This notice (together with our Terms & Conditions of use
and any other documents referred to on it) tells you what to expect when Fidabona Limited uses your personal data. It does not provide exhaustive detail of all aspects of our collection and use of personal data, but we are happy to provide any additional information or explanation needed. Any requests for this should be sent to email@example.com
. This privacy notice applies to information we collect about:
- visitors to our websites;
- those who make an enquiry about our services through this website;
- people who register for events such as webinars and seminars;
- people who use our online services e.g. who subscribe to our newsletter or use our online chat service.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 31st
Who is Fidabona Limited?
Fidabona Limited (Fidabona) is a limited company registered in England & Wales No 09992950 and our registered address is: 89 Chantry Way East, Swanland, E YORKS. HU14 3QF Fidabona is a boutique privacy consultancy with a personal, tech focussed approach. Our team is dedicated to supporting our clients in their privacy compliance efforts in a way which helps them engage their customers and grow commercially. Fidabona is committed to protecting and respecting your privacy and our use of personal data on this website is aimed at helping us achieve these aims and to provide our users with the best service we can. We will always ensure your personal data is appropriately protected whether you have provided it in connection with a business service or in your personal capacity.
Data Protection Officer
Fidabona Ltd is registered with the Information Commissioner’s Office (ICO) no ZA301805
and has appointed an internal data protection officer who you can contact if you have any questions or concerns about our personal data policies or practices. Michael Curran Fidabona Limited c4di Queen Street HULL HU1 1UU. email: firstname.lastname@example.org
telephone: 0330 122 8239
The European Union’s General Data Protection Regulation provides you with certain rights. A good explanation of them (in English) is available on the website of our National Privacy Regulator, the Information Commissioner’s Office
. In the UK you have rights as an individual under the Data Protection Act 2018 which you can exercise in relation to the information we hold about you. You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
A right to information and access
You have the right to know whether Fidabona Limited is processing your personal data and to have access to the personal we may have about you. You may also request information about: the purpose of the processing; the categories of personal data concerned; who we might have shared the data with; what the source of the information was (if you didn’t provide it directly to us); and how long it will be stored for. Reasonable access to your personal data will be provided at no cost upon request made to Fidabona Limited at email@example.com
or using the form published here
. To make sure we do not disclose your information to someone else, we may ask you to provide information to confirm your identity. This may include asking you to provide identification documents. If access cannot be provided within 30 days, Fidabona Limited will provide you with a date when the information will be provided. If for some reason access is denied, Fidabona Limited will provide an explanation as to why access has been denied.
A right to correct
You have a right to correct the information we hold about you if it is inaccurate. Where we need to investigate the accuracy of the data, you have the right to request we restrict our use of that data.
A right to erasure
You may request that we erase the data we hold about you; but this is not an absolute right and is subject to exceptions. Where we have a lawful reason to retain your data even when you request we delete it, you have the right to restrict our use of your data to that reason only.
A right to object to the use of your personal data for direct marketing
You can stop direct marketing communications from us by clicking the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails. Note: We will retain a copy of that email address on our “master do not send” list in order to comply with your no-contact request. Please note that you may continue to receive communications for a short period while our systems are fully updated.
A right to not be subject to automated decision making
You have the right to object to a decision which has been made solely by automated reasons. Essentially, this right allows you to request that the decision is reviewed by a human. We do not use any automated decision-making tools but please contact us if you require any more information on how this right may apply to you.
A right to data portability
When technically feasible, Fidabona Limited will—at your request—provide your personal data to you or transmit it directly to another controller in a commonly used, machine readable format e.g. csv.
A right to complain
You have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we use your personal data. In the UK this is the Information Commissioner’s Office – www.ico.org.uk/concerns
The reasons we can lawfully use your data
We only use your personal data when we have a lawful basis to do so. Data Protection legislation sets out a number of these, but the ones we most commonly use are:
In many situations, we collect and use your personal data with your consent.
Performance of a Contract
There are situations where we need to use your personal data in order to provide the service you have asked us for (or to allow others to do so on our behalf).
If the law requires us to, we may need to collect and process your data. For example, to maintain our proper accounts and fulfil our reporting obligations to HMRC.
