Privacy

Verditer Consulting respects your privacy and will not sell or make available in any way your personal information except where specific permission has been given. The nature of the services provided by Verditer Consulting means that we may obtain certain information about you. This statement sets out the principles governing our use of your data. By using the services and the Verditer Consulting website generally, you agree to this use. Our general guidelines regarding the use of your data are as follows.

Verditer Consulting and your data

When you register to use certain areas of the site, we will ask you to provide certain data, such as your contact details and company information.

We will store this data and use it to contact you, provide you with details of services and otherwise for the normal use and improvement of the site, unless you have asked us not to do so.

We may also use the data you provide us in response to surveys and to aggregate user profiles.

Verditer Consulting will not pass data to any third parties except to enable you to receive information you have requested to be sent to you.

To enable us to monitor and improve the site, we may gather certain information about your use of the site. This includes details of your operating system, browser version, domain name and IP address, and the details of the website you came from.

Verditer Consulting & cookies

Verditer Consulting also uses cookies. Cookies are small files that are placed on your computer by your browser which allow us to remember you each time you visit.

Cookies contain no personal details about you and they can be disabled by changing your browser preferences.

Google Analytics is also used to track website trends without identifying individual visitors. The cookie used by Google Analytics stores information such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to Verditer Consulting.

Our site may link to other websites and we are not responsible for their data policies or procedures or their content.

We endeavour to take all reasonable steps to protect your personal data but cannot guarantee the security of any data you disclose online. You accept the inherent security implications of dealing online over the internet and will not hold us responsible for any breach of security unless we have been negligent or in wilful default.

Any details that you provide to us from which we can identify you are protected by the Data Protection Act.

How to opt out of marketing material

If you do not wish to receive any further email marketing material from us please click the “unsubscribe” link found in all marketing emails. Please allow a few days for the request to process.

Data processing policy

This Data Processing Policy (the “Policy”) explains how Verditer Consulting handles personal data on behalf of its clients (“Clients”).

The Policy forms part of any agreement in place between Verditer Consulting and clients. Where this Policy uses terms which are defined in the General Data Protection Regulation (Regulation (EU) 2016/679) (the “Regulation”), then the definitions set out in that Regulation shall apply.

In the event of conflict between this Policy and any agreement with a client, the terms of the agreement with the client shall have precedence.

Data processing

With respect to personal data processed by Verditer Consulting on client’s behalf (see Appendix 1), Verditer Consulting will comply with the following requirements:

Limitations on Use. Verditer Consulting will process personal data only to deliver the relevant service, as instructed in writing by clients from time to time or as otherwise required by law.

Confidentiality. Verditer Consulting will hold personal data in confidence and require personnel or sub processors who process personal data to protect all personal data in accordance with the requirements of this Policy or the agreement with the client if different.

Information Security. Verditer Consulting maintains a written information security policy that contains appropriate administrative, technical and physical safeguards to protect personal data against anticipated threats or hazards to its security, confidentiality or integrity.

Subject Access Rights. Clients will be responsible for managing subject access requests.  Verditer Consulting will not respond to directly to requests from the data subject and will refer these to you. 

Assistance. Verditer Consulting will:

i. Take into account the nature of the processing and in so far as is possible, implement technical and organisational measures to assist clients in fulfilling its obligation to respond to any requests from individuals exercising their rights under Chapter III of the Regulation;

ii. Take into account the nature of the processing and the information available to Verditer Consulting, assist clients in complying with their obligations to implement appropriate security measures in respect of matters where Verditer Consulting is engaged, to notify personal data breaches to supervisory authorities and to individuals

iii. Make available to clients all information which you reasonably request to assist you in demonstrating that the obligations set out in Article 28 of the Regulation relating to the appointment of processors have been met and allow for and contribute to audits conducted by you or another auditor nominated by you provided that in so doing no breach of confidentiality or data processing breaches occur.

