OM Data Consulting Privacy Statement
OM Data Consulting is committed to protecting and respecting your privacy. This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this policy from time to time and we will notify you of any significant changes, but please feel free to check this page whenever you wish.
Any reference to “OM Data Consulting”, “we”, “us”, “our”, or the “Company” is a reference to OM Data.
Our website may contain links to other websites, applications and services maintained by third parties. The information practices of such other services are governed by the third-party privacy policies, which we encourage you to review to better understand those third parties’ privacy practices.
When do we collect your personal data?
- When you visit our website
- When you purchase a product or service online or by telephone
- When you engage with us on social media
- When you contact us by any means with enquiries, demo requests, assessment forms etc., be this online or in person
- When you join an event or webinar which we are hosting or contributing to
What type of personal data do we collect?
The personal information we collect might include your name, address, email address, phone number, IP address, and information regarding what pages are accessed and when. If you purchase a service or product from us, your card and other payment information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
The legal bases of data processing we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
- Contractual Obligations: in some circumstances we need your personal data to comply with our contractual obligations. For example, if you engage to provide an onsite service, we’ll collect your address details.
- Legitimate Interests: in specific situations we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights. For example, we may combine the purchase history of many customers to develop new services/products.
- Consent: we can collect and process your data with your consent, making it clear which data is necessary in connection with a particular service. For example, when you tick a box to receive email newsletters.
- Legal Compliance: we will need to collect your data if the law requires us to
How and why do we use your personal data?
We may use your information to:
- Process payments and prevent fraudulent transactions, we’ll do this on the basis of our legitimate interests
- Comply with our contractual or legal obligations to share data with law enforcement
- Develop, test and improve the services and products we provide to you, we’ll do this on the basis of legitimate interests
- Send you marketing communications, we’ll do this on the basis of legitimate business interests. You can opt out of our marketing communications at any time.
- Keep you informed of relevant products and services by email or web with your consent
How we protect your data
We take all the appropriate technical and organisational measures to protect your data. We secure access to all transactional areas of our website using https technology; access to your personal data is password-protected, and sensitive data such as payment card information is secured and tokenised to ensure it is protected. We regularly monitor our systems for vulnerabilities and attacks and use appropriate cybersecurity measures.
How long will we keep your personal data?
Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. When it is no longer needed for this purpose, your data will either be deleted completely or anonymised.
Who do we share your personal data with?
We sometimes share your data with trusted third parties, for example IT companies who support our website. When that happens, we provide only the information they need to perform their specific services and we work closely with them to ensure your privacy is respected and protected at all times. If we stop using them, any of your data held by them will either be deleted or rendered anonymous.
Before we share any data with trusted third parties who may provide services for you on our behalf, we will inform you.
Our partners and the tools we use include:
1&1, DocuSign, Dropbox, Google, Youtube, Microsoft, Zoho, WordPress and Zoom.us.
All partners either host personal data within the EEA / adequacy countries, or are protected by the US Privacy Shield Framework.
Where your personal data may be processed
Our website is hosted on servers within the European Economic Area (EEA), as are most of the services we provide. Sometimes we need to share your personal data with third parties and suppliers outside the EEA, in countries such as the USA. If we do this, our contracts stipulate that your data receives the same protection as if it were being processed inside the EEA. If we use tools or third party applications that are hosted outside of the EEA, we ensure they provide sufficient guarantees on the safeguarding of your personal data, before we engage with them.
Your personal data rights
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You can contact us to request to exercise these rights at any time – see contact details of the bottom of this policy.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Contacting the Regulator
If you feel that your data has not been handled correctly, or that you are unhappy with our response to any requests you have made regarding your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact the ICO on 0303 123 1113 or go online at www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
Comments, Questions and Contact Details
If you have any comments or questions please contact our data steward Amit Khanna who will be pleased to help you. Email firstname.lastname@example.org or write to:
The Data Steward
7 Bell Yard, London, WC2A 2JR. U.K