We may use your personal data to pursue our legitimate businesses interests in a way which might reasonably be expected as part of running our business as long as it does not materially impact your interests, rights and freedoms. These legitimate business interests can include:
- enhancing, modifying, personalising or otherwise improving our services and communications for the benefit of our clients and users;
- understanding how people interact with our websites;
- determining the effectiveness of our marketing and communications.
This can also apply to uses which are in your interests and those of others such as those which
- identify and prevent fraud or other illegal activity;
- enhance the security of our network and information systems.
You have the right to object to our processing of your personal data for our Legitimate Interests at any time. Please contact us if you have any further questions about our use of your data in our legitimate interests.
When do we collect your personal data?
- When you visit our website.
- When you register to attend, sponsor or host one of our events;
- When you subscribe to receive our Newsletters and Events updates;
- When you enquire about our services including when we send you an online proposal or when you make an online booking to meet with one of our staff;
- When you use our live chat service;
- When you choose to complete any surveys we send you;
- When you engage with us on social media;
- When you contact us by any means with queries, complaints etc;
- When a third-party such as your employer or business’s professional adviser gives us your information in connection with a proposal or project they want us to work on;
- When we conduct research into businesses as part of our marketing activities e.g. your business website, Companies House, LinkedIn, contract, employment and tender portals.
- When we purchase data about your business from a data broker.
What happens if you don’t give us your data?
Much of the information on our website is available without giving us your personal data. However, some personal data is needed so we can supply you with the services and information you have requested. For example, to book a meeting with one of our consultants online, we need at least your name and email address to be able to confirm the meeting and send updates to you.
What personal data do we collect, why and how do we use it?
We only collect the personal data we need to provide you with the services you have asked us to.
To begin with, this is normally your name and preferred contact method such as email address and telephone number.
How we use it
We use this information to keep in touch with you and provide the services you have asked us to e.g. attending an event or to give you more information about how we can help with your privacy compliance program. We may also use your contact information to send you survey and feedback requests to help improve our services. These messages will not include any promotional content and our legitimate interest to do this is to help make our services more relevant to you or others. We may also use your contact information to send your business relevant, tailored communications by post in relation to updates, events, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time.
Most of the information we gather as part of the proposal process is about your business and its privacy needs; but we may also gather background information which could include personal information such as your educational or professional history.
How we use it
We gather this information to better understand which of our services may be of particular benefit to your business in order to maximise the value you get from your relationship with us. Sometimes the information will be provided by your employer as part of their discussions with us e.g. in providing us with contact details for and information about the members of staff best placed to work alongside us on your project.
We record information about your business’s budget for the services you have asked us to provide and other information such as turnover and profit or the value to your business of a certain asset such as a customer database or IT system. While this information is about your business it may be classed as personal data if you are a sole trader.
How we use it
We mainly use this information in order to enter into a contract with you (i.e. provide you with a proposal for our services); but may also use it in our legitimate business interest by combining it with other data such as information from Companies House in order to improve our services and marketing by understanding the types of business who best suit the way we work.
Data about your preferences
This includes a number of different types of information depending on the service you are asking us to provide e.g. the website form used to register for events asks for information about the outcomes you hope to achieve by attending the event.
How we use it
We use this information to provide you with the services you ask us to and to help ensure we develop future services or events in line with the expectations of our target audience.
Your contacts with us
Details of your contact with us online, by email, telephone, the postal service or through our live chat or answering services. Your contact details including social media username(s).
How we use it
To respond to your queries and complaints. We need to use the information we hold about you to respond. We may also keep a record of your contacts with us to inform any future applications and our communication with you. We do this on the basis of our contractual obligations to you and our legitimate interests in providing you with a good level of service and understanding how we can improve our service based on your experience.
