PEARSON WEBB CONSULTING LTD – PRIVACY POLICY                                              (Version 1 – 04/2023)

INTRODUCTION

1.1      This Privacy Policy (‘Policy’) reflects how we, Pearson Webb Consulting Ltd (‘Pearson Webb’ or ‘We’, ‘Us’, ‘Our’) manage the data we collect and process, including how we obtain it, how we use it, and how we keep it secure on behalf of data subjects.

1.2     Data subjects would typically be ‘Clients’ or ‘Prospective Clients’, and their representatives or customers (referred to herein as ‘You’, ‘Your’).

1.3    We may make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the Version Ref. and Date of this Privacy Policy, as displayed at the top of this page. Any changes or modifications will be effective immediately, and you are therefore encouraged to review this policy regularly to stay informed of updates.

1.4    Should you have any queries, please speak to your designated Pearson Webb consultant, or call or write using the following contact details:

Pearson Webb Consulting Ltd – company registered in England & Wales, no.: 14640378
Registered address: Basepoint Business Centre, Isidore Road, Bromsgrove B60 3ET

info@pearsonwebb.co.uk

07966 198356

 Michelle Pearson, Director

07739 350638

Adam Webb, Director

THE TYPE OF PERSONAL INFORMATION WE COLLECT

2.1        Personal identifiers, contacts and characteristics:

2.1.1     Basic information, such as name and title or salutation, company worked for, and job title or position,

2.1.2     Contact information, such as your postal or email addresses, and phone number(s); and

2.1.3     Any other information relating to you which you provide to us.

2.2        Website Users’ Information:

2.2.1     Cookies are small data files stored on your hard drive containing information about you.  A cookie does not give us access to your computer in any way and data is collected in anonymous form.

2.2.2     For more information on how Pearson Webb use cookies, please review a copy of our Cookie Policy, available at: https://pearsonwebb.co.uk/cookie-policy

2.3        Third Party Websites:

2.3.1     Our website may include links to third party websites, the owners of which will have their own privacy policy and procedures for the protection of your data.

2.3.2     Pearson Webb do not accept any responsibility for the content of third-party websites or their data protection policies and processes – please ensure that you check these before submitting any data to third party websites.

2.4        Client employee and customer data, provided by you:

2.4.1     Any documentation provided in the course of clients raising queries with us, e.g. in relation to an accident or RIDDOR report form, risk assessments or policies, provided in the course of seeking advice on a particular issue, or as part of an audit or fire risk assessment process.

(You will ensure that you have the necessary and appropriate consents in place to enable the lawful transfer of such personal data to Us for the duration and purposes of our contract).

2.4.2     Photos and notes taken whilst on site for audits, for example, though these will never feature personal data and we will not take photos with people in view wherever possible.

2.4.3     Efforts will always be made to avoid personal information being transferred to us, and where documentary evidence is required for the purposes of our legitimate interests, we will seek for the client to anonymise such documents prior to transferring them to us, where reasonable.

HOW WE OBTAIN PERSONAL INFORMATION AND HOW WE USE IT

3.1        Most of the time we will obtain personal information directly from you, via the following methods:

3.1.1     You give the information to us when contacting us (e.g., hard copy documentation via post, email, telephone, or social media channels such as LinkedIn).

3.1.2     Your use of our website, when filling in enquiry forms or subscribing to our newsletter.

3.1.3     Your use of our website via cookies, including information such as device, browser, operating system details, domains and IP addresses, internet service providers.

3.2        We also receive personal information indirectly, from the following sources in the following scenarios:

3.2.1     Information that is already in the public domain, such as your company or other public websites, or social media profiles.

3.2.2     Referrals from common contacts we hold, such as colleagues or counterparts in other organisations.

3.3        We use the information that you have given us, or we have obtained in order to:

3.3.1     Interact with you in the course of providing advisory and consultancy services to you and performing those contractual services.

3.3.2     Provide legal updates, bulletins, newsletters etc. as a form of general advice/guidance.

3.3.3     Assist you to ensure that your organisation is complying with its legal obligations.

3.3.4     Respond to enquiries or forms completed through our website.

3.3.5     Engage in marketing and business development activity in relation to our advisory and consultancy services.

3.3.6     Facilitate our legitimate business interests, such as undertaking research and analysis of our clients, the operation of our websites and business.

