Innovate Educate Ltd
18 Blake Street
ICO contact number: 00010294353
Innovate Educate is a heritage and learning consultancy. We specialise in creating learning strategies, learning resources and in the evaluation of heritage projects. We work with and provide consultancy services to a range of organisations.
This privacy statement outlines why, on occasion, we collect personal data, how we use it, keep it safe and the rights of those whose data we hold.
Why we collect data:
We collect, store and process personal data of clients, potential clients, employees and our consultants for the purposes of fulfilling our contractual and legal obligations and responsibilities.
How we use personal data:
We use personal data to fulfil our contractual obligations with clients, employees and consultants who work with us. Personal data of individuals who we provide services for, or on behalf of our clients is used to maintain our relationships and to deliver our consultancy and evaluation services.
In our reports unless express permission has been given we will not identify individuals by name. We may however use job titles.
We will only send out information about our consultancy services, training and our latest advice, guidance and blog posts via our mailing list if you have actively consented to us doing so (e.g. you have opted to join our mailing list). Individuals signed up to our mailing list can withdraw their consent at any point by unsubscribing from the email or by contacting us at Karen@ieltd.co.uk
What personal data do we collect?
We use standard WordPress statistics which record visitor numbers and their country of origin.
Our legal process for processing personal data
Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal basis we use for processing data are:
How long do we keep data?
We store and retain personal data for various periods of time in line our legal obligations, financial regulations and internal requirements. Typically, we will delete personal data collected during project work such as rights clearance after six months.
How we keep data secure
We have robust processes, procedures, contracts and agreements in place to ensure secure collection, storage and processing of personal data. Only authorised employees, consultants and third-party data processors (e.g. those who process data on our behalf) have access to personal data we hold.
Personal data is stored securely on our network, on encrypted devices (iPads, laptops, smart phones etc) and within third party systems (e.g. bulk email distribution platform) whose tools we use to process data.
International transfer of data
Prior to engaging or using third party systems to process data, we ensure that sufficient safeguards, contracts/agreements are in place to protect personal data and that all parties comply with the requirements of the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. For example, where data may be transferred outside of the European Economic Area (EEA) to the United States (e.g. if a third party uses multiple servers to back up data), we will ensure that the third party is registered under the EU-US Privacy Shield, such as DropBox which ensures adequate protection of data.
Who we share data with:
In line with our legal obligations we share personal data about employees with HMRC, pensions providers and payroll services. We will also share data with appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.
We do not sell or share data with any other third parties other than those listed above and where we use a third party to securely process our data on our behalf.
Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the following rights:
You can make a request at any point by email Karen@ieltd.co.uk. We will respond to a request within one month of receipt. However, where a request is received to erase data, we may not be able to delete all data (for example where data is linked to financial transactions that must be kept for a set period of time under financial regulations).
If you would like to find out more about how we process data, or if you would like to make a complaint, please contact us at Karen@ieltd.co.uk
We are grateful to Naomi Korn for her workshop, advice and guidance in creating this document.