Data is at the heart of everything Diligencia Consulting Limited does. It is your right to total transparency and control on how we use it. We have implemented strong data privacy and security safeguards to ensure that you’re protected to the best extent we can.
This policy outlines what data we collect, how we use it and the safeguards we put in place to protect it.
If you would like to uphold your rights or have any queries, then please contact our Data Protection Officer at [email protected]
If you are an EU Data Subject, you can contact our EU Representative at [email protected] Our EU Representative complies with our obligations under GDPR Article 27 and is established in the Republic of Ireland. Please note that our EU Representative is a Third Party. They will process your personal data in accordance with this Privacy Statement.
If you are dissatisfied with our response, you also have the right to lodge a complaint with the Data Protection Authority. This can be done here
Our service includes the collection, maintenance and sale of publicly available data relating to company ownership – similar to that maintained by Companies House in the UK. We rely on a number of legal basis to process this data including Legitimate Interests and Public Interest. If your data is collected for any other purpose, for example taking a subscription or other service with us we will not sell your data and only share it as required to fulfil our service to you.
We’re committed to your data privacy and security. As such we give you these promises:
- We always remember that it is your personal data, not ours. As such we will ensure transparency and openness with you.
- We will only collect data about you that is relevant and necessary.
- Your data will only be held on systems that meet compliance standards.
- Your data will only be accessed by those who need it and we will minimise the amount of data that is processed, wherever possible.
- We respect your rights as outlined in the following sections and will respond to all requests promptly
- All clients we share data with accept their legal responsibilities to use your data that meets their obligations
- We only process your data and share it if we are required by law or we have legitimate interests or other legal basis to fulfil our service commitments to you or our clients.
You have the following rights over any data Diligencia Consulting Limited holds about you:
- Right to object to processing at any time
- Right to opt out of marketing at any time
- Right to have inaccurate data corrected
- Right to erasure of personal data from our database
- Right to export of personal data
Our basis for processing
We are both a Data Controller and Data Processor for the purposes of the Data Protection Legislation. A “data controller” is an entity that controls how and why personal data is processed and a “data processor” uses, handles or works with the data under the instruction of the controller.
When one of our clients accesses our subscription site and then processes this data on their own systems, they also become a Controller of that data and should be contacted directly.
We collect information about you in three key ways:
Passive – you give us information on our website, email us, call us, make a purchase through our websites, meet one of us at events, meetings or approach us on social media. In these cases we are typically the controller and we will not sell your data. We may use this data to follow up enquiries and market our services to you or use it to fulfil our service to you.
Proactive – this is data about you that we may hold from referrals or proactive marketing activity. In these cases we are typically the controller and we will not sell your data. We may use this data to market to you.
Research – we search publicly held records in our target markets that we have a legitimate interest in. We also use market intelligence gathering activities to create an accurate and clear picture of the business world in your geographic area. We use this data to build directories that our clients can subscribe to.
We try and minimise the personal data held on you. Typically, this is restricted to:
- Your personal contact details – email address, phone numbers, source of your data and legal reason for the holding of your information
- Your company details – as above but also address, website invoicing details if relevant and other publicly held information
- Transmitted information – such as emails, messaging, phone call information and recordings, voice mails, email, meeting notes and document tracking information
We make it policy not to connect any social media feeds or store any social media you may post to our systems, with the exception of private messages.
Data is stored on our systems locally and on hosted cloud services such as Microsoft Office 365 and Microsoft Azure, in transit and at rest. As such, some data will either be in UK and EU data centres. In some circumstances data may be processed in the USA and platforms owned by US entities. We ensure that the reasonable mechanisms and safeguards are in place to carry this out including but limited to EU Standard Contractual Clauses.
We may use your data to market to you, fulfil contractual arrangements or for agreed purposes. Calls may be recorded for information holding, quality and training purposes. Our email, document management and website analytics are used for information purposes and to track breaches of copyright. All our processes are mapped and are subject to various internal policies to ensure that your data privacy and security.
- 36 months for any prospect marketing data unless responded to by the data subject in which case 36 months from the last contact
- 36 months following the end of any Service Agreement with a client
- 36 months for all supplier, reseller or other contacts not covered above from point of last contact
- We constantly update the data that we hold on our ClarifiedBy platform
All the above are carried out during the nearest data review which are typically carried out annually in October.
Every marketing email sent from Diligencia Consulting Limited allows you to opt out of receiving emails from us, except for the purposes of fulfilling any contractual arrangements.
You can also send us an email to [email protected] and request to opt out, view, export or delete your data.
For data on our ClarifiedBy service we use our Legitimate Interests or Public Interest to obtain, retain and market this information.
If you request for your data to be deleted and we accept this request, your name and email address will be added to an exceptions list and all other data removed.
Third party countries
We transfer data to third party countries in certain circumstances. If you would like to know which countries your data is transferred to and the processes we have in place to protect your data, please contact [email protected].
We use the following safeguards with respect to data transferred outside the United Kingdom or European Union:
- The processing is within the same corporate group as our business or organisation and is obligated to uphold the same standards of Data Protection and Security as our UK entity.
- The processing is carried out by agents, suppliers or other entities required to process in the course of our contractual obligation with you or when we are carrying out research. These entities are obligated to uphold the same standards of Data Protection and Security as our UK entity.
- We use adequacy decisions or Standard Contractual Clauses in our contracts with data processors.
- We carry out due diligence where Standard Contractual Clauses or other variance of terms is not possible (for example with Microsoft).
Diligencia uses a Third Party Data Protection Officer for compliance purposes. Should you have a data protection query or complaint your details may be passed to him to assist us. In all other cases our DPO does not have access to your data.
We also use a Third Party for marketing activities including delivering marketing emails on our behalf. They remain as controller of data until a service enquiry is requested.
We may also need to share information where agents, resellers or suppliers are involved in the delivery of your service.
If you would like to learn who your data is shared with then please contact us.
Our website and other materials sent to you may contain links to other third party websites. We’re not responsible for the content or your data privacy on these sites.
We seek to uphold our legal obligations as covered by the Data Protection Act 2018 and the General Data Protection Regulation 2016. Our Data Protection Authority is designated as the ICO.
Richard Goodworth is responsible for maintaining and implementing the Privacy Statement and Policy on behalf of Diligencia Consulting Limited. He carries out an annual review of the policy to verify it is in effective operation.