Verditer Consulting may charge a reasonable fee for all such assistance described above, save where assistance was required directly as a result of Verditer Consulting’s own acts or omissions, in which case such assistance will be our expense. Clients shall provide Verditer Consulting with thirty (30) days advance notice of any audit request; may not engage in an audit which would compromise confidentiality obligations to any other clients and customers of Verditer Consulting and, if you wish to nominate another auditor to undertake the audit, shall ensure that the auditor enters into a confidentiality agreement with Verditer Consulting in such form as we shall reasonably require.

Security Incident. Verditer Consulting will, without undue delay, notify Clients whenever we reasonably believe that there has been a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data processed by Verditer Consulting in the context of this Policy. After providing notice, we will investigate the security incident, take necessary steps to eliminate or contain the impact and keep clients advised of the status of the security incident and all related matters.

Data Retention: data will only be kept for as long as is useful.  For client-related files this will be for a period of seven years. 

Return or Disposal. Clients may instruct Verditer Consulting to delete or return personal data at the end of the period during which Verditer Consulting will process such clients personal data. Save that Verditer Consulting may keep such that is necessary to provide information or a defence to actions within a reasonable period (unlikely to be less than six years) after termination of work for a client.

Inaccurate data: any inaccurate data, having regard to the purposes for which it was processed, will be erased or rectified without undue delay.

Subprocessing

Clients understand that Verditer Consulting may use sub processors to provide the services under the Agreement. We shall remain primarily responsible for the performance of our obligations under this Policy and shall ensure that our agreements with sub processors are at least as restrictive as this Policy.

Anonymised and pseudonymised data

Clients acknowledge that the services may include pseudonymisation and anonymisation for the purpose of aggregate reporting and (trends) research, and agrees that Verditer Consulting may use pseudonymised and anonymised data for our own business purposes, and we will comply with all applicable data protection laws in respect of such processing.

Data transfers

Verditer Consulting does not transfer personal data to sub processors outside the UK.  However Verditer Consulting may use proprietary software such as, but not exhaustively, ‘Mailchimp’, ‘Survey Monkey’ and ‘Eventbrite’ for the purposes of support and back-up. Verditer Consulting’s website is hosted in the UK.  Verditer Consulting will, as far as practicably possible, ensure that its website and other software used are GDPR compliant.

Appendix 1 – description of processing of personal data

1. Subject Matter, Nature and Purpose

All processing activities (including the collection, organisation and analysis of personal data) as are reasonably required to facilitate or support the provision of the services described under the Agreement.

2. Duration of processing of personal data

Verditer Consulting will process the personal data for as long as it provides services to clients and will hold the personal data in archive after that date to the extent necessary for legitimate business purposes.

3. Categories of individuals:

The data subjects may include individuals named in any policy, scheme or matter in respect of which Verditer Consulting is engaged to provide its services and/or individuals that are beneficiaries of, or are otherwise involved in, any such policy, scheme or matter. Most commonly the data subjects will include: past, existing or prospective employees, contractors or other workers of the client (“Workers“) or other individuals connected with them.

4. Types of personal data:

The services under the Agreement may involve the processing of the following types of personal data:

• names and contact information;
• demographic information (such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, employment details, family composition, and dependents);
• personal identification documentation and related information such as employee identification numbers and
• human resources data, such as job title and role; benefits and compensation information; dependent/beneficiary information; educational, academic and professional qualifications information; and performance management information.

5. Types of special categories of data referred to in Article 9 of the Regulation:

The personal data processed by Verditer Consulting may include the following special categories of personal data: personal characteristics and circumstances of sensitive nature such as racial or ethnic origin, sexual orientation.

How to contact us

If you wish to contact Verditer Consulting you can do so by phone on 0203 7611 670, by our contact form, or by post at this address:

Verditer Consulting, Suite 8, 35 Bancroft, Hitchin, SG5 1LA.