Leaman Crellin Limited is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data. Leaman Crellin Limited processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this statement.
Our approach to privacy
We may collect personal identification information from visitors to our website when they use our site and when they submit an enquiry via the contact form on our website. We will collect personal identification information if they voluntarily submit such information to us.
We act primarily as a data processor for our clients. This means that we do not control the collection, use and storage of personal data provided to us by our clients, other than to carry out our obligations under our contracts with them, in accordance with the terms of those contracts. Consequently if we are processing personal data supplied to us by a client and a data subject raises a query with us, we will refer that query to our client rather than deal with it ourselves.
Should there be circumstances where we are not acting as a data processor for our clients, Leaman Crellin Limited would be the controller and responsible for any personal data.
What type of information we have
We currently collect and process the following information:
Personal identification information such as personal identifiers, contacts and characteristics (for example, name and contact details)
Transaction data such as payments made to and from you, services you have obtained from us, as well as your usage of our website and services.
Technical data such as information from your visit to our website that may include your IP address, browser type, time zone and location.
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
You have made direct contact with us: completion of our online contact form, sent us an email or letter, contacted us by telephone or in person.
You have used our services or attended an event in which we have both participated.
We also receive personal information indirectly when you log onto our website and our systems have collected cookies or similar which capture technical data. We have obtained data from a third party or public source.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
We have a contractual obligation.
If we need it to comply with a legal obligation.
We have a legitimate interest that is not overridden by your interests or fundamental rights and freedoms.
If you have consented to us from doing so. You are able to remove your consent at any time. You can do this by contacting email@example.com
What we do with the information we have
We use the information that you have given us in order to deliver compliance consultancy and training services.
We may also use your personal data to inform you about our services and informational updates such as, about regulatory developments.
We do not sell or trade personal information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners and trusted affiliates for the purposes outlined above.
How we store your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of any personal information that we may hold.
Your data protection rights
Under data protection law, you have rights over your personal data, including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
We hope that you won’t ever need to complain and that if you do we can resolve it with you. If you do want to complain about our use of personal data you can send an email to email@example.com with the details of your complaint. We will look into and respond to any complaints we receive.
You have the right to complain to the UK data protection regulator, the Information Commissioner’s Office, if you are unhappy with how we have used your data. The ICO’s address:
Information Commissioner’s Office
For further information on your rights and how to complain to the ICO, please refer to their website: https://ico.org.uk/your-data-matters/raising-concerns/