Dave Gibbons is a sole trader in a variety of business activities.
Dave Gibbons is registered with the Information Commissioner’s Office (ICO) as a data controller registration number: ZA759419
It is likely that I’ll need to make changes to this policy from time to time, but I’ll keep you informed, and you can always check the current document on my websites at www.kentcelebrant.co.uk/privacypolicy or www.roughdiamondracing.com/privacypolicy
My approach to privacy
I take very seriously my obligations and responsibilities in relation to safeguarding your confidential information and processing your personal data. I will not share your data with third parties for marketing purposes, and I will only share your data when necessary to provide a business service you have requested, or if legally obliged to do so.
In order to deliver my services, and to carry out other business functions, I rely on the following lawful conditions for processing personal data:
- Consent – the individual has given their consent to the processing of their personal data.
- Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party, or for Dave Gibbons to take pre-contractual steps at the request of the individual.
- Legal Obligation – processing of personal data is necessary for compliance with a legal obligation to which Dave Gibbons is subject.
- Legitimate Interests – processing is necessary under the legitimate interests of Dave Gibbons or an associated third party, unless these interests are overridden by the individual’s interests or fundamental rights.
- I will be clear and transparent with you about which lawful basis is used when processing your personal data.
How do I collect personal data?
The main ways I collect personal data direct from you are when you:
- Give me any business card at a networking event or exhibition.
- E-mail me directly, or via my website.
- Book a meeting with me
- Book to attend an event
- Enter prize draws or competitions
- Engage with me on social media
- Sign up to my newsletters or ask me to send you articles or other information
- Ask for details of my products or services, whether by phone, email, via social media or in person
- Use my website or online learning programmes.
I may also receive data from third parties such as analytics providers, advertising networks and search information providers such as Google, LinkedIn and Facebook, based outside the EU.
What sort of personal data do I collect?
I may collect the following personal data from you:
- Your name
- Your email address
- Your postal address
- Your phone number
- Your social media usernames
- Your business name
- Your financial / bank account details
- Photographs of you at events
- Video recordings of you at events
- Your marketing and communication preferences
- Any other information that you directly provide to me, whether by phone, email, social media, contact form, in person or otherwise, such as when entering a competition or completing a survey or feedback form
Any personal data you post on my website and data about how you use my website
How I may use your data
I may use your data to:
- Fulfil my contractual commitments to you, by processing orders, providing products and services, responding to enquiries related to the order and dealing with complaints
- Process financial transactions to enable you to purchase my products or services
- Keep records of orders placed and communications in relation to these
- Send you customer communications about enhancements to products or services you have bought
- Respond to any enquiries you make about my products or services
- Keep records of my communications with you
- Invite you to complete surveys, provide feedback or enter into competitions or prize draws
- Deliver relevant website content and advertisements to you, including personalizing your experience and monitoring your use of my website and online services.
- Send you marketing communications and deliver relevant advertisements to you, where I am allowed by law to do so, and to understand the effectiveness of my marketing communications and advertising.
- Administer, manage and protect my business and website
- Obtain professional advice
- Carry out credit checks
- Bring legal claims against you if you breach a contract or fail to make payment.
- Comply with any legal obligations I am subject to or as required by a government authority.
Why I use your data
You will always be told what I intend to do with any personal data I collect from you, however the main reasons are to:
- Support the delivery of contracted services and products, or
- Achieve my marketing and sales strategies.
More specifically, these may take the form of the following scenarios:
Delivery of contracted services:
When receiving a service I am contracted to deliver, the information you provide will only be used for the stated purposes and/or those you consent to. This may include product research and development, administrative and legal purposes, statistical analysis, or service maintenance and development. In this scenario, I would be relying on contractual necessity as the primary legal basis for processing personal data. The personal data you provide here will either be anonymized or deleted after two years.
I may need to provide your personal data to an associate or independent practitioner authorised to deliver services on behalf of Dave Gibbons.
In person contact at networking events, exhibitions and other functions or sporting events.
I may collect data from you in person when I meet you informally at events where I am networking generally, or where I may be exhibiting, working or competing.
Your data may be used for the following:
- For my own internal records
- To improve the products and services I provide
- To contact you in response to a specific enquiry
- To customize my website for user needs and preferences
- To send you promotional emails about products, services, offers and other things I think may be relevant to you
- To contact you via email, telephone or mail for market research reasons.
In these two scenarios, I would be relying on legitimate interests and where required, consent, as the primary legal bases for processing personal data. I will only keep data for as long as is necessary to meet these purposes. I will never share, sell or rent individual personal information to an external party without your advance permission, or unless ordered by a court of law. The personal data you provide to me is only available to relevant employees and contracted service providers. If required by law, I may disclose data to government and/or enforcement agencies.
