GDPR Privacy Notice – HEAD FIRST

GDPR PRIVACY NOTICE

PRIVACY NOTICE

(Version: 1.0. Issue date: 25/10/18)

GENERAL DATA PROTECTION REGULATION COMMITMENT

After four years of preparation and debate The EU General Data Protection Regulation (EU) 2016/679 (‘GDPR’) has been approved by the EU Parliament, and came into force on the 25th of May 2018, which marks a significant change in the EU data protection regime. The GDPR has now repealed and replaced the Data Protection Directive of 1995, which will strengthen the rights that EU individuals have over their data, and thus creating a uniform data protection law across Europe.

As a Data Controller, Head First will comply with applicable GDPR regulations where we shall keep the regulation at the forefront of our activities and ensure we continually respect the law whenever we use your data.

1.0 Introduction

We are Head First (registered in England and Wales under company registration number 11143872 and are the controller and responsible for your personal data (collectively referred to as “Head First”, “Company”, “we”, “us” or “our” in this privacy policy).

Head First offers a range of Coaching and Consulting services to educators, business and individuals. A range of online and face to face coaching programmes are available to support leadership development, team building and individual growth. As well as this bespoke consultation packages are available.

At Head First we understand that you are aware of and care about your own personal privacy interests, and as such we take that seriously. This Privacy Notice describes our policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

2.0 Data Protection Officer

Our Data Protection Officer (DPO) is the main contact for anyone who wants to discuss matters covered under this policy or the law, including any person whose personal data we have come into contact with and used or stored, whether for our own purposes or on behalf of another company.

You can send the DPO an email using the email address [email protected]

3.0 Use of the website

As is true of most other websites, our company website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of the website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs.

We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. The website also uses cookies and web beacons. It does not track users when they cross to third party websites, does not provide targeted advertising to them, and therefore does not respond to Do Not Track (DNT) signals.

4.0 How we collect and use (process) your personal information

For us to provide you with a service we need to collect personal data for correspondence purposes and/or detailed service provision. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy. In terms of being contacted for marketing purposes, we may contact you for additional consent.

We will only process personal data where we have a lawful basis on which to do so. The lawful basis on which data is processed will depend on the nature of the information collected and the purposes for which it is used by us but will be one or more of following:

Consent: you have provided your consent for us to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract you have with us or because you have asked us to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for us to comply with our legal obligations.
Vital interests: the processing is necessary to protect someone’s life.
Public task: if we process personal data in the exercise of official authority; or to perform a specific task in the public interest that is set out in law.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party.

5.0 Personal information you give to us:

Head First will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.

We collect and process the following Personal Data:

Individual details ► name, address, company name, email, and telephone details

Marketing data ► We will get your express opt-in consent before we share your personal data with any other company for marketing purpose.

We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this Privacy Notice or as permitted by law. If we require Personal Data for a purpose inconsistent with the purposes we identified in this Privacy Notice, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on our behalf) to process Personal Data for the new purposes.

We collect personal data from our customers where necessary to provide our services or where an individual has otherwise consented to its collection. We may use the personal data collected for the purposes of:

Providing our products and services to you or the organisation you represent.
Operating back office, internal record keeping, and administration services connected with the provision of our products and services.
For billing, invoicing, and payment purposes.

6.0 Why we use personal information

We will use personal information for the following purposes:

Business Contacts: We process the personal information of our business contacts as necessary for the legitimate interests of managing the day-to-day operation of our business, including correspondence, engaging suppliers, and promoting our services to business contacts.

Clients: We process the personal information of individuals that work for our incorporated clients in the course of providing leadership and life coaching services.

7.0 Personal information shared with third Parties

We may pass your personal data on to third-party service providers contracted to Head First in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures. If we wish to pass any form of sensitive personal data onto a third party, we will only do so once we have obtained your consent unless we are legally required to do otherwise.

We do not collect or compile personal data for release or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.

8.0 Contacting you

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

9.0 What happens if you don’t give us your data

If we are not provided with access to personal information for the purposes outlined in this privacy notice we may not be able to offer or provide certain services, or we may not be able to complete consultant or job applications.

10.0 When and how we share information with others

The personal information we collects from you is stored in one or more databases hosted by a third party as detailed in Clause 4.0. This third party does not use or have access to your personal information for any purpose other than cloud storage and retrieval.

