Pegasus Data Protection and Privacy Policy
25th May 2018
Introduction and Key Data
Pegasus Professional Development Limited (Pegasus) specialises in the provision of strategic, organisational and management consultancy and in individual and organisational learning and development (L & D) solutions.
This Privacy Policy details how Pegasus uses and protects all data and/or information that is supplied to it by:
- Our organisational and individual clients – whose information is limited to that necessary to provide our services to those clients;
- Website users whose IP address will be recorded; and
- Users signing up to the Pegasus MailChimp newsletter mailing list from the website.
Registration with the Information Commissioner’s Office
Pegasus is registered with the Information Commissioner’s Office (ICO), number ZA366444, and registration with the ICO is renewed annually.
Data Protection Officer
The Data Protection Officer is Andrew Dines, a Director of Pegasus.
Access to Data
Data users, with access to relevant electronic and paper records, are limited to:
- Andrew Dines
- Any Associate providing services for Pegasus
Security – Protecting your Information
Pegasus takes your privacy seriously and is committed to keeping your information safe and secure. To prevent any unauthorised access or disclosure, we have enforced strict electronic, physical, and managerial controls to ensure that all information we collect online is secure and safeguarded.
In the normal course of events and, unless, required by law Pegasus will not transfer your data to countries outside the European Economic area. In addition, Pegasus will never sell or pass your information on to any third parties.
Retention of Data
All data will be processed in line with the eight principles contained in the Data Protection Act 1998, as applicable.
Your Rights
Under the GDPR, any organisational and individual clients, Pegasus website and Pegasus newsletter users (‘You’) have a number of rights that can be exercised in certain circumstances. These are free of charge. In summary, you may have the right to:
- Ask for access to your personal information and other supplementary information;
- Ask for correction of mistakes in your information or to complete missing information Pegasus holds on you;
- Ask for your personal information to be erased, in certain circumstances;
- Receive a copy of the personal information you have provided to Pegasus or have this information sent to a third party. This will be provided to you or the third party in a structured, commonly used and machine-readable format, e.g. a Word file;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict the processing of your personal information in certain circumstances;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.
If you want to exercise any of these rights, please:
- Use the contact details at the end of this document;
- Provide proof of your identity and address;
- Provide a contact address so that you can be contacted to request further information to verify your identity;
- State the right or rights that you wish to exercise.
Pegasus will respond to you within two weeks from when it receives your request.
How long will Pegasus store your personal information?
Pegasus will normally only store your personal information for as long as is necessary for the reasonable and legitimate conduct of our business, as follows:
- Organisational and Individual Clients – until at least 7 years after the date of the last provision of service or goods. This is because it may be needed for potential legal proceedings/regulatory matters or active complaints.
- Website Information – Names and contact details held for marketing purposes for as long as necessary as set out above or until Pegasus becomes aware or is informed that the individual has ceased to be a potential client.
- Pegasus Newsletters – If you have signed up to receive the Pegasus newsletters via Mailchimp then your name and contact details will be retained for as long as necessary as set out above or until Pegasus receives notification that you no longer wish to receive the newsletter or you have ceased to be a potential client.
How to make a complaint?
The GDPR also gives you the right to lodge a complaint with the ICO if you are in the UK, or with the supervisory authority of the Member State where you work, normally live or where the alleged infringement of information protection laws occurred. The ICO can be contacted at http://ico.org.uk/concerns/.
Future Processing
Pegasus does not intend to process your personal information except for the reasons stated within this privacy notice.
Organisational and Individual Clients
For the purposes of this Policy, data subjects will be:
- An organisational client who contracts with Pegasus for the provision of group or individual services.
- An individual client who contracts directly with Pegasus to receive one-to-one services or is an individual within an organisational Client.
