Purpose and Scope
Marcuson Consulting Ltd trading as Marcuson Consulting (“we”, “us” or “our”) has created this privacy notice to demonstrate its commitment to comply with data protection laws in the UK.
We may process personal data captured directly or indirectly from several sources and for several purposes. For each purpose, the lawful basis of processing, use, disclosure, and retention periods are likely to differ. This privacy notice provides further details in the relevant sections below and includes information on the individual’s rights and how they may be exercised. Unless otherwise stated, Marcuson Consulting Ltd is the data controller.
Privacy information
Please select the relevant hyperlink below.
- Business contacts
- Clients and associated individuals
- Suppliers and associated individuals
- Other individuals
Cookies
A cookie is a small file of letters and numbers that is downloaded on to an individual’s computer when they visit a website. They are widely used to make websites work more efficiently and can provide useful information to the website owner.
We provide more details regarding our use of cookies on our Cookies page.
If individuals are uncomfortable with the use of cookies, most browsers provide the ability to block or manage these, however, blocking all cookies may impair the functionality of our website. After the end of a session on our site, individuals may also delete any downloaded cookies from their system cache.
Disclosure of personal data
Personal data we hold as a data controller is processed in the UK. We may also transfer personal data to third-party service providers that we use (e.g. cloud-based data backup). Where we use a third-party service provider who operates outside the EEA (e.g. an email marketing service to communicate with our business contacts), we have checked that the service provider is committed to a cross-border data transfer framework that provides adequate levels of privacy protection.
We will also release personal data if this is our legal obligation or if we are permitted to do so in accordance with applicable law or regulation.
We do not sell or rent personal data to third parties for the purposes of marketing their own products and services.
We have a framework of policies and procedures in place that covers data protection, confidentiality and security that we review on a regular basis. We also ensure our employees are appropriately trained according to this framework.
Individual rights
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data. This privacy notice complies with their right to be informed.
Right of access
Individuals have a right of access to personal data that we control so that they are aware of and can verify the lawfulness of our processing. This right may be exercised by emailing us at data-protection@marcuson.co. We will respond to any requests, at the latest, within one month of receipt, but we have the option to extend this period of compliance by a further two months where requests are complex or numerous.
Where requests are manifestly unfounded or excessive, especially if they are repetitive, we reserve the right to charge a reasonable fee for this request or to refuse this request. Where we refuse a request, we will provide an explanation without undue delay and at the latest within one month.
Right to rectification
Individuals have a right to have inaccurate personal data rectified. This right may be exercised by emailing us at data-protection@marcuson.co. Once we receive a request for rectification, we will take reasonable steps to satisfy ourselves that the data is accurate and to rectify the data if necessary, and then to confirm the action taken to the individual who made the request.
Right to object
Individuals have a right to object to our processing of their personal data however, this right is not absolute under certain circumstances. This right may be exercised by emailing us at data-protection@marcuson.co. We will respond without undue delay and at the latest within one month of receipt to inform the individual of the actions we have taken.
Further information on individual rights
Some rights may be subject to conditions set out in the data protection laws in the UK and may depend on the lawful basis of processing. In addition to the rights described above, individuals may also have the right to erasure, right to restrict processing, right to data portability. For individuals wishing to exercise any of these rights, please send an email to data-protection@marcuson.co.
Complaints
For individuals wishing to make a complaint to us relating to their personal data, please send an email to: data-protection@marcuson.co
Individuals also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”). For further information, please refer to the ICO website (https://ico.org.uk).
Privacy information
Business contacts
Personal data we collect
We process personal data about business contacts (and any individuals associated with them) within our management systems. These are collected through existing client relationships, leads and requests for quotes, networking events and other interactions across our professional career.
The personal data collected may include some or all the following:
- name,
- employer name and role, and
- business contact details (which may include their work email, address and telephone number).
- qualifications and affiliated professional bodies.
