1.1. WHAT WE NEED
Sapphire will be what’s known as the ‘Controller’ of the personal data you provide to us and this Privacy Notice explains how we collect and use personal information about you.
We may collect personal data that you provide to us because you have:
This may include personal as well as special categories of data and we will keep you informed on why this is necessary to collect.
If you have requested information, registered for an events, or procured one of our products or services, we may offer you further information that we feel you may be of interest to you. You will be able to opt-out of this selective messaging at any time. In addition, you may opt-in to our information services that will keep you fully informed of the business and its present and future services.
1.2. YOUR PERSONAL DATA RIGHTS
Your privacy is very important to us and Sapphire will respect all of your Data Subject Rights.
Upon contact, Sapphire aim to administer your Rights within 30 days of authentication of the subject, following receipt of the request. However, we reserve the right to extend this period if we deem additional effort is required to fulfil the request to a satisfactory level. We will advise you within the 30 days if an extension is required.
Your Rights include, but not limited to:
The Right of Access: At any time, you can request a copy of your personal information held within our systems. We will inform you as to whether data is held or not on our systems. If data is held then a copy of the information and the required supplement notice will be provided to you.
Right of Rectification: allows you to request changes to the information we hold on you, to enable the correction of incomplete or inaccurate information. Sapphire may periodically request you to verify your data we store about you is accurate and up to date.
Right of Erasure: You may request for your data to be erased and if there is no good or lawful reason for us continuing to process it, then your personal data will be removed. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing: You may object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing: This enables you to request the suspension of processing of personal information about you, for example you may invoke this right if you are querying the accuracy or reason for us processing your data.
Request to Transfer: You can request the transfer of your information to another party.
Withdrawal of Consent: You have the right to withdraw your consent for us to process your personal data, where you have previously provided consent. Withdrawal of consent will not affect the lawfulness of any processing carried out before you withdraw your consent. However, on some occasions if consent is withdrawn we may not be able to provide certain products or services. On these occasions we will advise you of the affects of the withdrawal of consent.
If you require to invoke any of your rights, our contact details are provided within Section 1.9 of this Privacy Notice
1.3. RETENTION PERIODS
We only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of our personal data, the potential risk of harm from unauthorised us or disclosure, the purposes for which it is being processed, and whether we can achieve those purposes through other means, and applicable legal requirements.
All personal data collected under contract will be held for a period of 6 years plus current from the end of the contract. This includes: contractual and personal data.
Data collected under consent will be used until consent is withdrawn or if it is no longer useful for the purpose with which it was collected. Some data may not be removed if it involves a disproportionate effort.
Please note: After this retention period has expired, Sapphire will be unable to offer confirmation of costs, descriptions of work undertaken, or anything pertaining to the product or service.
The above does not affect your Rights as a data subject.
1.4. FAILING TO PROVIDE NECESSARY PERSONAL DATA
Failing to provide some or all the necessary personal data may result in:
It is important that the personal information we hold about you is accurate, current and relevant. Please keep us informed if your personal information changes.
1.5. SHARING PERSONAL DATA
Sapphire may share your personal data with other organisations, companies or partnerships in order to carry out the contract of service you have requested.
If Sapphire shares your data on a regular basis with organisations we will performed due-diligence and hold written contracts and agreement with these organisations to legally safeguard your data.
If you have consented for us to share your data with other organisation for the purposes of marketing, we will keep your consent on record until it is withdrawn, or the purpose is no longer valid. On withdrawal of consent Sapphire will take reasonable steps to contact these organisation on your behalf to inform them of your request to remove your consent. However, Sapphire are not be liable for the actions of other third-parties companies who are responsible for their own data processing practices.
1.6. TRANSFER TO INTERNATIONAL COUNTRIES
Your data may be transferred internationally. If your data is transferred, Sapphire will legally safeguard your personal data by:
Owing to the global nature of the Internet infrastructure, the information you provide may be transferred in transit to countries outside the European Economic Area that do not have similar protections in place regarding the protection of your personal data. Where this is the case end-to-end encryption will be employed to transmit the data securely.
Where Sapphire is unable to utilise legal safeguards when transferring data to a third-country, then Sapphire will seek consent from you to facilitate the data transfer. This could be the case when arranging specific co-operation from abroad.
1.7. INFORMATION SECURITY
Transmission: Where personal data is transmitted electronically over an unsecure network (e.g. public network) appropriate encryption technology is used. If your data is transmitted in a hard-copy format we use secure methods of transport suitable to the nature of the personal data.
Storage: Personal electronic records are located on servers in secure premises. If your data is required to be stored outside of the secure premise, the data will be in an encrypted format. Personal paper-based records will be stored in a locked filing cabinet in secure offices to prevent inadvertent access by unauthorised 3rd parties
Access: Only personnel authorised by Sapphire will have access to your personal data records on a need to know basis.
Disclosure of personal data: We do not disclose personal data unless we’re required to do so to comply with the law; under contract; have your consent or is in your vital interest.
1.8. AUTOMATED DECISION MAKING AND PROFILING
The information you provided to Sapphire will be provisioned on to the Sapphire database. Sapphire uses limited automated decisions using retargeting software in relation to optimising our user journey. This does not affect your Rights as a Data Subject.
1.9. DATA SUBJECT RIGHTS
If you would like to exercise your Data Subject Rights including your right to access; rectification; erasure; restriction; or objection to processing, please contact the Data Protection Officer at Sapphire.
Data Protection Officer
1.10. THIRD PARTY PROCESSORS
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
1.11. ESCALATING A DATA PROTECTION CONCERN
While you should contact Sapphire in the first instant of a compliant or dispute. You have the right of redress and you may contact the Information Commissioners Office, please see: https://ico.org.uk/concerns or call the ICO on: 0303 123 1113.