Effervesce Privacy Notice
Keeping data safe
This is the Privacy Notice for Effervesce Ltd. The person responsible for data protection is Susan Fielden, Director. This notice is available on our website at www.schoolfinancespecialists.com and on request by emailing firstname.lastname@example.org or writing to us at College Farm, Martock Road, Long Load, Langport, TA10 9LD.
You have the following rights:
- The right to be informed – being told what data we hold about you and what we do with it.
- The right of access – being able to request a copy of your data we hold.
- The right to rectification – being able to have inaccurate or missing data corrected.
- The right to erasure – being able to ask us to delete / destroy your data.
- The right to restrict processing – being able to limit the amount or type of data used.
- The right to data portability – requesting to move your data electronically to another business.
- The right to object – being able to request us to stop using your data.
You can exercise your rights by contacting us in writing or verbally, in person or on the phone or by email and we will respond within a month.
Why do we hold data and what do we do with it?
We collect, use and hold personal information about employees, suppliers and customers. This may include:
- professional address
- professional email address
- website addresses
- phone numbers
- computer IP address
- social media addresses such as LinkedIn and twitter
- proof of ID (for MLR purposes only)
We do not hold sensitive data.
Why do we collect and hold personal data?
- For employees, for regulatory returns, payroll and pension purposes and to enable us to communicate over a number of agreed channels
- For suppliers and strategic partners, to make payments and communicate about contractual details, orders and potential or proposed joint ventures
- For customers, past, present and potential, to propose, agree, arrange and deliver services, invoice for payment and satisfy money laundering regulatory checks
- In summary: if we have a contract or are likely to have, if we need the information to comply with the law – if we don’t have a contractual or compliance need for the data then only if we have consent.
How do we get the data?
- Some of the data we hold is published or publicly available, such as names of key staff at schools, school phone numbers and generic office email addresses, website addresses, twitter accounts
- Some of the data will be provided through the Effervesce website, as an enquiry, request for a phone conversation or agreement to future email communication
- Some data will be provided on paper forms, for example through a sign-up sheet at a conference, training session or other similar event
- Some data will be provided as part of the establishment of a contractual arrangement, whether employment, supply or purchase
We will make sure customers know whether the information we request is essential for the provision of the service or whether it is optional.
Data that is collected through our website
To the extent that you access the website, we collect certain data automatically, about your visit to the website. The website contains the following details:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
We also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.”
How long will we keep the data?
We will not hold personal data for longer than is necessary for the purposes explained in this notice.
We hold data about past and current customers and suppliers on our financial system, Xero and check this annually to ensure that it is up to date and we still have a legitimate need to retain it, either to facilitate ongoing business relationships or for tax records.
We hold data about past, present and potential customers on our customer relationship management software, Capsule and check this annually to ensure that it is up to date and that, if it is not in the public domain, we have either consent or are required to retain the data for compliance purposes.
We hold contact details (professional phone number and/or email address) as part of our professional network and check this annually to ensure that it is up to date and that, if it is not in the public domain, we have consent.
Client data is retained for three years from the close of the engagement. After that, summary details of the work we did together may be kept but all personal data will be destroyed.
Main accounting ledgers and supporting documents will be retained for six years following the end of the financial year to which they relate.
How do we keep your data secure?
Our CRM systems can only be accessed by authorised personnel within Effervesce, for the purposes of managing opportunities and contracts. Data about individuals will be restricted to business, not personal, contact details. Emails pertinent to prospective, current or past service provision are held within the system, together with notes of phone calls and activity.
Our financial system can only be accessed by authorised personnel within Effervesce as well as our accountants, Milsted Langdon. Data about individuals held in Xero will only include name, business address, phone number and email address for the individuals to whom an invoice is sent or payment is made.
Contact details (name and professional phone number and email address) held in address books on phone, iPad and laptop (Google and iCloud) are secured by password or fingerprint ID.
What will we do if we suffer a data protection breach?
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
If there is a risk to people’s rights and freedoms, we will notify the ICO. If a breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform those concerned directly and without undue delay.
What else do we do with data?
- We do not make automated decisions or do profiling based on the data we hold
- We will only share data for compliance purposes and if so, we would tell those individuals concerned
- For the purposes of delivering our services we often request data about your organisation for the purposes of analysis and modelling. We will only hold this data with your consent. Paper records will be stored securely. Soft copy records are held on Dropbox with access limited to essential Effervesce personnel.
- We may be required to make information available to those who provide products or services to us such as advisers. We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
- We may be required to transfer transfer information to our business contacts (such as server hosts) outside the European Economic Area. We will only use third party providers who offer a similar degree of security, ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within Europe.
How can you complain to the ICO?
You can complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113