People who contact us via social media
We use a third-party provider – Hootsuite – to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations. For more information, please see Hootsuite’s privacy notice
People who call our helpline
Fidabona’s helpline (0330 122 8239) is provided by a third-party company, Norango Limited. All data collected by Norango in connection with its commercial contract with Fidabona is stored in the European Economic Area using encrypted servers. Norango record all calls
for the purposes of operator training and service monitoring. These recordings may be securely shared with Fidabona if we request them or in the event of a dispute. Call recordings are securely deleted after one month. Norango collect Calling Line Identification (CLI) information
. They use this information to help improve efficiency and effectiveness and to fulfil their contract with Fidabona. Norango collect call time and duration information
. They use this information to help improve its efficiency and effectiveness and to fulfil their contract with Fidabona, especially with respect to billing us for their services in line with the agreement between the two companies. Norango collect your name and contact information
as willingly provided by you during a call with one of their operators. They pass this information to Fidabona in order for us to contact you for the purpose you have requested. The message and your contact information will be stored by Norango for up to three years. It will not be shared with any other organisations. For more information, please see Norango’s privacy notice
Combining the data we hold about you
We want to give you the best possible service. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you e.g. by combining information about the events you have attended with details of which newsletter emails you have opened. We then use this picture to offer you improved information about other products and services that are most likely to interest you. We may also combine information that you provide to us with publicly available information such as that from LinkedIn, Companies House or your company’s press releases to better understand your business and how Fidabona’s services may assist you. We do this as part of a legitimate interest in understanding our clients and providing the highest levels of service as this allows us to tailor our services and promotions and to let you know about events and services which are likely to be of interest to you based on which services you have used in the past and/or information which is publicly available about your business and its activities.
Sensitive (or Special Categories) data
This is data about your racial or ethnic origin, health data, sex life or sexual orientation, political opinions or affiliations, religious or philosophical beliefs, genetic or biometric data. We do not usually ask for or need any of this type of data as part of our website services. However, when we collect and use this data we do so only with your explicit consent and only to provide you with a specific service. e.g. A website form used to register for events may ask about your dietary preferences and whether you need any kind of mobility assistance. While we are not specifically looking for information about your health or religion, a response that you require mobility assistance (and the information about the assistance required) or that you require a Halal meal would expose this information to us if you are the only person from your company attending the event. This information is never used or shared for any other purpose unless we are legally obliged to.
The data of children
This website is aimed at people over the age of 18. We do not attempt to solicit or knowingly receive information from children under 18 using this website.
Technical Data that identifies you, how you use www.fidabona.co.uk and our online services
Your IP address, login information, browser type and version, session ID, time zone setting, browser plug-in types, geolocation information, operating system and version. The pages you visit, the path you take through our site, page load times, errors you receive, how long you stay on our pages, what you do on those pages, how often, details of blog articles viewed and any search terms you entered etc This information is normally gathered using cookies in your web browser. Learn more about our use of cookie and similar technologies
How we use it
We use this information for a number of purposes related to providing the services you ask us to provide e.g. the ability to send us a message online, read an online proposal or to remember your cookie settings. We also use this information in our legitimate business interests such as improving and personalising our website and online services or to protect our business from fraud and other illegal activities. In most cases, the information gathered does not allow us to directly identify an individual, but the nature of your interactions with us may allow us to connect your activity on our website with a record in our other systems e.g. your live chat record can be connected via IP address to your activity on our website.
The use of your data for marketing purposes
With your consent, we will use your personal data to keep you informed by email about relevant products and services including events similar to those you have previously attended or news about the work we do. You can withdraw your consent at any time as described earlier in this notice or by clicking the unsubscribe link in emails we send you.
How we protect your personal data
We take the privacy of our users and the security of their data seriously. With this in mind we maintain physical, technical and administrative safeguards. We secure access to our website using SSL encryption meaning that any information you give us through www.fidabona.co.uk
remains private and secure. We regularly monitor our processes, the data we gather and the software we use for possible vulnerabilities to identify ways to further improve the way we handle personal data. We restrict access to your personal data to those employees who need that information to perform their role and help provide services to you. We provide training to all our employees about the importance of maintaining the confidentiality and security of your information. Please contact us if you have any questions about the security measures we have in place.
How long will we keep your personal data?
