GDPR – Clients
Use and collection of personal information
DOHR collects and processes a range of information about you personally and your business/employer. This may include:
- Information by which you can be personally identified, such as your name, company address, company contact details including but not limited to email addresses and telephone numbers. Where you use your personal email or contact numbers for work purposes, these are the details we will hold.
- Information which does not identify you such as technical information which may be provided to us automatically as you navigate through the website (e.g. usage details, location-based information) and from third parties, for example, our business partners.
We collect this information in a variety of ways, including:
- through referrals passed to us at our business networking activities
- by you submitting your details on our website, online adverts or landing pages
- by you engaging with us on social media platforms
- meeting you face to face
- you calling our offices
- meeting you at exhibitions
- you entering competitions
Data will be stored in our commercially available cloud-based IT systems to enable us to support our clients properly and fully.
Your knowledge and consent of our collection, use and disclosure of your information is critical so we can provide services to you. We rely on any of the following actions by you as indications of your consent:
- your voluntary provision of your contact details
- your express consent or acknowledgment contained within our terms of business
- your acceptance of this privacy statement which will be notified to you
until such time as you notify us in writing of withdrawal of this consent.
Where direct consent is not required from you, we may process your personal information if it is necessary for the performance of a contract or to enter into a contractual relationship with you or if it is necessary for genuine and legitimate business interests.
We may use information that you provide, including any personal information to:
- provide our products or services to you
- provie you with details or information regarding the products or services that you need depending on the type of service you use
- to provide you with invoices or details regarding your account
- to carry out our obligations and enforce our rights arising out of our terms of business including for billing and collection
- to notify you about changes to our products or services
- in any other way we may describe when you provide the information or for any other purpose with your consent.
We may disclose your personal information to third parties:
- In the event you have requested services from any of our third-party suppliers;
- In the event we sell or buy any business or part of the business or assets, in which case we might disclose your personal data to the prospective buyer or seller;
- To enforce or apply our terms of business or any other agreement with you;
- If we are under a legal duty to disclose or share your data to comply with or meet any legal obligation;
- If we believe disclosure is necessary or appropriate to protect the rights, property or safety of our clients, past or future such as disclosing information with other companies and organisations for the purpose of fraud protection;
- Third-party vendors who we use to support our business and help provide end services to you, including but not limited to health and safety specialist, pension providers, payroll, credit card processing and other billing service providers. We may also authorise third-party vendors to collect information on our behalf, including to facilitate the delivery of online advertising tailored to your interests. Third-party vendors may have access to collect information only as needed to perform their function and are not permitted to share or use the information for any other purpose;
- From time to time we may run special offers or other events or activities together with a third-party partner. If you provide information to such third parties, you give them permission to use it for that purpose;
- For any other purpose disclosed by us when you provide the information or with your consent
Who has access to data?
Your information may be shared internally with DOHR and to third parties as detailed above. In those circumstances, the data will be subject to confidentiality arrangements and security protections.
The organisation will not transfer your data to countries outside the EEA.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal technical and organisational measures in place to protect any personal information we process about you to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees or contractors in the performance of their duties. All information you provide to us is stored in password-protected systems.
Any payment transactions are made through a third party payment provider (currently GoCardless) and all of your payment details are entered and maintained by you in their system. We do not have access to your payment details. You are protected by the direct debit guarantee.
Unfortunately, no data transmission over the internet is guaranteed to be 100% secure and as a result, you acknowledge that there are security and privacy limitations of the internet which are beyond our control.
The safety and security of your information is also dependant on you. Where we have given you (or where you have chosen) a password for access to documents, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone and keep your account information secure. We will change passwords on an ad-hoc basis to afford your data greater protection.
In the event that personal data is compromised as a result of breach of security, we will notify those persons in accordance with the notification procedure set forth in this privacy statement or as otherwise required by applicable law.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
How long does the organisation keep data?
If you leave the business
As your data is held on behalf of the organisation you work for, if you leave the employer your details will be updated so that the company records are maintained, but your personal data will no longer be held for this purpose.
If you have connected with us on social media your data will be maintained within those systems and the obligation for content and privacy reverts to you.
If DOHR are no longer providing the business with services
Where we have been providing services to your business/employer, we have a legitimate business need to maintain accurate records of all the advice and support we have provided to the business and therefore records will be maintained.
Contact and Communication
Users contacting the organisation’s website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as required by law. Every effort has been made to ensure a safe and secure email submission process, but we advise users using such forms that they do so at their own risk.
The website and its owners use any information submitted to provide you with further information about the products/services we offer or to assist you in answering any questions or queries you may have submitted.
As a client, we will use your contact details to send you items in the post. These include but are not limited to:
- Quarterly newsletters
- Special offers
- Promotional merchandise
- Seasonal gifts
- Invoices and Statements of Account
- Products and services
- Notification letters
At DOHR we issue electronic newsletters via our CRM system (currently Infusionsoft). These are used to ensure clients are made aware of topical issues which may impact their business. The newsletters may also include information about products and services supplied by DOHR. All clients are automatically subscribed as this is part of the service we offer, but all users have the ability to unsubscribe if desired. Clients must be aware that their data will still be held to enable us to deliver our services to you, but you will no longer receive email newsletters and this communication is not generally available in any other format or media, although on occasion the newsletter or content will be on our website.
Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity. This is by no means a comprehensive list.
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed in the footer of each email campaign.
What if you do not provide personal data?
As a client, we are unable to provide our services to you and your business/employer unless we have some contact details for you and in some instances for your staff. We retain the right to withdraw our services if you do not wish to share your details with us or keep them updated.
You are obliged to provide us with data if you wish to receive information or contract with us for the provision of goods or services. Certain information, such as names, address and contact details must be provided to enable us to provide this service to you.