Privacy Policy May 2018
This privacy policy has been put in place to protect your privacy and personal data and to advise you of how we look after your personal data and to notify you of your privacy rights and how the law protects you.
Who we are:
Extended Mind is a limited company based in England and Wales and our Company Registration Number is 8566012.
Should you have any questions relating to this privacy policy (including exercising any of your rights under GDPR), please contact us at:
Email: gdpr@extendedmind.com
Post: Extended Mind Ltd, Sanderum House, 38 Oakley Road, Chinnor, Oxon, OX39 4TW
You have a right to make a complaint at any time to the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would appreciate you contacting us first, if you have a complaint, so that we may have a chance to deal with your concerns.
What data we collect:
We only collect basic information necessary to carry out our business. The following information may be collected and defined as “personal data”:
- Personal Detail (forename, surname, email address, phone number, gender)
- Business Details (company, role, location)
- Business Activities (profiles completed, workshop and event interested in)
We do not collect any “special categories” of personal data about you (this covers race, ethnicity, religion, political opinions, trade union membership, information regarding your health, genetic or biometric data). Nor do we collect information regarding criminal convictions and offences.
What is the source of the data we hold?
We collected your personal data
- Directly from you as a client (or your employer) or a supplier
- Directly from you through contact at workshops, seminars or conferences
- From a broker who we work with
How we use your data:
We use your data:
- Clients:
- To perform psychological and psychometric profiles, analysis and summary reports (as requested by the client with GDPR compliant suppliers)
- To email newsletters and notification of planned and proposed events and workshops
- Internal marketing research
- Friends and Suppliers
- To email newsletters and notification of planned events and workshops
- Internal marketing research
If at any point you no longer wish for us to be in contact with you then let us know and we won’t.
We will only use your data because we have a legitimate business interest or where you agree to it.
Who we share your data with:
Extended Mind uses proprietary and third party tools for assessment and development services. Where we use in-house tools (for example, The Collaboration Profile), we do not share any data as all processing is done by Extended Mind. Where we use a third party partner (e.g. SHL or Saville Consulting), we only share email addresses and names to facilitate the generation of profiles that are run on their software. They have policies that are GDPR compliant and which guarantee that no data is shared with other organisations.
We never share your personal data with third parties for marketing purposes.
How we keep your data secure:
We have taken appropriate measures to ensure your personal data is safe and secure. We limit access to your personal data to those employees, associates and third parties who require access to be able to perform their duties and they are bound by our instructions to them and are bound by confidentiality.
We will notify you and any applicable regulators of a breach where we are legally required to do so.
How long we keep your data:
Unless requested otherwise by yourself we will keep your data for 3 years following your last contact. The purpose of the data retention is to respond to specific client requests that relate to the original project. After this time period we will securely delete your data.
Your rights:
If you no longer wish us to contact you then please send us a request at gdpr@extendedmind.com.
As a security measure we may request specific information from you to ensure that personal data is not disclosed to any person who has no right to receive it.
If you would like to view any or all of data we hold, again, please ask us. We will try to comply with all data requests within 14 days, however, this may take longer if your request is complex or you have made multiple requests. If this is the case, we will contact you and keep you updated.
To ensure the security of your personal data we may ask you for specific information to aid us in confirming our identity. We don’t want your personal data being disclosed to any person who has no right to receive it. We may also contact you to request additional information regarding your request to be able to improve our response time.