Relevant Data
Relevant data to be processed will mainly include, but will not be limited to, the following:
- Training needs analysis information on intending course delegates, provided by organisational clients or by individual delegates;
- Names, job titles, depts, teams, e-mail addresses of intending course delegates or organisational client contacts;
- Names/work phone numbers/e-mail addresses of individual clients;
- CVs and personal information forwarded by clients to Pegasus for information purposes during a coaching interaction;
- Electronic records of coaching interactions with clients, which are copied to the individual client;
- E-mails between Pegasus and organisational and individual clients before, during and after a L & D intervention;
- Success stories and references provided by organisational and individual clients;
- Confidential organisational data provided by organisational clients to inform further understanding of the organisational client’s business including, where relevant and necessary, sensitive data (health, ethnicity, sexuality, politics, religion/beliefs, criminal offences);
- Records of phone calls, conversations and/or meetings relating to the conduct of the business between Pegasus and organisational and individual clients;
- Audio Visual recordings of interventions with organisational and individual clients subject to the proviso that such recordings are only made with the explicit consent of the organisational and individual clients.
It is not anticipated that any type of telecommunication will be monitored or intercepted.
Confidentiality
The confidentiality of all organisational and individual clients is of paramount importance to Pegasus. The following will be ensured, either directly by the Directors or by any Associates, providing services under the name of Pegasus;
- The rights to confidentiality, for all parties, will be established at the outset of every new business relationship, 1 to 1 or group intervention;
- Any form of discussion about a client experience (with a group or individual for learning purposes or with a coach as part of a 1 to 1 coaching supervision) will not include any identifying details unless explicit consent has been given by the organisational or individual client;
- Any agreement to publish identifiable data about an organisational or individual client, for example success stories and references in marketing publications or on a website, will be with the explicit consent of the organisational or individual client.
The Pegasus Website
Information we gather
Pegasus may collect the following information from you:
- Name and job title
- Contact information including company name, address, postcode and email address
- Any other information that you choose to send us
What we do with your information
Pegasus collects and retains the above information from you to enable us to better understand your needs and provide you with a better standard of service. We primarily use this information for the following purposes:
- Internal record keeping.
- To improve our products and services.
- To send a periodic Newsletter containing information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email or phone.
Security of the Website
Quarterly checks and updates of the website operating system have been instigated to ensure that website security is of the highest integrity.
How does Pegasus Professional Development Limited use cookies?
Pegasus uses cookies to gather information about how people such as yourself use our website and to help us to enhance the experience of visitors to our website. Some cookies are a necessity and ensure that our website works correctly. Please see the separate Cookies Policy on the Pegasus website.
Links to external websites
Pegasus may provide links to external websites on our website to allow you easy access to other websites of interest. Please note that once you leave our website, we have no control over the other websites that you may visit. Such external websites are not governed by this privacy policy and we are not responsible for the protection and privacy of any information you provide whilst visiting such sites. Instead, you should refer to the privacy policy of any external website that you visit to ensure your safety and security online.
Marketing and promotion – The Pegasus Newsletter
In relation to personal information collected for marketing purposes, the personal information consists of
- names, contact details, and name of organisation
- the nature of your interest in Pegasus’ marketing
- your attendance at Pegasus events.
This will be processed so that you can be provided with information about Pegasus and its’ activities and to invite you to events. Information will be provided through the provision of newsletters utilising MailChimp as the e-mail delivery source.
You may contact Pegasus using the contact details at the end of this document or within the MailChimp newsletters, if you no longer wish to receive information through our newsletters.
Contact Details
If you have any questions about this privacy notice or the information Pegasus holds about you, please contact Andrew Dines, the Pegasus Data Protection Officer using the contact details below.
e-mail: andrewdines@pegasuspd.co.uk
Phone: 01264-361127
Review and Changes to this Privacy Policy
This privacy notice was published on 25th May 2018 and last updated on 26th June 2018.
Pegasus regularly reviews its privacy practices and may change this policy from time to time. If there are changes, then an amended privacy notice will be placed on the Pegasus website.