© 2018 forward thinking inc

PRIVACY POLICY

 

INTRODUCTION

forward thinking inc is a UK registered strategy consultancy, operating globally from offices in London. Since 1998 we have worked collaboratively with our clients on strategies that grow the long-term value of their organisations and improve all aspects of a company’s performance.

forward thinking inc must process personal data so that it can provide these services – in doing so, forward thinking inc acts as a Data Controller.

forward thinking inc is registered as a Data Controller with the Information Commissioner’s Office (ICO), reference ZA393574.

This Privacy Policy has been drawn up in reference to the General Data Protection Regulation (GDPR) in the interests of providing you with transparent information about the personal data we collect and process.

forward thinking inc (‘we’; ‘us’; ‘our’) take your privacy very seriously and are committed to protecting the personal information that we collect. We will take appropriate care to keep your information secure and to prevent any unauthorised access or use of it. We implement various security measures to maintain appropriate controls over the processing and transfer of personal data.

forward thinking inc look to comply with best practice and local privacy legislation in all jurisdictions in which we operate. The application of this Privacy Policy may be subject to minor amendments in accordance with law in jurisdictions outside of the UK.

forward thinking inc’s Privacy Policy will be reviewed from time to time in order to take into account any changes to legislation and our operations / working practices. Any information we hold will be governed by the most current version of forward thinking inc’s Privacy Policy, which can be accessed via our website:

 

http://www.forwardthinkinginc.com/privacy-policy/

This policy was last revised on: 28th May 2018.

This Privacy Policy documents how we collect personal information and data, how we process it and how we manage it.

HOW IS PERSONAL DATA COLLECTED?

forward thinking inc collect personal data in a number of ways. Most commonly these include:

  • Contact from a client to whom our services are provided

  • Contact from a client prospect interested in our services

  • Contact from a candidate for employment

  • Contact from an independent consultant who may work with us on client projects

  • Contact from a supplier who may support us in the delivery of our services

  • When invited to join any networking group that forward thinking inc (e.g. fti forums) runs or interested in receiving our newsletter

 

WHAT PERSONAL DATA IS COLLECTED?

The standard personal data forward thinking inc collect and store is: your name, your employer, your job title, and your contact details (e.g. email address, telephone number).

Additional data is collected if you have registered with forward thinking inc as a candidate for employment, whether currently or in the past. Such data is likely to include a copy of your CV, salary details and expectations, right to work documents, details of applications, recruitment history etc.

 

COLLECTING AND PROCESSING SENSITIVE PERSONAL DATA

Sensitive personal data is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

forward thinking inc do not typically collect or store sensitive personal data. However, in some client projects, our clients may request us to collect and process sensitive personal data from targeted populations (e.g. employees). In that event, we will contact you to ask for your explicit consent for this sensitive personal data to be collected and processed. You may refuse to provide any of the sensitive personal information we request.

 

LEGAL BASIS FOR PROCESSING DATA & THE PURPOSE OF PROCESSING DATA

forward thinking inc have a legitimate interest for processing personal data, given that it is necessary to process personal data in order to provide our services to you. As long as your data protection rights are not infringed, forward thinking inc are allowed to process your data when it is in the interests of the business to do so.

forward thinking inc will only process your personal data for the reason for which you provided it or for reasons that are directly related to this reason. We process personal information to enable us to provide consultancy and advisory services, to promote our services, to maintain our own accounts and records and to support and manage our employees.

When we collect personal data from an individual invited to join any networking group that forward thinking inc runs, we will collect and process the personal data necessary to run and administer the networking group.

Legitimate interest cannot be used as a lawful basis for collecting and processing sensitive personal data, so in the event that our clients request us to collect and process sensitive personal data, we will contact you to ask for your explicit consent for this sensitive personal data to be collected and processed.

In very rare circumstances, we may have a legal obligation to process personal data, for example to law enforcement authorities or to prevent a serious threat to public safety.

 

STATUTORY / CONTRACTUAL REQUIREMENT

Your personal data is not required as part of a statutory and / or contractual requirement, or a requirement necessary to enter into a contract.

 

USE OF PERSONAL DATA FOR DIRECT MARKETING

When we collect personal data from you, we welcome the opportunity to share with you market intelligence in the form of newsletters, thought leadership articles or invitations to events. We will seek your consent to receive such communications, and when you provide us with this consent, this is knowingly and freely given, informed, clear and specific. You may withdraw your consent from receiving such communications at any time by using the facility to ‘unsubscribe’ included in the email or communication concerned.

 

WHO CAN ACCESS THE PERSONAL DATA WE COLLECT?

In order to provide our services to you, your personal data will typically be accessible by other employees of forward thinking inc, as well as the contact by whom the data was originally collected.