We’ll only keep your personal data for as long as is necessary for the purpose for which it was collected and to comply with applicable law or resolve disputes. This means we set retention periods for all the personal data we collect. When that retention period has passed, your data will either be completely deleted in a secure manner or anonymised e.g. by aggregation with other data in a non-identifiable way for statistical analysis and service planning purposes. How long we will keep your data for depends on the nature of the relationship we have with you. Please contact us if you would like more details, but some examples of data retention periods are:
Expressions of Interest
Where you have provided your personal details as part of an expression of interest in our services but have not become a client, we will retain your personal information for up to 3 years during which period we may contact you with developments we think may be of interest to you. We do this as part of our Legitimate Interest in promoting our services to your business or employer rather than to you as an individual. After this period, we will remove your personal information although we may retain information about your business and its interactions with Fidabona Limited in an anonymised format in order to inform our business planning and research. As always, you have the right to opt out of our use of your personal data for our legitimate interests. Please contact us if you wish to do so.
We keep the information you have provided for as long as we have an active business relationship with you in order to provide the services you have asked us to. After our business relationship ends, we will retain your information and information about your business transactions with us for up to seven years to comply with our legal obligations such as those to HMRC. After this point we retain details of your business’s relationship with us in an anonymised format in order to inform our business planning and research. (Please see our Privacy Notice for Consultancy Clients for more details).
If you register to attend one of our events the associated personal data will be kept for 3 years so we can keep a record of the events you registered for and those you attended. We do this so we can better understand the events the wider business community find of interest and improve the quality and appeal of the events programme we offer. We do this as part of our Legitimate interest in planning future events and services. Again, you have the right to opt out of our use of your personal data for our legitimate interests. Please contact us if you wish to do so.
Who do we share your personal data with?
We do not reveal your personal data to third-parties unless:
- you request or authorise it (e.g. when you agree to be put in touch with one of our software partners);
- the information is provided to comply with the law (for example, to comply with a court order);
- to protect our rights, property or safety, or the rights, property or safety of our employees or others. This includes exchanging information with law enforcement organisations for the purposes of the detection or prevention of crime; or
- the information is provided to protect your health, safety or other vital interests or the health, safety or other vital interests of another; or
- the information is provided to our sub-contractors, agents, vendors or service providers who perform functions on our behalf; or
- to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
Examples of the kind of third parties we work with IT, software and SaaS companies who support our website and other business systems. These include Zestia Ltd and HubSpot Inc who provide our cloud-based CRMs and online chat & service ticketing facilities, Mailchimp who help us manage our email communications with you. These companies are data processors for Fidabona Limited which means they only use your data in order to provide the technical services we ask them to. A full schedule of the data processors we use is available in the Legal & Compliance section of our website.
Sharing your data with third parties for their own purposes:
We will only do this in very specific circumstances, for example: We may, from time to time, expand, reduce or sell Fidabona Limited and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
Where your personal data may be processed
As part of our commitment to your Privacy, we always opt to have your data stored in the UK or EU where possible. This includes instances where a vendor offers a choice of storage locations but where the UK/EU option is more expensive. However, sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as the United States. Fidabona Limited transfers personal data outside the EEA only:
- to countries where there is an adequacy decision in place i.e. the EU has formally determined that there is a sufficient level of protection in place under that nation’s data protection laws; or
- where the recipient is certified under an internationally recognised privacy framework which helps to ensure your protection; or
- with your consent; or
- to perform a contract with you; or
- to perform a contract with another in your interests; or
- where the transfer is necessary for the establishment, exercise or defence of legal claims.
Any transfer of your personal data will follow applicable laws and we will always treat your personal information in line with the principles of this Privacy Notice. This includes measures such as imposing contractual obligations on the recipient with respect to how they treat your data. If you would like more information about how we protect your rights and freedoms when transferring your data outside the EEA, please contact our Data Protection Officer.
Protecting your data transferred to the United States
Many online services are reliant on US providers and/or servers which means many companies need to transfer your data to the US to provide the services and/or online functionality many people expect. The United States has neither sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. Membership of the scheme is voluntary but, when choosing an infrastructure partner who transfers your data to the US, we select only those companies who are members of the EU-U.S. Privacy Shield Along with the contractual and organisational measures we have in place, we believe this helps to ensure your rights and freedoms are protected as the Privacy Shield framework is recognised by the European Union (although this may be subject to challenge by the European Data Protection Board