Website: Privacy Information Notice

On 25th May 2018 the European Union’s General Data Protection Regulation (GDPR) EU/2016/679 came into effect and replaced all existing UK and EU data protection law.  The GDPR is enforced in the UK by the Information Commissioner’s Office (ICO).  It will continue in force after the UK leaves the EU.

The GDPR is concerned with the collection, processing and security of Personal Data and it gives individuals rights to know what data is held, how it is held, why it is held and to request that it be amended, transferred or destroyed or that the processing of it be restricted.

Personal Data is any information about you which used alone, or combined with other information, would enable someone to identify you.

Personal Data

Insense recognises its obligation to comply with GDPR and will ensure that Personal Data:-

• is processed fairly, lawfully and in a transparent manner
• is processed for specified purposes only
• is relevant to what it is needed for
• is accurate and kept up to date and is not kept longer than is needed
• is processed in accordance with the rights of individuals
• is kept securely

Insense is registered with the ICO as the Data Controller under reference number ZA314698. 

 

Why we need to process your Personal Data

Insense has to have a reason/reasons for processing your Personal Data - in GDPR this is called a Lawful Basis.  Insense has identified its Lawful Bases as follows:-

 

Consent Basis

You have provided us with clear given consent for us to process your personal data for a specific purpose. 

 

Contract Basis

We need your Personal Data to enable us to carry out the work that we have agreed to do for you. 

 

Legitimate Interest Basis

There will be occasions on which we need Personal Data from someone with whom we do not have a contractual agreement in which case we will be using that Personal Data on the basis that such processing is necessary for our legitimate interests or the legitimate interests of the business partner or customer.

 

Legal Obligation Basis

We also need Personal Data to fulfil our statutory and regulatory requirements.

 

Special Category Data

The GDPR also lists special types of Personal Data that requires special treatment – these are called Special Category Data, and include information revealing racial or ethnic origin, trade union membership, genetic data/biometric data or data concerning health. 

According to the GDPR legislation and on the rare occasions that Insense has to process Special Category Data, then as well as satisfying one of the lawful bases above, Insense will notify you of our need to process this data type and it will also ensure this data is only processed if you have given explicit consent.

If you choose not to provide Personal Data, including on the rare occasions that which is defined as Special Category Data, when requested to do so, we will have to consider whether we can work together.

 

How we will process your personal data

Insense will only process Personal Data, in accordance with applicable law, for purposes such as:

• Administration purposes and use of a contacts database containing personal data;
• Sending promotional emails*;
• IT administration; such as storing IP addresses or MAC addresses;
• Ethics and compliance;
• Supplier screening;
• Responding to your queries, requests and other communications; 
• Providing technical advice/associated services enabling us to fulfil our business obligations developing and improving our business, products and services.

Your Personal Data is held in electronic form and hard copy.

*Insense undertakes very little marketing and rarely contacts individuals to advertise services. If and when it does, it does so in ways that are proportionate and have minimal privacy impact.

The types of Personal Data that we process

Insense process some or all of the following for business partners or customers and for others in respect of whom such Personal Data is required to enable us to carry out the required work for business partners or customers such as:

• Name 
• Job title
• Contact details (email address; phone/mobile number)
• Name of department
• Work location/Address
• Supervisor ID/Name
• Contractual details
• Bank details 

If required to enable us to carry out our contractual or legal obligations or for our or your legitimate interests, we will also collect information relating to Special Category Data, having received your prior consent to do so.

Who we pass data to?

Insense may also pass your personal data in the good faith belief that such action is necessary to satisfy our contractual or legal obligations (e.g. to protect and defend the rights or property of Insense or to protect against legal liability/ investigate possible wrongdoing in connection with a service ) or for our or your legitimate interests, we may from time to time pass Personal Data to third parties or other bodies to whom we are obliged by law (or in response to valid requests by public authorities e.g. a court or a government agency) to pass Personal Data (subject always to any overriding rights of business partners or customers confidentiality). 

We may share your personal information with other third parties to enable normal business operations. If Insense is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. In this situation we will, so far as possible, only share anonymised data with the other party before the transaction completes. Once the transaction is completed, we will share your personal data with the other party if, and to the extent required, under the terms of the transaction.

Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained.

Who gives us Personal Data

Business partners or customers may give us the Personal Data of other individuals to enable us to carry out work for the business partners or customers.   We will hold such Personal Data securely but will only contact that individual to give them the information contained in this Privacy Information Notice if we have requested the information directly from them ourselves i.e. we will ask them for their specific consent to do so.

