PEN Partnership Limited CRM Privacy Statement
Personal Data – Privacy Statement
This Privacy Statement lays out how PEN treats client and prospective client personal data (where ‘client’ refers to all of the following; client organisation, Third-Party Administrator or Vendor, or third party such as recruitment agencies and industry bodies), and what rights PEN’s clients have in relation to this information.
In respect of the processing of your personal data in line with this Privacy Statement, PEN Partnership Limited acts as a controller for the personal data they process and comply with the associated requirements as laid out under the General Data Protection Regulation (GDPR) and other data protection laws and regulations.
1.1. Categories of personal data
When we refer to “personal data” we mean any data relating to an identified or identifiable individual. This could include information that could identify an individual, directly or indirectly, in particular, by reference to an identifier such as a name, ID number, location data or online identifier. It also includes factors specific to an individual’s characteristics.
PEN collects limited personal data on its clients; and this primarily encompasses the following types of information:
• contact and organisation related material such as an individual’s work email and business role;
• business communications, such as email exchanges or in-person meetings.
1.2. Sources of personal data
We collect your personal data during the course of your dealings with us. For example, when you engage with us in respect of a project we are undertaking for your organisation. Otherwise, we gather information about you when you provide it to us, for example when you correspond with your contacts within PEN.
We may also receive information about you from other sources, such as directly from your organisation or via online resources including LinkedIn and other publicly available sources. We combine information about you from various sources, including the information that you have provided to us directly.
1.3. Purposes of processing
PEN collects client personal data for the following purposes:
• to manage past, current and future business engagements;
• to send information such as engagement related proposals and materials, industry relevant information (such as regulatory digest newsletters), event invitations;
• direct marketing communications; and
• to comply with our legal and regulatory obligations.
If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by emailing us at firstname.lastname@example.org
1.4. Lawful basis for processing
PEN collects, uses, processes and discloses personal data in accordance with applicable data protection and privacy laws. We process personal data on the following bases:
• for legitimate business purposes, including ensuring that PEN (i) is able to maintain its relationships with existing clients, (ii) is able to manage past, current and future client engagements and(iii) to promote its services and products;
• for the performance of a contract that we have entered into with our client;
• consent, where required by law (including marketing to individuals in a personal capacity by email or SMS).
1.5. Data recipients
Your personal data may be shared with certain third parties such as:
• service providers that provide services on our behalf, including IT service providers;
• legal and other professional advisors and auditors; and
• regulators and law enforcement agencies.
Where third parties are given access to your personal data, PEN will take the required contractual, technical and organisational measures to ensure that your personal data is only processed to the extent necessary.
1.6. Retention period
PEN will only hold your personal data for as long as required to undertake the purposes of our processing, plus a prescribed period of time as required by national laws in your jurisdiction.
We hold personal data about our clients for the following periods:
• We will only retain your personal information for as long as necessary taking into account the requirements of applicable data protection laws and the purpose for which the personal information is collected and used;
• Data relating to clients will be retained for the duration of the client relationship plus a further period to comply with certain obligations, legal requirements and best practices.
We will also retain your personal data for as long as necessary in connection with legal action or any investigations involving PEN.
1.7. Individual data rights
Individuals may have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, if your personal data is processed by PEN in respect of our client relationship activities, you may have the following rights:
• to receive confirmation from PEN as to whether we process your personal data, and where we do, access to that personal data and certain other information;
• to request the rectification of any inaccurate personal data that we hold about you;
• to request the erasure of your personal data in certain circumstances;
• to request the restriction of our processing of your personal data in certain other circumstances, for example in certain scenarios where we are unable to comply with a request to erase your personal data;
• to receive a copy of the personal data that you have provided to PEN in a structured, machine-readable and commonly-used format and/or, where possible, to request we transmit that personal data to another organisation;
• to object to certain processing of your personal data and to automated decision making and where our processing is based on your consent, you have the right to withdraw consent at any time by contacting us.
Where you are given the option to share your personal data with us, you can always choose not to do so. If you object to the processing of your personal data, we will respect that choice in accordance with its legal obligations. This could mean that we are unable to perform the actions necessary to achieve the purposes of processing described in the Purposes of Processing section above
1.8. Right to lodge a complaint with a supervisory authority
Under the GDPR, individuals have the right to lodge a complaint with their local data protection authority or the Information Commissioner’s Office.
1.9. Contact us
Please feel free to contact PEN if you have any questions about this Privacy Statement or any of PEN’s practices in relation to your personal data. Clients should direct requests to their primary contact at PEN in the first instance, whether this is to seek further information or to exercise any of your statutory rights.
You can contact us by emailing email@example.com