X

Introduction

At Perspective Economics, we take our obligations to privacy and data protection of the utmost importance. This document sets out our formal privacy statement and applies to all of our consulting and advisory services. It sets out the information we may collect from you, how it is used, and your rights accordingly. This privacy policy is dated January 2019.

Please read the document carefully, and should you have any questions, please contact Jonathan Hobson (Director), jh@perspectiveeconomics.com

Who we are?

Perspective Economics is an economic and policy consultancy firm based in Belfast. We conduct research using data that typically will either be:

  • provided by you in an agreed format (with consent in place and a Lawful Basis for doing so - in line with the General Data Protection Regulation). Where this is the case, we will tell you why we require information, and how we will use it.
  • received through aggregate non-attributable public or commercial datasets, or through existing public datasets e.g. Companies House

This Privacy Statement applies to all personal data provided to us whether by you or any other party.

What information do we collect?

As stated, the vast majority of the personally identifiable information that we hold about you (or those you provide data on behalf of) is provided by yourself when utilising our services.

In addition, we may also collect information about you as a result of your relationship with one or more of our clients, employees or other service providers as well as where you have completed forms on various sections of our website or where you have requested information from us or subscribed for our services.

Personally identifiable information may include your name, address, telephone number and email address, family details including your ethnic origin, financial information and details of your education and employment history.

We may also automatically collect certain non-personally identifiable information when you use our services e.g. collection of information through use of cookies (where agreed).

By using any of our services, and by providing us with personal information you are indicating that you consent to the use of your personal information as set out in this policy.

How do we use personal information?

We may use your information to:

  • Deliver research and economic advisory services, including understanding needs and requirements for service provision
  • Verify identity (where required for initiating business engagement, in line with legal responsibilities – e.g. prevention of fraud);
  • Processing and payment of transactions;
  • Enabling personalisation of content, business information or user experience (e.g. responding to emails, enquiries etc)
  • Account set up and administration
  • Delivering marketing and events communication
  • legal obligations (eg prevention of fraud)
  • review employment applications and maintain employment records

What legal basis do we have for processing your personal data?

The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The lawful bases identified in the GDPR, to which we adhere, are:

  • Consent of the data subject;
  • Performance of a contract with the data subject or to take steps to enter into a contract;
  • Compliance with a legal obligation;
  • To protect the vital interests of a data subject or another person;
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
  • The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Examples of legitimate interests include:

  • Where the data subject is a client or in the service of the controller;
  • Transmission within a group of undertakings for internal administrative purposes;
  • Processing necessary to ensure network and information security, including preventing unauthorised access;
  • Processing for direct marketing purposes, or to prevent fraud; and
  • Reporting possible criminal acts or threats to public security.

We take the security of all of the data we hold very seriously and have policies, procedures and training in place to cover data protection, confidentiality and security.

When do we share personal data?

We take your data seriously, and we will only share data with others when we are legally permitted to do so. Further, when sharing data we put mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Where consent is provided, we may share your data with:

  • Third party organisations that provide data processing and IT services to us;
  • Third party organisations that otherwise assist us in delivering services or information;
  • Auditors and other professional advisors;
  • Our legal advisors in the event of a dispute or other legal matter;
  • Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
  • In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, refinancing, or acquisition of some or all of our business by another company;
  • Any other party where we ask you and you consent to the sharing.

Where do we store and process personal data?

At present, we store and process all data within the European Economic Area. Our current data storage provider holds all data within UK-based servers.

How do we secure personal data?

We take data security seriously, and follow National Cyber Security Centre/Cyber Essentials guidance for SMEs. This includes measures:

  • to protect data against accidental loss
  • to prevent unauthorised access, use, destruction or disclosure of data
  • to ensure business continuity and disaster recovery
  • to restrict access to personal information
  • to conduct privacy impact assessments in accordance with the law and your business policies
  • to train staff and contractors on data security
  • to manage third party risks, through use of contracts and security reviews

Our IT platform ensures regular updates for all held software, as well as securing all devices (laptops and mobile) with up-to-date anti-virus and anti-malware software. We also have embedded server email security and anti-spam to best prevent unintended access (or sharing) to malicious emails. Further, we restrict access to all servers and storage internally using administrative access, secure passwords, and server encryption where possible.

How long do we keep your personal data for?

Perspective Economics and the data we collect are subject to regulatory and legislative requirements. We endeavour not to keep your personal information for longer than required for us to fulfil our obligations. Where data is no longer required, we delete with data security in mind (full-clean and audit of relevant electronic data), and/or shredding via a professional contractor.

Your rights in relation to personal data

The General Data Protection Regulation provides individuals specific rights around your personal data. Perspective Economics as a data controller is responsible for providing further information on those rights and how individuals can exercise them, as outlined below.

Access to your information

You have the right to request a copy of the personal information about you that we hold.

Correcting your information

We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards. We may also contact you to confirm the data we hold is accurate, complete and up to date.

Deletion of your information

You have the right to ask us to delete personal information about you where:

  • You consider that we no longer require the information for the purposes for which it was obtained.
  • We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.
  • You have validly objected to our use of your personal information – see Objecting to how we may use your information below.
  • Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information

You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information

In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent using your information

Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.

Changes to our privacy statement

We review our privacy statement and policies regularly and will place any updates on our website and in relevant communications.

Who to contact

We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is River House, 48-60 High Street, Belfast, BT1 2BE and our registration number is ZA445130.

Complaints

We work hard to ensure that your personal information is treated safely and securely. Whilst we hope that you won’t ever need to, if you have a complaint about our use of your personal data, please provide details of your complaint to us at the address above. We will investigate and reply to all complaints received. In addition, you also have the right to complain to the Information Commissioner’s Office (ICO). For further information please refer to the ICO website.