DSW Business Planning (‘we’ or ‘us’) takes your privacy very seriously and we will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with communications and information which we believe may be of interest to you, you are free to withdraw this consent at any time.
You are encouraged to read this notice carefully and contact us with any questions or concerns about our privacy practices.
Who we are?
DSW Business Planning registered office is at 7400 Daresbury Park, Daresbury, Warrington WA4 4BS and we are a company registered in England and Wales under company number OC353231. We are registered on the Information Commissioner’s Office Register; registration number ZB501290, and act as the data controller when processing your data.
Our designated Data Protection Contact is Ellen Little, who can be contacted at email@example.com or at our Head Office, Office Suite 4, The Mailbox, Exchange Street, Stockport, SK3 0GA.
What information do we collect?
We may obtain the following categories of personal information about individuals through direct interactions with us, or from information provided through business engagements, from applicants, our suppliers and through other situations including those described in this Privacy Notice.
Personal information. We commonly collect such information in order to conduct our business activities.
Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address).
Professional details (e.g., job and career history, educational background and professional memberships, published articles).
Family and beneficiary details for insurance and pension planning services (e.g., names and dates of birth).
Financial information (e.g., taxes, payroll, investment interests, pensions, assets, bank details, insolvency records).
Sensitive personal information. We typically do not collect sensitive or special categories of personal data about individuals other than our own employees. In some circumstances it is necessary for us to process sensitive personal data of our employees and other third parties. Other than where such personal data is made public by the individual themselves, such processing would only be undertaken as necessary for us to exercise our rights and obligations as an employer (including for occupational health purposes), protect the vital interests of individuals, establish or defend legal claims or with the explicit consent of the individual(s) concerned. Examples of sensitive personal data we may obtain, or otherwise hold, include:
Personal identification documents that may reveal race, religion or ethnic origin, possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.
Expense receipts submitted for individual tax or accounting advice that reveal affiliations with trade unions or political opinions.
Health data where the processing is necessary to monitor entry into workplace and provide a safe environment for our staff, customers and suppliers.
How do we use personal information?
We aspire to be transparent when we collect and use personal information and tell you why we need it, which typically includes:
- Promoting our professional services, products and capabilities to existing and prospective business clients.
- Sending invitations and providing access to guests attending our events.
- Administering, maintaining and ensuring the security of our information systems, applications and websites.
- Authenticating registered users to certain areas of our sites.
- Seeking qualified candidates, and forwarding candidate career inquiries to our team, which may be governed by different privacy terms and policies.
- Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
- Travel arrangement assistance.
- Compiling health and safety data (directly or indirectly) following an incident or accident. Indirect data can take many forms including an incident report, first aider report or witness statements.
- Collecting health data to assess, monitor and control spread of infectious diseases and to provide a safe environment for our employees, clients and suppliers.
What legal basis do we have for processing your personal data?
Under the Data Protection Act 2018, the lawful bases we rely on for processing this information are:
- Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org or at our Head Office, Office Suite 4, The Mailbox, Exchange Street, Stockport, SK3 0GA.
- We have a legitimate interest. For instance, we may use the personal information that you provide to us through our online enquiry form to respond to your enquiry or send you information or communications that we may believe to be of interest to you.
- We have a legal obligation.
- We have a contractual obligation.
When do we share personal data?
We will not pass any of your information on to any third party without your prior consent or are required by law to do so.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
We may occasionally share personal information with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:
- Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services).
- Our professional advisers include lawyers, auditors and insurers.
- A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of our business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
- Payment services providers.
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
- Health government bodies and external service providers (health, facilities, estate management) to assess, monitor and control the spread of infectious diseases.
- Recruitment services providers.
How do we secure personal data?
We are committed to ensuring that your information is secure. In order to prevent unauthorised
access or disclosure, we have put in place suitable physical, electronic and managerial procedures to
safeguard and secure the information we collect online.
We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those needing access. Those individuals with access to the data must maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques to protect personal data further.
We store personal information on servers located in the United Kingdom.
How long do we keep your personal data for?
We only ever retain personal information for as long as is necessary, and we have strict review and retention policies in place to meet these obligations. Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly.
Most web browsers allow some control to restrict or block cookies through the browser settings. However, if you disable cookies, you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit www.aboutcookies.org.
Your rights in relation to personal data
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com or at our Head Office, Office Suite 4, The Mailbox, Exchange Street, Stockport, SK3 0GA.
You can also complain to the Information Commissioner’s Office (‘ICO’) if you are unhappy with how we have used your data.
The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
This notice was last updated February 2024.