If I intend to use your data for a new purpose outside of those detailed in the policy, this policy will be updated to keep you informed of the same; should consent be required from affected individuals, then it will be sought. I will never supply your data to third parties for marketing purposes.
Keeping personal data secure
My website and online services are password protected on my personal computers and devices. All physical documentation is kept under lock and key at either my workshop, office or home.
Please be aware however, that no internet or email transmission is every fully secure or error free. You should take special care in deciding what personal data you send to me via email and keep this in mind when disclosing any personal data to me via the internet.
Controlling your personal data
Any personal data I collect from you or I generate as a result of your interaction with my systems and services belongs to you. Under the data protection laws in the UK you therefore have the right to know if your data is being processed, why and for how long. This will include details of what categories of data we process, whether your data has been disclosed to third parties and their identities, and how to raise a complaint with the Information Commissioner’s Office (ICO).
In addition to your right of access to data we process, Dave Gibbons will uphold other rights afforded to you under the applicable data protection laws in the UK, namely:
- The right to request that errors in your personal data processed by (or on behalf of) Dave Gibbons is amended or corrected;
- The right to erasure of your personal data if those data are no longer needed for their original purpose, or where the processing is based on consent and you withdraw that consent (and no other lawful basis for the processing exists);
- The right to restrict processing where the relevant personal data either cannot be deleted (eg because the data are required for the purposes of exercising or defending legal claims) or where you do not wish to have the data deleted;
- The right to object to processing carried out for the purposes of direct marketing, where processing is likely to cause or is causing damage or distress, or where you may be evaluated or subject to decisions on the basis of automated processing;
- The right to request a copy of the personal data you have provided to me for yourself, or for it to be transferred to another organisation if the processing was based on consent, the provision of business services under a contract, or processing carried out by automated means.
If you believe that any information I am holding about you is incorrect or incomplete, or wish to exercise any of your rights in relation to your personal data please contact me. I aim to respond promptly to any requires. However, please note that depending on the complexity and scope of your request, it may take up to 30 days for me to provide you with an adequate response.
I have in place a procedure if a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service occurs. I will assess the scope and impact of the breach. Based on the assessment of the likely risks to individuals, we will notify the individuals and/or their connected organisations that a data breach has occurred where this may result in a significant risk to the rights and freedoms of individuals, or where I may be in breach of a contractual obligation. Any such notification to individuals will be carried out as soon as reasonably possible and will include information on the nature of the breach, the likely consequences of the breach, measures taken or proposed by Dave Gibbons to address it, and recommendations for affected individuals to mitigate any potential adverse effects. Such individuals will also be provided advice on how to make a complaint to the ICO.
If, due to the nature of the breach that I am required to inform the ICO, I will do so within 72 hours of becoming aware of the essential facts of the breach. Such notification must include at least:
- Your name and contact details
- The date and time of the breach (or an estimate)
- The date and time I detected it
- Basic information about the type of breach
- Basic information about the personal data concerned.
- You may also contact the ICO directly if you have a serious concern about how your data was handled via the following link: https://ico.org.uk/concerns/
Who has access to your personal data?
The data I collect about you is generally accessed only by Dave Gibbons for legitimate business purposes and providing services as part of a contract. However, if I work with partners or contractors, they may have limited access to your personal data, but only so much to do their job.
The following outlines who has access to your personal data, and under what circumstances:
Service partners who are contracted by Dave Gibbons to arrange and deliver the services you request, and therefore bound under terms within their contract relating to confidentiality and privacy that is to the same standard and level as Dave Gibbons.
How long I hold data
I will need to keep certain information about clients, suppliers and other individuals or organisations I interact with over the course of business to carry out certain business functions for up to 6 years, in order to monitor and improve the quality of my service, for my records, and to meet certain legal and compliance requirements.
In summary, client personal data will be held for as long as the individual or company is in receipt of services from Dave Gibbons, plus up to a maximum of six years. Where a client makes a specific request for their data to be deleted sooner and it does not conflict with any legal or compliance requirement to hold data for longer, I will honour the request.
Where data is held by third parties in support of the services I provide to you, the third parties are contractually bound to either delete data upon my request, delete data at the end of my supplier contract with them, or to anonymise data after two years of receipt.
Links from my website
My website may contain links to other websites. However, once you have used these links to leave my site, you should note that I do not have any control over the other websites and am not responsible for the privacy practices of such other websites.
If you submit personal data and other information to a website to which I am linked, I am not responsible for its protection and privacy. Always exercise caution when submitting data to websites. Read the sites’ data protection and privacy policies fully.
If we make substantive changes to the policy, I will announce it on my website to ensure that you are aware of the information we collect and how I use it at all times.
If you have any questions regarding this policy, or would like to request this policy is provided in another language, please get in touch by using the details below:
Dave Gibbons. Chequers Farm, Denne Manor Lane, Shottenden, Canterbury. CT4 8JJ. UK