Purposes of collecting personal data and our lawful basis of processing
Personal data relating to business contacts are collected for the purposes of providing information about us and our range of services, and providing information in connection with matters we consider may be of interest to the individual (e.g. updates on our research and development efforts, and material from recent events hosted by Marcuson Consulting).
We rely on our legitimate interests as a business as the lawful basis for processing this data.
Retention periods
Personal data will be maintained on our management systems unless the individual requests otherwise or if we no longer consider it necessary.
Clients and associated individuals
Personal data we collect
We ask our clients not to provide personal details of the individuals to whom they provide services unless it is necessary to do so to fulfil the terms of engagement. Where it becomes necessary for us to process this type of personal data, depending on the purposes of our client engagements, we (as the data processor) will have the terms of the processing contractually agreed with our clients (as the data controller).
Notwithstanding the above, where we need to process personal data to provide professional services, these are limited to correspondence between our employees and our clients’ employees, sub-contractors and third-party service providers acting on the instruction of our clients. We ask our clients to provide the necessary privacy information directly to the relevant individuals regarding its use.
The personal data collected may include some or all the following:
- name,
- employer name and role,
- business contact details (which may include their work email, address and telephone number),
- qualifications and affiliated professional bodies.
Purposes of collecting personal data and our lawful basis of processing
We rely on our legitimate interests as a business (unless otherwise stated) to process personal data for the following purposes:
- Fulfilment of our client terms of engagement and running our business efficiently,
- Risk management activities in relation to our client take-on procedures,
- Information security scans to identify harmful emails,
- Compliance with our professional and legal obligations.
Retention periods
We retain the personal data that we process for as long as we consider necessary to comply with relevant legal requirements and to maintain adequate professional records. Under normal circumstances, our policy is to retain client information within our systems for a period of 7 years after the completion of any contractual agreements. After this time has expired, the data is erased except for when unusual circumstances arise such as assisting in on-going legal investigations.
Suppliers and associated individuals
Personal data we collect
We collect and process personal data about our suppliers (and their sub-contractors and other third-party service providers) to manage the relationship and to receive services from our suppliers.
The personal data collected may include some or all the following:
- name,
- employer name and role,
- business contact details (which may include their work email, address and telephone number),
- qualifications and affiliated professional bodies
Purposes of collecting personal data and our lawful basis of processing
Personal data is used to run our business efficiently. The purposes of collecting this data are:
- Manage and receive services provided by our suppliers (and associated individuals),
- Risk management activities in relation to our supplier take-on procedures,
- Information security scans to identify harmful emails,
- Compliance with our professional or legal obligations.
We will be processing data for these purposes for our legitimate Interests as a business, unless otherwise stated.
Retention periods
We retain the personal data that we process for as long as we consider necessary to comply with relevant legal requirements and to maintain adequate professional records. Under normal circumstances, our policy is to retain supplier contact information within our systems for a period of 7 years after the completion of any contractual agreements. After this time has expired, the data is erased except for when unusual circumstances arise such as assisting in on-going legal investigations.
Other individuals
We collect data from several other sources:
- Potential candidates for vacancies and work experience in our firm, or speculative applications. The personal data collected may include some or all the following: name, address, email address, contact telephone numbers, CV and professional qualifications. This information is used for recruitment purposes only.We do not usually collect any personal data from children (i.e. individuals under the age of 18). Where this does arise e.g. through unsolicited emails requesting work experience in our firm, we do not process the child’s personal data for the purposes of direct marketing. We have not identified any risks from our processing of this personal data that would affect their interests, rights and freedoms.
- Individuals who have contacted us with questions, complaints, or comments. We only use the data for the purposes of responding to the communication. The individual retains control of the personal data shared with us.
Unless otherwise stated, we rely on our legitimate interests as a business for processing this data. Our policy is to retain records for 7 years.
Changes to this privacy notice
This privacy notice is reviewed regularly in accordance with our responsibilities under the prevailing data protection laws in the UK.