ICMEA-UK Ltd - Privacy Policy

Our contact details:

Name:              ICMEA-UK Ltd

Address:         STEP Business Centre, Wortley Road, Sheffield S36 2UH

Phone Number: 07380 629 476

Email:              info@icmea.uk

Website:         www.icmea.uk 

Company Registration Number: 11188863

What is the purpose of this document?

This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR), and the Data Protection Act 2018.  Under UK GDPR, personal data is any information, paper documents, digital records, photos or video footage from which individuals can be identified. 

We are committed to protecting the privacy and security of your personal information.

This notice applies to:

1. All Clients
2. All Third Parties and Suppliers with whom we have dealings in the ordinary course of our business including those individuals with whom we send marketing information regarding our services

Any reference to ‘you’ or ‘Data Subject’ shall mean any individual receiving this notice for whom we hold personal data.

This Privacy Notice does not include information relating to the retention of data on limited companies as such data is not incorporated within the provisions of GDPR.

This Privacy Notice also applies to our normal business website.

In many circumstances we hold your data as a “Data Controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. In some circumstances we may acquire or handle your data as a ‘Data Processor’ which means we have been asked to handle your data by a third party other than yourself and do not directly store your data.

We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Data protection principles

We will comply with data protection laws including GDPR. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

The type of personal information we collect 

We currently collect and process the following information:

• Personal contact details such as your name, title, addresses, telephone numbers and email addresses. 
• We may also retain information regarding your business bank accounts (if you are a customer of ours) and information relating to your business. 
• Commercial information you provide directly to us.
• Information we may obtain from third party sources.
• Electronic data relating to our website e.g., cookies.

This is not an exhaustive list and we can provide you with full details of exactly what information we hold on request.

There are “special categories” of more sensitive personal data which require a higher level of protection.  We will not ordinarily collect, store and use any data which is defined under GDPR as “special categories” of more sensitive personal information.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

• Requesting information about our services 
• Discussions regarding the services we provide
• Entering into contracts for services or work
• Discussions around potential purchases
• To allow us to understand more about situations and your business so we can offer you the most comprehensive professional service.
• To allow us to customise the service, we provide you.

We may also receive personal information indirectly, from the following sources in the following scenarios:

• From other organisations / professionals, by way of an introduction with a view to discussing possible future work / collaboration / subjects of mutual interest.
• Searches of publicly available sources – eg Companies House, Linked In, Directories held by other bodies, etc – to allow us to identify possible suppliers, collaborators.

How we use the information that you have given us: 

It is necessary for us to retain data on clients in order for us to fulfil our contractual obligations and we must hold data for our legitimate business needs.

We use the information we collect:

• To provide the service you request. 
• To understand more about situations and your business so we can offer you the most comprehensive professional service.
• To customise the service, we provide you.
• For the purposes of marketing and providing you with information about services which may be of interest to you.
• To deal with any complaints and to improve our services.

If you submit an enquiry to us you will submit data by doing so – whether this is through our online enquiry form, by direct email or telephone. This data is used only for the specific purpose of responding to your enquiry - we will not add you to any communication and marketing lists, unless you expressly opt-in or request this. We may log your enquiry on our internal systems for the purpose of tracking that the enquiry has been responded to, to follow-up with a quotation or provide the support requested by you. We will monitor enquiry trends, but this is anonymised and is limited to data that is not personally identifiable.

We will only retain data which we reasonably require and for a period which is reasonably necessary.

We will not disclose your data to third parties unless you have consented for us to do so, or we are otherwise required to do either contractually or under another law or enactment.

We will hold limited information on visitors to our websites. We retain this data only insofar as it is necessary to appropriately optimise the website and in order for us to ensure appropriate functionality of our websites.

Receiving communications from us

We may keep in touch with our clients, as well as other interested parties, by providing occasional emails about service updates and other news.

You may consent to receive such information by joining our mailing list. As part of the registration process for this we do collect limited personal information. During registration, and at any time after, users can unsubscribe fully or change their preferences as to which information they would like to receive.

We collect this information for a number of reasons: to send you the requested information, to check that our records are correct and to contact you if you require additional information. We will never rent or sell this information to any other organisation or business.

You can unsubscribe from these mailings at any time by contacting us.

Data Sharing 

We may on occasions have to share your data with third parties, including third-party service providers.  This may include:

• ICMEA srl (Italy) (our Parent Company)
• Third party service providers, with a view to collaborating on projects, or making an introduction to discuss possible work. 
• Service providers – as part of sub-contracting arrangements
• A regulator or to otherwise comply with the law.

We require third parties to respect the security of your data and to treat it in accordance with the law.  We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will put in place appropriate security measures to protect your data proportionate to the size of our operation, the resources available to us and the nature of the data we store on you.

Lawful basis for processing information

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: 

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting  info@icmea.co.uk

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a legitimate interest.

How we store your personal information 

We have put in place measures to protect the security of your information. Most data is stored securely, electronically and is not accessible to anyone, including inadvertently as far as is reasonably practicable.  Paper copies of any data is kept to a minimum and within locked filing cabinets and shredded when finished with.  Details of these measures are available upon request.

The security of your data is important to us but no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the security of your data transmitted online and transmission is made at your own risk. If you communicate with us by email then you assume the risks of such communications being intercepted, not received or delivered or are received by individuals other than the intended recipient. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

In respect of Client data we will typically hold data relating to your instructions for such time as reasonably required in order to be able to defend or otherwise deal with any proceedings you may bring against us either in Tort and/or Contract. The Limitation Act 1980 typically provides that legal proceedings for breach of contract or negligence can be brought up to 6 years after the events. We therefore have a legitimate business interest in retaining the data beyond this period should any subsequent legal proceedings.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information. 

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at  info@icmea.co.uk  if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at info@icmea.co.uk or ICMEA-UK, STEP Business Centre, Wortley Road, Sheffield S36 2UH.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.  This notice is dated March 2023.