3.4        We will never sell or rent your personal information to third-parties.  We only share your information with third parties, to the extent necessary to run our business, provide services to you, or to comply with the law, including:

3.4.1     Third party suppliers or contractors, in connection with processing your personal information for the purposes described in this Policy, including website hosting, IT and communications service providers.

3.4.2     Third parties relevant to the delivery of services that we provide.

3.4.3     To the extent required by law, or in order to comply with a legal obligation.

LAWFUL BASES FOR PROCESSING INFORMATION

3.5        Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

3.5.1     Legitimate interest – we may use your personal information for our legitimate interests, some examples of which are given above, in section (3.3).

3.5.2     Contractual obligation – we may need to use your personal information to enter into, or perform our obligations under, a contract with you or your organisation.

3.5.3     Legal obligation – we may use your personal information as necessary to comply with applicable law/regulation or in assisting clients in their compliance with legal obligations.

HOW WE STORE YOUR PERSONAL INFORMATION

4.1        Your information is always stored securely and will be handled with appropriate security measures at all times.

4.1.1     All computer hardware used by us is encrypted and subject to continuous performance and security monitoring. Any analytical data collected by these systems is stored in the UK/EU and complies with UK GDPR regulations.

4.1.2     Advanced security software is installed on all Pearson Webb computers and further protection is provided by Multi-Factor Authentication (MFA).

4.1.3     We may store data on third party cloud-based software systems, including countries outside of the UK/EU/EEA (such as the USA and New Zealand), but in all cases this data is held securely and access to these systems is controlled via MFA.

4.1.4     All such third-party software systems are also compliant with UK GDPR, and data is only held, accessed, or processed by Pearson Webb, for the express purposes and duration set out in this policy.

4.2        How long we hold your personal information will depend on the purpose for which we are processing it.  We will keep information for as long as is necessary for the relevant purpose, and for any legal obligations we have – the law may set a minimum period for which we need to hold your personal information.

4.2.1     In the event of personal information being transferred to us, which is secondary or transitory in order for us to respond to a query raised by our client (e.g., name, date of birth, address details included in an accident or RIDDOR report form), we will delete or destroy it after responding to the enquiry.

This may be for a period as short as a few minutes or hours.

4.2.2     This processing may include the personal information of customers of our clients.  This could also include the personal information of minors – in these cases, we will seek for files or evidence provided to be anonymised prior to transfer.

No permanent record will be made of personal information where it is not necessary – where part of an on-site audit, we will review the content of such documentation without making a record of personal information (e.g., when reviewing an individual risk assessment as part of a wider health and safety audit or fire risk assessment).

4.2.3     Where information has not yet been transferred to us, we will seek for the client to anonymise any such documentation before transfer, whilst reminding them of their own data protection obligations.

4.2.4     More usually, personal information will be held for the duration of the contract and a reasonable period thereafter (usually three years, but possibly longer on occasion), in case of claims, complaints or legal proceedings for which our files may be required as evidence.

4.3        Information being disposed of will be permanently deleted from our files, if held in an electronic format, or shredded and disposed of securely if hard copy documents are provided.

YOUR DATA PROTECTION RGHTS

5.1        Under data protection law, you have a number of legal rights in relation to the personal information we may hold about you, including:

Your right of access:                                You have the right to ask us for copies of your personal information.

Your right to rectification:                         You have the right to ask us to rectify or complete any personal information we hold that you think is inaccurate or incomplete.

Your right to erasure:                               You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing:       You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing:             You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability:                    You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

5.2        Please contact us if you wish to make a request – our contact details are supplied at section (1.4) of this policy.  If you make a request, we have one month to respond to you.

CONCERNS OR COMPLAINTS

6.1        If you have any concerns about our use of your personal information, or wish to make a complaint, you can contact us at the postal or email address set out at section (1.4) of this policy.  All complaints will be acknowledged within three working days.

6.2        Pearson Webb Consulting Ltd are registered with the Information Commissioners Office (ICO).

6.3        Should you wish to, you are also able to raise complaints directly with the ICO, if you are unhappy with how we have used your data. The ICO’s address is:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk