have a business or commercial reason to process your personal data, but this must not unfairly go against your rights and freedoms.
Transfer of your data out of the EEA
Design Ensemble is a cloud-enabled business, meaning that during the normal course of interacting with Design Ensemble, your personal data may be stored outside of the EU. We only use cloud services that have met the necessary standards to protect and store your data. Some countries do not have the same data protection laws as the United Kingdom and EEA.
Under the General Data Protection Regulation, you have a number of important rights free of charge, including the right to:
- Be informed about the collection and the use of their personal data
- Access personal data and supplementary information
- Have inaccurate personal data rectified, or completed if it is incomplete
- Erasure (to be forgotten) in certain circumstances
- Restrict processing in certain circumstances
- Data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
- Object to processing in certain circumstances
- Withdraw consent at any time (where relevant)
- Complain to the Information Commissioner
In addition, you have free rights in relation to automated decision making and profiling.
Under certain circumstances we may wish to process personal data and if GDPR allows us to do so we will inform you of our legal grounds unless the processing is ratified by GDPR Article 6(1) (b) or Recital 171.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please contact us at firstname.lastname@example.org
Please let us:
- have enough information to identify you, your full name, address and property address,
- have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- know the information to which your request relates, including any account or reference numbers, if you have them
Keeping your personal data secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality, including non-disclosure agreement, data processing agreement or data use agreement where applicable.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will retain your personal data for no longer than the period needed for the purposes that we collected the data and for as long as we have legal grounds to retain it. There is no fixed period after which all record of your personal data will be deleted as this will depend on the circumstances and the purposes of the initial data collection, but we will take steps and maintain policies to keep retention under proper review. We will not seek your consent before deleting any personal data.
We hope that we can resolve any query or concern you raise about our use of your information. If you are not satisfied with how we have processed your personal data, you can contact us by emailing us at the email address given above.
The General Data Protection Regulation also gives you right to lodge a complaint with Data Protection Authorities, in particular in the European Union (or European Economic Area) state where you work, live or where any alleged infringement of data protection laws occurred. Please refer to European Data Protection Board website for details of your local Data Protection Authority at https://edpb.europa.eu/about-edpb/board/members_en
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
Privacy notice changes
This privacy notice was updated on 1st January 2021.
Any changes we may make to this privacy notice in the future will be posted on the website and, where appropriate, you will receive a notification email.
For GDPR queries please contact us as follows:
James King at Design Ensemble.