This Privacy Notice was last updated on 24 October 2019.
This Privacy Notice applies to Omaira Consulting Group Ltd (trading as Omaira Consulting Group) and the entities we own or control (“Omaira”, “we”, “us” or “our”).
At Omaira, we are committed to protecting your information by handling it responsibly and safeguarding it using appropriate technical, administrative and physical security measures.
The aim of this Privacy Notice is to explain to you who we are, what information we may gather about you, what we use it for and who we share it with. It also sets out your rights and who you can contact for more information or queries.
In this notice:
“Data Protection Legislation” means the EU General Data Protection Regulation 2016, Data Protection Act 2018 and all other applicable legislation relating to privacy or data protection.
“Personal Data” means information that relates to an identified or identifiable individual.
“Process” means any operation performed on information about you, including to collect, record, organise, structure, store, alter, use, transfer, destroy or otherwise make available.
Information about us
It is important that you understand who is responsible for the overall safeguarding of your data.
As specified in the General Data Protection Regulation (GDPR) 2016/679, we are the "controller" of all personal data collected and used for providing our products and services, and for any other purposes set out in this Privacy Notice. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
Our company registration number is 11019466 and data controller reference is ZA558331.
Our registered office address is Omaira Consulting Group, Suite 2, Stewart House, 56 Longbridge Road, Barking IG11 8RW.
If you have any questions about this notice or are unsure about anything related to the privacy of your data, get in touch with our Data Protection Officer by:
Data Protection Officer, Omaira Consulting Group, Suite 2, Stewart House, 56 Longbridge Road, Barking IG11 8RW
Does this Privacy Notice apply to you
At Omaira, your privacy is very important to us and we have a commitment to protecting it. This notice is to inform you about how we process and protect your personal data when:
- we provide services to you;
- you use our website; and
- performing any other activities that form part of the operation of our business.
What personal data do we collect
We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection Legislation and as set out in this statement.
We may process your personal data because:
- you gave it to us (for example, you contacted us via email with an enquiry);
- other people gave it to us (for example, a client has asked us to liaise with you); or
- it is publicly available (for example, on a website).
The personal data we process may include your:
- contact information, such as business/residential address, email address and mobile phone number;
- interactions with us (for example, telephone or website/email enquiries about general information or the services we provide);
- information about any complaints you make;
- postings or messages on any blogs, forums, platforms or social media applications and services that we provide;
- details of how you use our products and services; and
- employment details (for example, the organisation you work for and your job title).
The personal data we process may also include special categories of personal data, or ‘sensitive data’, such as details about your:
- health (for example, to make access to our office, or products and services, suitable); and
- dietary requirements (for example, when we provide food during an event).
Why do we process your data
The reasons why we may collect the personal data listed above are:
- to provide you with information that you have requested or that we think may be of interest to you;
- to provide you or our client with our products or services;
- to fulfil a contract that we have entered into with you or our client, or to take steps towards entering into a contract;
- to manage any communication/interaction between you and us; and
- to meet our legal or regulatory obligations.
What legal grounds we use for processing your personal data
We are required by law to set out in this Privacy Notice the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful basis:
- you have consented to us processing your information for a specific reason – when we rely on your consent to process your personal data, you always have the right to withdraw consent, for example, when you sign up to receiving marketing communication (Consent);
- the processing is necessary to fulfil the contract we have with you or to take steps towards entering into a contract with you (Contract);
- the processing is necessary for compliance with a legal obligation we have, for example, keeping records for tax purposes or providing information to a public body or law enforcement agency (Legal); or
- the processing is necessary for the purposes of a legitimate interest pursued by us or a third party (Legitimate Interest), which might be:
to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed;
to prevent fraud;
to protect our business interests;
to ensure that complaints are investigated;
to evaluate, develop or improve our services or products; and
to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so.
Furthermore, processing of any special categories of data relating to you for any of the purposes outlined above will be done based on the condition:
- you have given us your explicit consent to process that data;
- the processing is necessary to carry out our obligations under employment, social security or social protection law;
- the processing is necessary for the establishment, exercise or defence of legal claims; or
- you have made the data manifestly public.
With whom do we share your data
There are times when we need to share your personal data with some third parties. This includes where we use third party suppliers to perform various services for us. When we share your personal data with third parties, we enter into contracts to ensure your personal data is kept secure, is only used for the defined purpose, and is then deleted in accordance with our data retention requirements.
