Inspiring Business Performance Ltd (“Inspiring” / “We”) are committed to protecting and respecting your privacy.
We have put in place policies and procedures to protect any personal information we collect about you to comply with the General Data Protection Regulation (GDPR). Details of how we collect, use and disseminate your personal data are described here to demonstrate our commitment to protecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
What is the GDPR?
The General Data Protection Regulation (GDPR), which comes into force on 25th May 2018, aims to harmonise data protection and data privacy laws across EU member states, giving back control to citizens over their personal data; and to simplify the regulatory environment for businesses by unifying regulations within the EU and by providing a clear legal framework for commercial organisations to operate within.
Your Rights Under GDPR
Your rights under the GDPR are set out in this policy notice. Please read the following carefully so that you understand our practices regarding your personal data and how we will manage it.
(1) Who We Are & What We Do
Inspiring provide services to businesses including Lexcel Assessments, Business Consultancy and Training and Development Services. We collect the personal data of the following types of people to allow us to undertake our business:
a) Collect information about our clients to carry out our core business activities.
b) Collect information about prospective clients in order to market our services.
(2) Information We Collect About You
a) This is personal information about you that you supply to us by filling in an enquiry form or newsletter sign-up on our websites inspiring.uk.com and www.ibplegal.co.uk (“our sites”); by completing event booking forms; or by corresponding with us by phone, e-mail or other communication channels. It includes information you provide when you subscribe to our communications or attend our events.
b) The information you give us which may include: your name, organisation, company address, corporate e-mail address and phone number.
(3) Information We Obtain from Other Sources
a) This is information we obtain about you from other sources such as LinkedIn, corporate websites, your business card and personal recommendations.
b) In this case we will inform you, by sending you this policy notice, within a maximum of 30 days of collecting the data of the fact we hold personal data about you, the source the personal data originates from, whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
(4) Purposes of the Processing and the Legal Basis for the Processing
We use information held about you in the following ways:
a) To carry out our obligations arising from any contracts we intend to enter into (or have entered into between you and us); and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to you or to your organisation.
b) To provide you with information about other goods and services we offer that are similar to those that you have already been provided with or enquired about.
d) Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
e) We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation to provide services to or receive services from you or your organisation.
f) We will rely on legal obligation if we are legally required to hold information on to you to fulfill our legal obligations.
g) We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. An example of when consent may be the lawful basis for processing include gaining permission to send communications about services other than those the same or similar to those to which you have already expressed an interest in.
(5) Our Legitimate Business Interests
Our legitimate interests in collecting and retaining your personal data are described below:
a) As a survey provider, we collect data from and/or are given data by our clients in order to carry out surveys for our clients. In some, but not all, cases the retention of personal data of our client contacts and survey participants and is a fundamental, essential part of this process.
b) As a provider of Lexcel Assessment Services, we are given data by our clients in order to carry out these services. The retention of personal data of our client contacts is an essential part of the Lexcel process.
c) As a provider of training programmes, the retention of personal data of our candidates and client contacts is an essential part of our service.
d) To expand, develop and maintain our business we need to record and maintain the personal data of past, present and prospective client contacts.
e) To notify our clients about changes to our service.
Should we want or need to rely on consent to lawfully process your data, we will request your consent by phone, letter, email or by an online process for the specific activity we require consent for and record your response on our administrative system. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this particular processing at any time.
a) What are Cookies?
A “cookie” is a small amount of data that is sent to your browser from a web server and stored on your computer’s hard drive. It can only be read by the web server that set the cookie
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
We only use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from our system.
d) Accepting & Declining Cookies
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
e) Third Party Cookies
When you visit certain pages of our site, you may notice some cookies that are not related to Inspiring. When you visit a web page that contains embedded content (for example, from YouTube), you may be sent cookies from these websites. Inspiring is unable to control the setting of these cookies, therefore we suggest you check these third-party websites directly for more information about their cookies and how to manage them.
f) Sharing Tools
If you decide to share our website content with friends and co-workers through social networks (LinkedIn, Facebook, Twitter etc), you may be sent cookies from these websites. Inspiring is unable to control the setting of these cookies, therefore we suggest you check the third-party websites directly for more information about their cookies and how to manage them.
(8) Disclosure of your Information
We will only disclose your personal information to selected third parties:
a) If Inspiring or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
(9) Where We Store & Process Your Personal Data
a) All information you provide to us is stored on secure servers.
b) By submitting your personal data, you agree to this transfer, storing or processing. Inspiring will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
c) Secure login identification is required for using our IT systems — each time our employees and consultants access data, they are required to sign in using personalised password identification
d) We limit access to information so that only employees and consultants needing data to be able to deliver their client work, are given access to sensitive information
e) IBP’s IT systems operate behind a firewall, and use encrypted storage of data. We work with an established IT service provider, which offers us the latest security functionality
f) ensuring continuous operations — we have a detailed business continuity policy in place which encompasses: secure, encrypted, data backup; offsite storage; original record handling; secure disposal
g) we limit the amount of paper-based confidential or sensitive data our consultants hold: any necessary confidential or sensitive paper records are kept in secure storage.
h) Unfortunately, the transmission of information via the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
(10) Retention of Your Data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention notice and run data routines to remove data that we no longer have a legitimate business interest in maintaining. We keep in contact with our clients so that they can inform us of changes to their personal data.
We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data include:
a) The nature of the personal data
b) Its perceived accuracy
c) Our legal obligations
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main administrative system.
(11) Your Rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. We will collect express consent from you if legally required prior to using your personal data for marketing purposes.
You can exercise your right to accept or prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise this right at any time by contacting us at: firstname.lastname@example.org
Our site may contain links to / from the websites of our partners and affiliates. If you follow a link to any of these websites, please be aware that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies directly before you submit any personal data to these websites.
(12) The GDPR Provides You with the Following Rights
The right to:
a) Accuracy – request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
b) Deletion – request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
c) Objection – object to processing of your personal information where we are relying on a legitimate interest (or those of a third party); and there is something about your particular situation which makes you want to object to processing on these grounds. You also have the right to object where we are processing your personal information for direct marketing purposes.
d) Restriction – request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you. For example, if you want us to establish its accuracy or the reason for processing it.
e) Transfer – request the transfer of your personal information to another party in certain formats, if practicable.
f) Complain – make a complaint to a supervisory body. In the UK, this is the Information Commissioner’s Office (ICO). The ICO can be contacted at: https://ico.org.uk/concerns.
(13) Access to Information
The GDPR and Data Protection Act 1998 (DPA), give you the right to access information held about you. You are also welcome to contact us to ensure your data is accurate and complete. Your right of access can be exercised in accordance with the DPA and the GDPR once it is in force.
Prior to 25th May 2018, any access request under the DPA will be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. A subject access request can be submitted to: email@example.com. No fee will apply once the GDPR comes into force.
(14) Changes to Our Privacy Notice
(15) Contacting Us
Any questions, comments or concerns regarding this policy (and our data protection processes in general), can be addressed for the attention of the Managing Director to: firstname.lastname@example.org
The Inspiring Representation responsible of the maintaining and reviewing this policy is:
Name: John Telfer
Position: Managing Director