Effective 25th May 2018
This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.rostoynbee.coachesconsole.com, www.rostoynbee.com, www.thecareercoach.co.uk, and www.toynbeeassociates.co.uk.
We take children’s privacy very seriously. This website should only be accessed by persons eighteen (18) years or older.
If you have any questions about this privacy notice, please contact the Data Controller using the details set out below:
Full name of legal entity: Ros Toynbee Associates Ltd
Name of our Data Controller: Ros Toynbee
Postal address: 72, Great Suffolk Street, London, SE1 0BL
Phone number: +44 (0)20 7702 9299
TYPES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU
Personally Identifiable Information means any information capable of identifying an individual. It does not include anonymized data.
We may process the following categories of Personally Identifiable Information about you:
LOGS AND ANALYTICS
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our website and services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information.
We collect analytics information when you use the website to help us improve the website and the services we provide. We may also share anonymous data about your actions on our website with third-party service providers of analytics services.
COOKIES AND OTHER TRACKING TECHNOLOGIES
INFORMATION THAT YOU PROVIDE US
We collect information you send us through various channels of communications such as: website forms, social media pages, email, text.
If you request to receive information or contact us by signing up through our website forms you will be required to provide information such as your name, email and phone number.
If you purchase a product or service from us, we request certain personal information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as creditor debit card information and expiration date). We use this information for billing purposes, to fill your orders and to keep records of such transactions. If we have trouble processing an order we will use this information to contact you.
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, criminal convictions and offences, information about your health and genetic and biometric data.
WHAT WE DO WITH YOUR INFORMATION
We may use the information we collect about you (including personal information, to the extent applicable) for a variety of purposes, including to:
(a) provide, operate, maintain, improve, and promote our products and services;
(b) enable you to access and use our services;
(c) process and complete transactions, and send you related information, including purchase confirmations and invoices;
(d) send transactional messages, including responses to your comments, questions, and requests; provide customer service, support and administrative messages;
(e) send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners.
You can opt-out of receiving marketing communications from us by contacting us at firstname.lastname@example.org and email@example.com or following the unsubscribe instructions included in our marketing communications;
(f) monitor and analyse trends, usage, and activities in connection with the website and Services and for marketing or advertising purposes;
(g) investigate and prevent fraudulent transactions, unauthorized access to our services, and other illegal activities;
(h) personalize the website and services, including by providing features or advertisements that match your interests and preferences; and
(i) for other purposes for which we obtain your consent.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us, requested an initial consultation or career review from us, purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the Career Coach group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at firstname.lastname@example.org or email@example.com at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase.
DISCLOSURES OF YOUR PERSONAL INFORMATION
As a general rule, we will not share, sell, rent or trade your data with third parties without your permission. However, there are some important exceptions to this rule that are described in the following paragraphs.
We may, in our sole discretion, provide information about you as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or other legal process for purposes of fraud investigations, alleged intellectual property infringement, or any other suspected illegal activity or matters that may expose us to legal liability.
Although we do not disclose individually identifiable information, we may disclose aggregate data about our website’s visitors to advertisers or other third parties for marketing and promotional purposes.
We share information, including personal information, with our third-party service providers that we use to provide hosting for and maintenance of our website, application development, backup, storage, payment processing, analytics and other services for us. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us.
If we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal information will likely be among the assets transferred. You will be notified via email and/or prominent notice on our website for 30 days of any such change in ownership or control of your personal information.
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
When you enter sensitive information (such as a credit card number) on order forms that are hosted by our PCI compliant third-party service providers, the transmission of that information is encrypted using secure socket layer technology (SSL).
ADDITIONAL RIGHTS FOR EEA AND CERTAIN OTHER TERRITORIES:
If you are from certain territories (such as the EEA), you may have the right to exercise additional rights available to you under applicable laws, including:
Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Right to object to processing: You may have the right to request that we stop processing your personal information and/or to stop sending you marketing communications.
Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
Request access to your personal data: (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of your personal data: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Right to withdraw consent: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to exercise such rights, please contact us at firstname.lastname@example.org or email@example.com. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here.
LEGAL BASIS FOR PROCESSING (EEA ONLY)
If you are an individual from the European Economic Area (EEA), our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where:
(a) we have your consent to do so,
(b) where we need the personal information to perform a contract with you (e.g. to deliver the Services you have requested), or
(c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on your consent before its withdrawal.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our (or a third party’s) legitimate interests which are not already described in this notice, we will make clear to you at the relevant time what those legitimate interests are.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org or email@example.com .
LINKS TO OTHER SITES
Our website contains links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other sites.
We encourage you to be aware when you leave our website and to read the privacy policies of each and every website that collects personal information.
This Policy applies only to information collected by our website.
We may update this Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Any questions or concerns about this policy should be brought to our attention by sending an email to firstname.lastname@example.org or email@example.com and providing us with information relating to your concern.
ROS TOYNBEE ASSOCIATES LTD is registered with the Information Commissioner’s Office under registration reference: Z2783968