Just Practising Ltd is a company which offers social media consultancy services to the construction industry.
Where we get your data from:
- If you contact us by telephone, we will keep a record of your name and the contact details which you supply to us, on our business contacts database. We hold this data to allow us to contact you.
- If you contact us by completing the enquiry form on the Just Practising Ltd website, we will keep a record of your name and the contact details which you supply to us, and the nature of your enquiry, on our business contacts database. We hold this data to allow us to contact you and deal with your enquiry.
- We are in the business of using digital media to aid the construction products industry. Therefore we have a presence on social media platforms such as linked-in, twitter & some others. When you supply us with your contact details we may use them to search for your online public presence on such platforms. Similarly, if your employer is a client we may search for your online presence on such platforms where this is a necessary part of our commercial work for that client.
- If you choose to complete a form to subscribe to our email blog we will keep a record of your name and the contact details you supply to us. We hold this data to allow us to send to you, with your consent, new blogs which we publish by email.
- We may also obtain anonymised data from your visit to our website (see below).
Using our website:
When you visit our website we may obtain data indirectly about your visit by means of the tool Google Analytics. The data supplied by this tool will show us in anonymised form, such things as number of visitors over time, how long visitors remained on a page, etc. We use this data to improve the way our website works, and to monitor the take up of materials we publish on it. Because the data is supplied to us in anonymised form, we cannot know details about what any named individual visitor did during their visit to our website.
What we use your data for:
We hold your contact details to allow us to deal with your enquiry or to carry out our contractual obligations to you should you (or the institution you are an agent for) become a consulting client.
We also hold contact details for our suppliers, to allow us to process our commercial transactions with them.
The legal basis for holding this information is GDPR 6 (1) F : “processing is necessary for the legitimate interests pursued by the controller”. This includes, the pursuit of normal commercial business practices, such as contacting our clients and contacting our suppliers.
Just Practising Ltd also keeps contact details and bank details as part of its financial records, to meet its legal obligation to file annual accounts with Companies House, and to meet its legal obligation to submit Corporation Tax assessments to HMRC. The legal basis for holding this information is : GDPR 6 (1) C : “processing is necessary for compliance with legal obligation”.
If you choose to subscribe to our email blog, the subscription form requires your consent for us to send this material to you. The legal basis for holding your contact details as a subscriber to our email blog, is GDPR 6 (1) a “consent of data subjects”.
How long do we keep your data?
HMRC documents state that a limited company must keep records for 6 years from the end of the last financial year they relate to (https://www.gov.uk/running-a-limited-company/company-and-accounting-records). Just Practising Limited will not consider the disposal of financial records (which may include personal contact data and/or bank details) until after this 6 year period expires.
Non-financial data (such as contact details) are deleted if for period of 2 years they are not used (unless we need them to meet our legal obligations). Our contacts database is reviewed annually, and the contact details which meet this disposal criteria are then deleted.
Who will we share your data with?
When you contact us your contact data will be entered into our contacts database so that we have your details to hand. Individual contact details (but not the database) are shared on an ad-hoc basis with our Virtual Assistant Suzie Warren.
We sometimes employ other professionals to provide part of our services to consulting clients. For example we may employ an IT professional to audit the usage or software construction of a client’s website, or employ a photographer to provide images of buildings which use a client’s construction materials. Where we employ others to assist on a project for a client we will always ask the client for consent to do so, before passing any contact details necessary to a third party.
Similarly, if we want to suggest a client makes use of a third party supplier regarding a service that we do not provide in house, we will not pass contact details for the client to the third party without first obtaining our client’s consent to do so.
To protect commercial information we have Non-Disclosure Agreements with clients, where this is necessary.
With the exception of our PA (Suzie Warren) Just Practising Ltd does not routinely pass on contact or other personal data to third parties.
Who else has access to your data?
We store some contact data in our financial records and client files, and these may be shared with our business advisors for the purposes of meeting our legal obligations (filing accounts and taxation) and for normal commercial purposes (eg seeking legal advice on contractual matters).
Protecting your data:
Almost all personal data we hold is stored electronically, on platforms with disc encryption and password protection. Should a platform go missing the data cannot be easily accessed even if the disc-drive were removed and attached to a donor machine. The small amount of hard copy data we hold is kept in locked steel cupboards at our trading premises.
Cloud Storage: We keep our client archives locally on encrypted discs.We also have a back-up copy (in encrypted form) held on cloud storage with the servers located in Ireland. The cloud storage service provider does not hold the decryption keys and therefore cannot access this data.
Our mailing list and your consent:
We have a mailing list whereby individuals may sign up to voluntarily receive our email blog. Anyone wishing to receive our email blog must first provide express consent to receive this material (because this amounts to marketing).
This consent can be withdrawn at any time by contacting us here. You may also unsubscribe to our email blog by using the “unsubscribe” link which appears on every email blog which we send out.
We use a mail agent named Mailchimp to send out our email blog to our blog subscribers. Therefore email blog subscriber contact details will be shared with Mailchimp. Subscribers to our email blog should satisfy themselves that Mailchimp’s privacy policy is acceptable to them.
Mailchimp’s privacy policy can be found here.
Your right to complain:
The lead supervisory authority for Just Practicing Ltd is the Information Commissioner’s Office (ICO).
An individual has a right to complain to the Information Commissioner’s Office if they think there is a problem with the way Just Practising Ltd is handling their personal data.
Your data rights under GDPR:
Further, the EU General Data Protection Regulation (GDPR) provides the following rights in respect of data we hold:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability (where processing is based on consent or for the performance of a contract)
- Right to object
- Right not to be subject to automated decision making including profiling
Automated decision making and profiling:
Personal data supplied to us is NOT used for automated decision making, or personal profiling. However, as mentioned above, we do obtain some anonymised visitor data about how our website visitors use our website.
If you have any questions about your data you can contact us using any of the methods provided on our contact page.