The third-party suppliers we share your personal data with are:
- those you have specifically consented to us sharing your data;
- website developer, who manages the running and functionality of the website;
- information security service providers, who ensure our IT systems are secure and protected from fraud and abuse;
- cloud service provider, for our business operations; and
- where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.
Except as stated in the table below, we do not transfer or store your personal information outside the European Economic Area (EEA). If we do carry out any further transfers of your information outside the EEA, we will inform you about this and ensure that the recipient provides an adequate level of protection to your personal data.
Transfer of personal information outside of the EEA
We use Microsoft products for our business operations.
Microsoft stores data in the USA.
Microsoft is certified with Privacy Shield.
If an organisation is certified with Privacy Shield, this means that the organisation provides a level of protection of your personal data that is deemed adequate by the European Commission. More information about Privacy Shield and certifications can be at https://www.privacyshield.gov/.
Third party services and websites
From time to time, our services may link to services, applications or websites controlled by other companies. Please ensure you view the privacy information of those companies before you provide any personal information, as those services, applications or websites will not be covered by this notice.
How long do we keep your data
When you give us any of your personal data, we will let you know for how long we will hold on to the data. We only keep your personal data for only as long as necessary for the activity we collected it, which is longer in some cases than in others, and in accordance with applicable laws and our internal Retention Policy. We will take reasonable steps to destroy or anonymise your data when it is no longer needed for the purposes set out above. A copy of our Retention Policy is available on request.
Our security measures
We use a range of measures to ensure we keep your personal data secure, accurate and up to date. These include:
- education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- administrative and technical controls to restrict access to personal data to a ‘need to know’ basis;
- technological security measures, including fire walls, encryption and anti- virus software; and
- physical security measures, such as security passes to access our premises.
The transmission of data over the internet (including by e-mail) is never completely secure. So although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.
A ‘cookie’ is a small text file which, once accepted by you, is placed on your computer – or any internet enabled device – for various analytical and preferential information.
What are your rights
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case, we will let you know as soon as we can and explain why we need to take longer to respond.
A right to be informed –
Under the transparency principle of the GDPR, you have a right to know what information is being collected, what it is being used for and with whom it is being shared. This Privacy Notice has been put together to provide you this information.
A right to access your information –
You have a right to ask us to send you a copy of all the personal information we hold about you (subject to some exceptions). A request to exercise this right is called a "subject access request" (SAR).
A right to object to us processing your information –
In some circumstances, you have the right to object to us processing any of your personal information. However, in these specific circumstances, if we have compelling legitimate grounds to carry on processing your personal information, we will be able to continue to do so. Otherwise, we will cease processing your personal information.
A right to have inaccurate information corrected –
You have a right to ask us to correct inaccurate information that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal information as soon as possible.
A right to have your information erased –
You have a right to ask us to delete your personal information in certain circumstances, for example if we have processed your information unlawfully or if we no longer need the information for the purpose(s) we originally collected it.
A right to have processing of your data restricted –
You can ask us to restrict processing of your personal information in some circumstances, for example if you think the information is inaccurate and we need to verify its accuracy, or if we no longer need the information but you require us to keep it so that you can exercise your own legal rights.
Restricting your personal information means that we only store your information and don't carry out any further processing on it unless you consent, or we need to process the information to exercise a legal claim or to protect a third party or the public.
A right to data portability –
You can ask as to provide you all the information you provided us and which we hold in a commonly used format, suitable for transfer in a safe and secure way.
If you would like to exercise any of your rights or complain about the handling and privacy of your personal data, you can get in touch by email or letter using the following details:
Data Protection Officer, Omaira Consulting Group, Suite 2, Stewart House, 56 Longbridge Road, Barking IG11 8RW
Your right to complaint to the Supervisory Authority
If you are unhappy with how we have processed your personal information or dealt with your complaint, you can lodge a complaint with the Information Commissioner's Office (ICO) directly, which regulates data protection compliance in the UK. You can find information on how to do this on www.ico.org.uk or call them on 0303 123 1113.
Changes to this Privacy Notice
From time to time, we may need to update this notice. If we do, we will amend the ‘last updated’ date at the top of this page. If we make any updates which significantly changes the way with process your data, we will let you straightaway. Otherwise, please refer to this notice periodically to keep up to date.
Suite 2, Stewart House 56 Longbridge Road