ONE BIG IDEA
Date of last revision: 22 May 2018
One Big Idea (OBI) is committed to protecting and respecting your privacy. This policy explains how OBI collects, stores, uses and shares personal data.
OBI does not provide services for children and we do not knowingly collect data relating to children.
This policy is issued by OBI and is addressed to individuals outside our organisation with whom we interact, including visitors to our website and other users of our services.
For the purposes of this policy, OBI is the Controller. Contact details are provided under the “Contact Details” section below.
This policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law.
PROCESSING YOUR PERSONAL DATA
Collection of personal data: We may collect personal data about you, such as your name, address and contact details. Examples of sources from which we may collect personal data include the following:
- When you provide it to us (e.g., where you contact us via email or telephone, or by any other means);
- In the ordinary course of our relationship with you;
- We may collect personal data that you manifestly choose to make public;
- From third parties who provide it to us.
Creation of personal data: We may also create personal data about you from your interactions with us.
Categories of personal data: We may collect use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data: this may include given name(s), preferred name, title and job title;
- Contact details: telephone number; address; email address; and LinkedIn profile details;
- Profile data: professional profile; association memberships; company insight data; your interests, preferences and feedback;
- Financial details: where applicable bank account details and payments made/received;
- Usage data: how you use our services.
Lawful basis for processing personal data: In processing your personal data in connection with the purposes set out in this policy, we may rely on one or more of the following legal bases, depending on the circumstances:
- We have obtained your prior express consent to the processing;
- The processing is necessary in connection with any contract that you may enter into with us;
- The processing is required by applicable law;
- The processing is necessary to protect the vital interests of any individual; or
- The processing is necessary for our legitimate interests or the legitimate interests of a 3rd party unless there is a good reason to protect the individuals personal data which overrides those legitimate interests.
Purposes for which we may process your personal data: The purposes for which we may process personal data, subject to applicable law, include:
- Provision of services to you: provision of marketing services and communicating with you in relation to those services;
- Marketing communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law;
- Compliance: processing personal data for compliance purposes and legal obligations;
- Financial management: financial transactions;
- Improving our services: collecting feedback to improve our services.
DISCLOSURE OR TRANSFER OF DATA TO THIRD PARTIES
We may disclose or transfer your personal data to other entities for legitimate business purposes (including providing services to you), in accordance with applicable law. In addition, we may disclose your personal data to:
- Legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- Accountants, auditors, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality;
- Third party processors (such as IT service providers and database providers etc.);
- Any relevant party such as law enforcement as required for legal or security reasons.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Any disclosure or transfer of data to entities within or outside of the UK will be compliant with GDPR regulations and regulated under the laws of the relevant country.
We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You are responsible for the ensuring that any personal data that you send to us is sent securely.
DATA ACCURACY, MINIMISATION
We take reasonable steps to ensure that personal data that we process is:
- Accurate and, where necessary, kept up to date;
- Is erased or rectified promptly where any inaccuracies are identified;
- Limited to the personal data reasonably required in connection with the purposes set out in this policy;
- Kept for only as long as is necessary in connection with the purposes set out in this policy, unless applicable law requires a longer retention period.
From time to time we may ask you to confirm the accuracy of your personal data.
YOUR LEGAL RIGHTS
Subject to applicable law, you may have a number of rights regarding the processing of your personal data, including:
- The right to request access to, or copies of, your personal data that we process or control;
- The right to request rectification of any inaccuracies in your personal data that we process or control;
- The right to request, on legitimate grounds:
- erasure of your personal data that we process or control; or
- restriction of processing of your personal data that we process or control;
- The right to object, on legitimate grounds, to the processing of your personal data by us or on our behalf;
- The right to have your personal data that we process or control transferred to another Controller, to the extent applicable;
- Where we process your personal data on the basis of your consent, the right to withdraw that consent;
- The right to make a complaint at any time to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you wish to exercise any of the rights set out above please contact us.
Registered Address: 4th Floor, 18-20 Hill Rise, Richmond, TW10 6UA. Registered company no: 07099872.
Data protection contact: Cathy Lincoln (firstname.lastname@example.org)
ICO registration reference: A8351074