 

International transfers of your Personal Data

We do not transfer your Personal Data to any country outside the EU, unless it is necessary to enable us to fulfil our contractual obligations with you, and in such event, we would ask for your specific consent to transfer such information.

 

How long do we keep your Personal Data?

We will keep your Personal Data for the length of your contract/agreement or time working with us plus an additional 6 years after the end date. Data will only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it will be securely disposed of as described within the Insense Data Retention and Disposal Policy (2018).

 

How do we keep your Personal Data safe?

We take all reasonable precautions to prevent the loss, misuse or alteration of the Personal Data that you give us.  Personal Data is held securely in an electronic format (if possible, and where appropriate, with pseudonymisation and encryption), only on fully updated company computer systems, with secure servers. Access to this information will be limited to specified employees.

Please note that for ease of use and compatibility, communications will not be sent in an encrypted form unless you require it and provide the information to enable us to communicate with you in that way.  E-mail unless encrypted is not a fully secure means of communication, therefore please be aware of providing Personal Data by e-mail.   

Your rights (including your right to object to our processing your Personal Data)

The GDPR gives you a number of rights and Insense will comply so far as it is able, with any requests that you make in this respect.

Right of access (sometimes also called a subject access request)

• You have the right to obtain a copy of your Personal Data – this can help you understand how and why we are using your Personal Data and check that we are doing so lawfully.
• You have the right to obtain confirmation from us that we are processing your Personal Data.

Right of rectification

• You have the right to have Personal Data rectified if it is misleading or incorrect.

Right to erasure (sometimes called the right to be forgotten)

You have the right to have your Personal Data erased if:-

• it is no longer needed for the purpose for which we originally collected or processed it.
• there is no overriding legitimate interest to continue this processing.
• we have processed the Personal Data unlawfully.
• we have to comply with a legal obligation.

Right to restrict processing

Right to data portability

Right to object

You have the right to request us to stop processing your Personal Data if:-

• it is used for direct marketing 
• the lawful basis is legitimate interests i.e. you are not the business partner or customer but a third party – if there are legitimate grounds to continue processing the Personal Data which override your interests, the request will be refused.

If you wish to make a request in respect of any of these rights, you may contact us by post, e-mail or by telephone.  We may then contact you to confirm the nature of the request and we may possibly ask you for ID to ensure that we do not disclose Personal Data to the wrong person.  We will then comply with your request within one month of receiving it or of receiving further details or ID if required.  We will provide the information in whatever form you require but please note that we cannot give you remote access to our server.   We will not charge a fee unless the request is manifestly unfounded or excessive or if you have previously requested and received the same information.  We will not provide information about your Personal Data if the request comes from a third party unless that third party provides evidence of its authority to make such a request on your behalf.

 

Insense Website

Our website – www.insense.co.uk – uses one cookie – functioning as an analytical tool (this allows us to recognise and count the number of visitors to our site and to determine whether they’re humans and not spam bots.). A cookie is a small text file that is downloaded onto a computer or smartphone when the user accesses a website.  It allows the website to recognise that user’s device and store some information about the user’s preferences.  Cookies are not enabled on our website unless you give express consent (a banner appears on the web page) and therefore unless you consent, the cookies will remain disabled.  You therefore have control over whether they are to function or not. If you’d like to reproduce, store or retransmit any part of the website you’ll need our approval.

  

If you wish to lodge a complaint with a supervisory authority

If you have a complaint, we would very much hope that you would first raise it with us as we would welcome the opportunity to sort it out, however if we cannot do so or if you wish to raise the matter direct with the ICO, the contact details are set out below.

 

Contact details

For queries about the content of this Privacy Information Notice or for further information or to make a request, please contact our Data Protection Officer Stuart Collyer:

 

e-mail

• stuart.collyer@insense.co.uk

 

telephone

• 01234 758332

 

website

• www.insense.co.uk

 

by post

• Insense Ltd
Colworth Science Park,
Sharnbrook,
Bedfordshire,
MK44 1LQ
UK

If you wish to contact the ICO, the details are as follows:

telephone

• 0303 123 1113

 

website

• ico.gov.uk

 

by post

• Information Commissioner’s Office,
  Wycliffe House,
  Water Lane,
  Wilmslow,
  Cheshire
  SK9 5AF

            UK

(updated June 2020)

 

About our company and how we are regulated

Insense Ltd own this website. We’re a company registered in England and Wales under Company Number 4101081.

Our Registered Office is: Colworth Science Park, Sharnbrook, Bedfordshire, MK44 1LQ, UK