DigiBlu Partners; DigiBlu UK; together (“DigiBlu”) or (We”) or (“Us”) Privacy Notice (Tier 4)
Reference: GDPR REC 4.1
Issue No: 1.0
Issue Date: 11/06/2020
All data subjects whose personal data is collected, in line with the requirements of the GDPR.
2.1 David Williams is the Data Protection and GDPR Officer for DigiBlu and is responsible for ensuring that this notice is made available to data subjects prior to DigiBlu collecting/processing their personal data.
2.2 All Employees of DigiBlu who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
3. Privacy notice
3.1 Who are We?
DigiBlu works in partnership with its clients to develop, deploy and manage Intelligent Automation (“IA”) solutions. The Robotic Process Automation (“RPA”) of Digital Workforces allows automation of client repetitive processes. This ensures higher service delivery consistency and helps smooth the ability to cope with the peaks and troughs in delivering services to the end users of our clients. This ensures consistent delivery within the client target timescales of a quality customer service irrespective of peaks in demand for service delivery.
Our Data Protection and GDPR Officer and data protection representatives can be contacted directly at email@example.com.
The personal data We would like to collect from you and process is the least amount of data that is possible to fulfil what you have requested Us to provide.
If your organisation has entered into a business relationship or is contemplated doing so then We will collect and store only that information which We reasonably require to collect and store to engage in normal business communications with your organisation, including:
Name, Job Title, Business Address, email address, telephone number(s) provided you or your organisation have provided Us with these details.
If you have specifically given your permission by ticking a box when you Use our Web site to confirm that We may contact you, or you ask Us to provide you with information then We will fulfil such requests using your personal data. If you give your permission for Us to store information for the purposes of sending you details of our products and services then We may from time to time provide you with such information. You are free to “opt out” of receiving such information at any time.
Our legal basis for processing the personal data:
It is essential for business engagement between our respective organisations.
You or a colleague have specifically provided your contact details and asked Us to communicate with you and store your details until either We no longer require to hold that information for a legitimate purpose or you ask Us to cease to hold or communicate with you Using that information.
You have communicated through a third party such as one of our business partners that you have expressed an interest in the products and or services that We offer.
Any legitimate interests pursued by Us, or third parties to provide business communications:
For the purposes of delivering products and services.
In response to business enquiries.
For the provision of ongoing maintenance and support of existing services.
Please note that We will not collect or store any special categories of personal data.
By consenting to this privacy notice you are giving Us permission to process your personal data specifically for the purposes identified.
Consent is required for DigiBlu to process both types of personal data, but it must be explicitly given. We will not in the ordinary course of business ask you to provide sensitive personal data.
You may withdraw consent at any time by following a link on our web site to “Unsubscribe” you from receiving marketing, promotional and or technical briefing papers from Us. Alternatively, you can communicate your preferences to our Data Protection and GDPR Officer.
DigiBlu will not pass on your personal data to third parties without your specific prior consent.
3.3 Retention period
DigiBlu will process personal data for a period not exceeding seven years and shall only retain your personal data beyond that period if the reason for which the data was collected prevails. In the event that We cease to have the need to store your personal data for the purpose for which it was collected or if you ask Us to then We will remove your personal data from our record system as soon as is practicable.
3.4 Your rights as a data subject
At any point while We are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request a copy of the information that We hold about you.
Right of rectification – you have a right to correct data that We hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data We hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data We hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review: in the event that DigiBlu refuses your request under rights of access, We will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.
All of the above requests will be forwarded on should there be a third party involved (as stated in 3.4 above) in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being stored or processed by DigiBlu (or third parties as described in 3.4 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and or DigiBlu’s data protection representatives or Data Protection and GDPR Officer.
The details for each of these contacts are:
Supervisory authority contact details
Information Commissioner’s Office
+44 303 123 1113
Data Protection Officer and GDPR Owner contact details
The Hamilton Centre, Suite 3, Floor 1
3.5 Privacy Statement
Read more about how and why We Use your data in our Privacy Statement below.
4. Online privacy statement
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
How We Use your information
This privacy notice tells you how We, DigiBlu, will collect and Use your personal data for the purposes set out above.
Why does DigiBlu need to collect and store personal data?
For Us to provide you with information relating to our products and services We need to collect personal data. We are committed to ensuring that the information We collect and Use is appropriate for this purpose, and does not constitute an invasion of your privacy. In the eventuality that DigiBlu wished to contact you for marketing purposes then We would contact you for additional consent.
Will DigiBlu share my personal data with anyone else?
We may pass your personal data on to third-party service providers contracted to DigiBlu in the course of dealing with you. Any third parties that We may share your data with are obliged to keep your details securely, and to Use them only to fulfil any products or services that you or your organisation have asked Us to provide. When they no longer need your data to fulfil this service, they will dispose of the details in line with DigiBlu’s procedures. We will not collect or store sensitive personal data so there is no risk of Us passing on any such information to a third party.
How will DigiBlu Use the personal data it collects about me?
DigiBlu will process (collect, store and Use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. In certain circumstances, DigiBlu is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will DigiBlu contact me?
Our aim is not to be intrusive and We undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Can I find out the personal data that the organisation holds about me?
DigiBlu at your request, can confirm what information We hold about you and how it is processed. If DigiBlu does hold personal data about you, you can request the following information:
Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
Contact details of the Data Protection and GDPR Officer, where applicable.
The purpose of and legal basis for processing.
If the processing is based on the legitimate interests of DigiBlu or a third party, information about those interests.
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
If We intend to transfer the personal data to a country outside of the UK and or EU then our assurance as to how we ensure that it will be treated in all respects to at least the same standard as that required to comply with the GDPR regulations and how We ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, We will ensure there are specific measures in place to secure your information. • How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority.
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
DigiBlu accepts the following forms of ID when information on your personal data is requested: Valid in date passport, plus one other form of identification, for example driving licence, birth certificate, utility bill issued within the last three months.
Contact details of the [Data Protection Officer (DPO)] / [GDPR Owner]:
Data Protection Officer and GDPR Owner contact details
The Hamilton Centre, Floor One, Suite Three
Document Owner and Approval
The Data Protection and GDPR Officer is the owner of this document and is responsible for ensuring that this record is reviewed in line with the review requirements of GDPR.
A current version of this document is available to all employees of DigiBlu.
Date: 11 June 2020