Factum Privacy Notice
At Factum, we recognize our responsibility to respect your privacy and, therefore, to protect and control how we store, access, and process your personal data.
This Privacy Notice is effective as of 25 May 2018 to comply with data protection laws and sets out your rights under the new laws.
The new data protection laws state that we should only collect, store and process personal data if we have a valid reason to do so.
This Privacy Notice explains what personal data we collect, how we use your personal data, any reasons why we may need to disclose your personal data to others, and how we store your personal data securely.
All reasonable efforts shall be taken to make this Privacy Notice available to you at the point of collection of your personal data.
Be aware this Privacy Notice is subject to change, and Factum retains the right to make amendments to this Privacy Notice from time to time, with no explicit notice. It is your responsibility to check this Privacy Notice prior to providing us with your data for the most up-to-date version.
At all times, Factum may be both data controller and data processor for your personal data, depending on the circumstances of data use.
Factum Limited is a management consultancy and IT and professional services provider based in Chelmsford, Essex, England.
Factum Limited is a limited liability company registered in England under registered number 8000563, with its registered address at Factum House, 51 Albemarle Link, Chelmsford, Essex, CM1 6AH, England.
Factum Consulting Limited is a management consultancy and IT and professional services provider based in Houston, Texas, U.S.A.
Factum Consulting is a limited liability company registered with the Secretary of State in Texas and operating with a US Federal Tax Id number of 46-2313472.
This Privacy Notice wholly covers both Factum Limited and Factum Consulting Limited.
Andrew de Bray is the appointed Data Protection Officer for Factum Limited and Factum Consulting Limited.
Why do we collect personal data?
Reasons for us collecting your personal data include, but are not limited to, employment and recruitment processes; performance of a contract; billing, invoice, and payment processes; advising you on our products and services; and contacting you for customer service purposes.
What personal data do we collect?
Personal data we collect may include, but is not limited to, names, telephone numbers, email addresses, postal addresses, bank details, payment information, and social media links.
We may also keep details of your visits to our website including, but not limited to, IP addresses, traffic data, location data, weblogs, and other communication data. We also retain records of your written queries and correspondence, in the event you contact us.
How do we collect personal data from you?
We receive information about you when you visit our website; complete the “Contact Us” form on our website; contact us by phone, email, or other electronic media when enquiring about any of our products and services; or during the purchasing of any such product or service.
If, in your communications with us, you provide us with personal data about a third party (for example, when emailing us information on someone else’s behalf), you warrant that you have obtained the consent from the third party for the disclosure and use of their personal data.
What do we do with your data?
We use your personal data and information in the following ways:
- Explain our products and services to you, and to advise you of updates to our products and services, where you have initiated an enquiry or consented to be contacted
- Discuss and negotiate business opportunities with you
- Execute on our contractual obligations we have with you
- Manage our accounting processes, including processing inbound and outbound payments and statements of account
- Provide and improve client service and support, including responding to your requests if you contact us with a query
- Conduct recruitment and supplier hiring processes
- Assist us with reviewing, developing, and improving our website and services
- Enable marketing and promotional activity
We assure you that your personal data shall only be used for the purposes listed above. If, for any reason, we use your personal data and information in a way that is not listed above, we will obtain your consent before doing so.
What don’t we do with your data?
Factum is not a data provider, reseller or provider of data services. Factum will not use your data in any of the following ways:
- Sell your data to third parties for any reason
- Provide your data at no charge to third parties for any reason
- Publish or make available your data to the general public
Factum will not pass your information on to any third party without your prior consent.
Factum may share your personal data if we are under a legal duty to disclose data, or to protect the rights, property, or safety of Factum, our customers, or any other affected party. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
How long will we keep your data?
Factum shall retain your data only for as long as necessary in accordance with applicable laws. The retention period for your personal data may vary depending on the reason and how it was collected.
We may keep your data for up to 7 years after you have supplied it to us, and we may not be able to delete your data before this time due to any legal and or accountancy obligations.
Factum will keep your personal data for the duration of the period you are a customer or client of Factum, but if collected for a single purpose (such as recruiting for a position), Factum may, at its discretion and if not required to be retained for any legal or accounting reason, destroy the data immediately after its use.
Who has access to your personal data?
Personal data is not widely available within Factum. Only those employees requiring access to conduct their job will have access to data. However, this does include third parties such as sub-contractors, temporary staff, or other suppliers who have been contracted by Factum and who need access to conduct their role.
Such entities may be hired to assist Factum in its operational duties, such as accounting, provision of products and services, etc., or in a support capacity, such as email and website hosting, marketing materials preparation, etc.
Access to data will be on a pre-approved basis only, and whether permanent or not, this Privacy Notice shall apply in all cases.
Factum’s IT and data processing systems are all hosted in the UK, but your data may be sent to and processed by employees and third party suppliers both within and outside of the European Economic Area (EEA).
Your rights and entitlements
You are entitled at any time to contact Factum and request we destroy all personal data held. Unless for a legal necessity, Factum will comply with that request.
However, in preventing Factum from using or processing your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your products and services.
You have the right to ask us not to process your personal data for marketing purposes. We will not contact you for marketing purposes unless you have given us your prior consent.
You also have the right to object to our use of your personal data, or ask us to delete, remove, or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but do inform us if you think we are retaining or using your personal data incorrectly.
Accessing and updating your data
You have the right to access the information we hold about you. Please email your requests to email@example.com so that we can provide this information for you.
By using our website, you consent to the use of our cookies in the manner stated above.
Links to other sites
Factum may, at times, provide links to third party websites. Factum has no control over these websites, so it is encouraged you review the privacy policies of these third party websites. Any information that is supplied on these websites is outside of Factum’s control, and we cannot be held responsible for the privacy policies and practices of these websites.
Where we store your personal data
We follow accepted IT industry standards to store and protect the personal data we collect, including the use of encryption, if appropriate.
All information you provide to us is stored on our secured servers within the EEA. From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of Factum’s products and services. The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed to abide by European levels of data protection with respect to the transfer, processing, and storage of any personal data.
By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice.
As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our website, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. Do not share your password with anyone, as doing so will represent your consent for that third party to access our website using your credentials. In this case, we cannot be held responsible for any liability or damages incurred by the third party’s actions.
We agree to take reasonable measures to protect your data in accordance with applicable laws.
Data loss, unintentional publication, or privacy breach
If there is an event that results in the loss of your data, the unintentional release or publication of your data, or your data is copied or removed via a breach of our systems or processes, we are obliged to comply with the stipulations of the applicable data protection laws where necessary.
Please e-mail any questions or comments you have about privacy to us at firstname.lastname@example.org.
Your right to make a complaint
If you are unsatisfied with any aspect of our data privacy process, you have the right to make a complaint. Please contact the government appointed Information Commissioner, based at the Information Commissioner’s Office.
0303 123 1113
Information Commissioner’s Office