Privacy Notice

Your privacy is our passion!

Who are we and how can you contact us?

We are Green DPO Services Limited and we run this website. If you have any questions, would like more information on how we handle information about you, or just want to chat privacy, we would love to hear from you. Please email: hello@greendpo.com

We decided to make our website straightforward and informational only. This means, when you interact with our site, we do not to collect any personal information about you, including via the use of cookies.

When do we collect information about you and what do we collect?

Our website is aimed at companies, sole traders, partnerships, individuals, who seek assistance in data protection.

To provide expert data protection virtually, we collect information about you when you contact us and as our business relationship progresses. This information is primarily contact information and any other information you choose to send us. We are huge supporters of data minimisation, so please think before you send us any personal information and whether it is necessary to do so. This privacy notice sets out how we handle the limited personal information we do process and the rights you have in connection with this personal information.

How do we use your information?

We will use your personal information to contact you (obviously!) and to provide services to you. We may also use it for direct marketing purposes, only if we have your agreement.

We process your personal information where we have a legal basis for doing do, and this is determined by the purpose of our processing. We process your personal information on the following legal bases:

• it is necessary to fulfil a request you have made as an existing or prospective client relating to our provision of our services (e.g., to enter into a contract with you);

• you have provided your consent (e.g., to receive newsletters or information about our services);

• it is necessary for compliance with a legal obligation (e.g., responding to a court order); or

• because it is in our legitimate interests to do so (and these are not overridden by the impact on your privacy or other rights). Our legitimate interests include the provision of our services and raising awareness about our services.

Who do we share your personal information with?

We will share your personal information with:

• Our third-party service providers e.g., cloud computing providers who provide our IT infrastructure and support.

• Other privacy consultants (only with your agreement).

• Government agencies or other authorised bodies where permitted or required by law.

• Any successor to all or part of our business.

What about our information security?

We have appropriate technical and organisational security measures in place to protect the personal information we collect from you.

How long do we keep your information?

We only keep your information for as long as we need to. In practice this means: if you contact us and do not become a client, we will securely delete your information after 12 months from our last contact; if you contact us and do become a client, we will retain your information for the duration of your engagement with us plus seven years thereafter. This is for tax and possible legal claims purposes. When we no longer need to keep your personal information, we securely delete it and securely destroy any hard copies.

Do we transfer your information outside of the UK?

Yes, your personal information is transferred to, stored-in and accessed from Germany and the Netherlands.

Should we transfer personal information outside of the UK or Europe, we will take legally required steps to ensure that appropriate safeguards are in place to protect it. Please contact us if you would like an explanation of the basis on which we have transferred your personal information and, where relevant, to request a copy of the legal safeguards which we have put in place.

Your rights

You have rights over how your personal information is used. These are:

• The right to object to our processing of information about you.

• The right to request that your information be erased or restricted from further use.

• The right to request a copy of the information we hold about you.

• The right to correct, amend or update information about you.

• The right to data portability, meaning you can ask us to provide the personal information you have given us back to you in a structured, commonly used, machine readable format, so you can, for example, send that information to another service provider

• The right to contest any automated decision we make about you. An automated decision is a decision taken without any human intervention which has legal consequences (e.g., credit checking). We do not carry out automated decision making but, if we do, we will let you know.

• To make a complaint to your data protection regulator, for example, if you think we have processed your personal data in a way you consider is unlawful or breaches your rights. For the UK, that’s the Information Commissioner’s Office (www.ico.org.uk). We encourage you to contact us first as we would like to resolve your concerns directly with you.

To exercise any of the above rights please email hello@greendpo.com. We carefully assess every request, but there may be reasons we cannot comply. Should this happen, we will explain why. In any event, we will usually respond to your request within one month.

Updates to this Privacy Notice

We will update this Privacy Notice from time to time. We include the version number and date of the last amendment below.

Version 1.0

Date: 1 December 2020