We do not otherwise reveal your personal data to third parties for their independent use unless:

you request or authorize it;
the information is provided to comply with the law;
to address emergencies or acts of God; or
to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
to the extent necessary for fulfilling the purposes outlined in paragraph 5 and 6, including where necessary for the provision of services;
where we are under a legal or contractual obligation to do so; or
where is it fair and reasonable for us to do so in the circumstances

Head First may use social media interfaces such as Facebook, LinkedIn and Twitter. If you choose to “like” or share information from these websites through these services, you should review the privacy policy of that service.

11.0 Data Subject Rights

The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them is available on the website of the United Kingdom’s Information Commissioner’s Office.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

Right of access – you have the right to request a copy of the information that we hold about you.

Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

Right of portability – you have the right to have the data we hold about you transferred to another organisation.

Right to object – you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why.

12.0 Security of Your Information

To help protect the privacy of data and personally identifiable information you transmit through use of this Site, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis.

We restrict access to your personal data to those employees or third-party service providers who need to know that information to provide benefits or services to you.

We take, when appropriate, all reasonable measures based on Privacy by design and Privacy by default principles to implement the necessary safeguards and protect the Processing of Personal data. We also carry out, depending on the level of risk raised by the processing, a Privacy impact assessment (“PIA”) to adopt appropriate safeguards and ensure the protection of the personal data. We also provide additional security safeguards for data considered to be Sensitive Personal data.

13.0 Special Category of Information & Children

13.1 Special Category

Head First do not require forms of sensitive personal data, if this circumstances change, we will always tell you why and how the information will be used.

Special categories of personal data are classified as

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade-union membership
Health or sex life
Unique identity of a person by processing biometric or genetic data

13.2 Children

Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. Our services are not targeted to children; therefore we do not collect and process children’s personal data.

14.0 Data Subject Access Request (SAR’s)

Head First at your request, can confirm what information we hold about you and how it is processed. If we do hold personal data about you, you can request the following information:

Identity and the contact details of the person or organisation that has determined how and why to process your data.
Contact details of the data protection officer, where applicable.
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of Head First or a third party, information about those interests.
The categories of personal data collected, stored, and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such processing.
Information about your right to withdraw consent at any time.
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
- All data access request forms will be submitted to us (The Data Controller) at no additional cost.
- You will receive an email confirming acknowledgment of our receipt.
- We will respond to all data requests within 30 days.
- If for some reason access is denied, we shall provide an explanation as to why access has been denied. Should there be a delay due to unforeseen circumstances, you will be notified.

15.0 Transferring Personal Data to Third Countries

Head First has its headquarters in the United Kingdom and information we collect from you will be processed within the United Kingdom. We do not share or retain any information outside of the E.U.

16.0 Data Protection Principles

We promise to follow the following data protection principles:

Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
Processing is done with minimal data. We only gather and process the minimal amount of Personal Data required for any purpose.
Processing is limited with a time period. We will not store your personal data for longer than needed.
We will do our best to ensure the accuracy of data.
We will do our best to ensure the integrity and confidentiality of data.

17.0 Changes and updates to the Privacy Notice

By using this Site, you agree to the terms and conditions contained in this Privacy Notice and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this Site. You agree that any dispute over privacy or the terms contained in this Privacy Notice and Conditions of Use, or any other agreement we have with you, will be governed by the laws of the United Kingdom. You also agree to arbitrate such disputes within the United Kingdom, and to abide by any limitation on damages contained in any agreement that are stipulated by the Supervisory Authority.

We reserve the right to amend the Privacy Notice and Conditions of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice and Conditions of Use at this Site. We may email periodic reminders of our notices and terms and conditions, but you should check our Site frequently to see the current Privacy Notice and Conditions of Use that is in effect and any changes that may have been made to it. Historic versions can be obtained by contacting us.

18.0 Lead Regulator

Head First is governed by the Office of the Information Commissioner (ICO) in the United Kingdom. Should we be unable to resolve your complaint, you may contact the ICO directly as detailed in Clause 19.0 of this Privacy Notice

19.0 Questions, Concerns or Complaints

In the event that you wish to make a complaint about how your personal data is being processed by us or any of our third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the Supervisory Authority as detailed below:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

website: https://ico.org.uk

Last Reviewed: Nov 1st, 2023

Revision No: 1

Document Ref:	GDPR-01-01
Version no:	01
Original Issue Date:	25/05/18
Document Classification:	Public

Issue	Description of Change	Approval	Date of Issue
1	Initial issue		25/05/18