Your personal data may also be accessible by third parties who perform functions on our behalf, such as forward thinking inc’s IT service providers who carry out testing and development work on our business technology systems.

 

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

Personal data is disclosed to other companies (‘third parties’) depending on the reason for which that personal data is primarily held, or for a related reason. This will be for the reason for which you provided it to us; for example, when registered as a participant on FTI Forums or where you have otherwise agreed we may disclose it.

Please be aware that the degree of protection of your personal data in a different country may not be the same as in your country of residence. forward thinking inc will only transfer personal data to countries outside the European Economic Area (‘EEA’) for the purposes of delivering our services. This will be with the permission of the relevant data subject and where the risk to the rights of the data subject is low. The EEA comprises the EU member states, plus Norway, Iceland and Liechtenstein.

Personal data is also processed to third parties who perform functions on our behalf as data processors. These may be physically situated outside of the EEA. These are:

  • Really Simple Systems – a cloud-based customer relationship management (CRM) and operations software company, where data on our computerized database is stored

  • Flex MR – an online research platform provider whose software we use to engage with consumers and clients

  • QuestionPro – an online survey software provider that we use to deploy surveys to consumers and clients

  • OneCom – an IT support and technology services company, who manage and maintain our internal IT and technology systems

 

These companies have demonstrated to us that they have appropriate safeguards and security measures in place to ensure their compliance with GDPR.

 

SAFEGUARDING & STORAGE OF PERSONAL DATA

All personal data is stored on secure servers, and every endeavour is made to have in place sufficient technical and organisational measures to safeguard personal data. We cannot however guarantee that loss, alteration or misuse of data will not take place, despite the security measures we have in place to minimise the likelihood of this eventuality.

 

OUR WEBSITE & INTERNET BASED TRANSFERS

Using the internet to collect and process data involves the transmission of data on an international basis, given the internet is a global environment. There are risks involved in transmitting data in this way. For instance, by communicating with forward thinking inc electronically via our websites (https://www.forwardthinkinginc.com/ and https://workplaceintelligence.co.uk/), social networking websites (e.g. LinkedIn), via job boards or via other websites where we advertise our services, we are unable to guarantee that the personal data you submit will not be intercepted when submitted. External websites operated by other companies will be subject to that company’s privacy practices over which forward thinking inc has no control. forward thinking inc cannot guarantee the privacy practices of any third-party websites.

 

DATA RETENTION

forward thinking inc will retain your personal data only for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller. Different laws require us to keep different data for different periods of time.

forward thinking inc will typically retain personal data for up to five years from the date of last contact, unless it is deemed necessary to retain such personal data for longer.

Where we have sought explicit consent for the collection and processing of sensitive personal data, this will only be stored and processed for the defined period of time that you have given your explicit consent for such to be stored and processed.

 

YOUR RIGHTS

Please be aware that you have the following data protection rights: the right to be informed about the personal data forward thinking inc processes on you; the right of access to the personal data forward thinking inc processes on you; the right to rectification of your personal data; the right to erasure of your personal data in certain circumstances; the right to restrict processing of your personal data; the right to data portability in certain circumstances; the right to object to the processing of your personal data that was based on a public or legitimate interest; the right not to be subjected to automated decision making and profiling; and the right to withdraw any given consent at any time.

You may contact forward thinking inc to seek access to, rectify, and / or request deletion of the personal data we hold on you. We will require that you provide suitable identification.

To make a request to access your personal information, please email us with your request and provide verification of your identity. We will provide this information within 30 days, excepting any information that would interfere with the privacy rights and confidentiality of other individuals or companies.

Your co-operation in helping us store accurate personal data for you is very valuable to us. Please email us to rectify any personal data we hold on file you, for example change of name or contact details.

Should you wish for your file to be deleted, we will process this where possible, but please be aware that there may be occasions where we may not be required to do so, particularly where your file also includes financial/employment records that we need to keep for periods up to six years.

Should you wish to access, rectify or delete the personal data we hold, please email forward thinking inc’s Data Protection Officer.

 

HOW TO MAKE A COMPLAINT

If you believe this policy has been breached in any way, please write to or email forward thinking inc’s Data Protection Officer, verifying your identity, and setting out in as much as detail as possible the detail of the personal data affected, and the reason for and circumstances of your complaint. We will provide a written response within 30 days after concluding an internal investigation. We may contact you should we need any additional information.

You also have the right to raise any concerns with the Information Commissioner’s Office in the UK on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.

Contact forward thinking inc’s Data Protection Officer:

Zoe Edwards

zoe.e@forwardthinkinginc.com

020 3908 5652

Causeway House, The Causeway, Teddington, TW11 0JR