Privacy Policy

What is this Privacy Policy for?

This privacy policy is for this website www.janefisherassociates.co.uk, served by Jane Fisher Associates who governs the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. The way the website processes, stores and protects user data and information is also detailed.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners, cannot be held liable for any damages or implications caused by visiting any external links mentioned.

The Privacy Policy

This privacy policy sets out how Jane Fisher Associates Ltd collects and uses your personal data. This privacy policy has been updated to reflect the changes introduced by the General Data Protection Regulation (GDPR) which becomes enforceable on 25 May 2018.

When we refer to “we”, “us” or “our” in this privacy policy we mean Jane Fisher Associates Ltd.

Jane Fisher Associates Ltd provides leadership consultancy, advice and training service to organisations. 

Data Protection Principles

We will comply with data protection laws including GDPR. This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

Personal data collected

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are “special categories” of more sensitive personal data which require a higher level of protection.

For us to provide our services to you, we need to collect, store and use a small amount of personal data about you, or the individuals who work at your organisation.  The personal data we need is:

  • Your organisation name and postal address;
  • Name and contact details of the individual we are liaising with at your organisation (Full name, email address, telephone numbers, postal address);
  • Information about your business activities;
  • Information about the reason you have engaged our services;
  • Any other information you choose to tell us that is relevant to the enquiry you have.

We do not collect any of the special categories of personal data, or provide our consultancy, advice or training service to children.

How is this data collected? 

The information above may be gathered from you when:

  • you sign up on our website to our Community and Newsletter
  • you sign up via email links to our Community and Newsletter
  • you contact us to either enquire about our consultancy, advice and training services or to take out such services. This may be done via email, telephone or face-to-face; or
  • you book on to one of our events, via any of the above methods, or via Eventbrite
  • you share your details at networking or other marketing events

What we use your personal data for and the legal basis we rely on

We use your personal data to provide you with our consultancy, advice and training services and for direct marketing. The legal basis we rely on are:

Contractual obligation (GDPR Article 6(1)(b))

The consultancy, advice and training services we provide to you are done so under contract.  We require certain information from you to enable us to fulfil our contractual obligation.  If you are not able to provide all the information we need we may not be able to provide the service to you and the arrangement may be terminated.

Legitimate interests (GDPR Article 6(1)(f)

GDPR allows us to use legitimate interests for direct marketing purposes.  We have undertaken a legitimate interest assessment, which balances our business purposes for the processing against your right to privacy.  The outcome of the balancing test justifies our use of legitimate interests for this purpose. 

For clients who have either enquired about our services with a view to purchasing them, or are existing customers using our services, or are lapsed customers who have used our services, or have booked on one of our training sessions, or interested individuals who have signed up to our Community and Newsletter, it would not be an unreasonable expectation to receive information from us about our services.

This also complies with e-Privacy laws, currently the Privacy & Electronic Communication Regulations 2003, which governs how a business can undertake electronic direct marketing.  We can rely on soft opt-in for “individual subscribers” for email marketing to prospective and existing customers.  We do not need either consent or soft opt-in for “corporate subscribers”.

We always give you the opportunity to object to receiving marketing communications from us, when we first collect your personal data and with every marketing communication thereafter.

You can change your marketing preferences at any time by:

Who we will share your personal data with

As a rule, we do not share your personal data with third parties without obtaining your consent to do so.  The exception to this is where:

  • your personal data is accessed and seen by our third-party outsourced website and email host provider, whilst they undertake work on our behalf;
  • your personal data is stored on servers hosted by our back-up cloud providers; and
  • we have to share your personal data if we are required to do so by law.

We do not share, sell or rent your personal data to third parties for them to use for their own marketing purposes.

How we keep your personal data safe

We take the security of your personal data seriously and we have put in place the appropriate organisational and technical measures to safeguard your personal data.  These measures include:

  • Encryption of servers and devices where necessary;
  • Password access to computers and mobile devices;
  • Secure premises;
  • Restricting access to information to only those who need to see it;
  • Internal procedures on data protection and information security; and
  • Staff training

When we use third-party providers to process and/or store personal data we undertake relevant assessments of their business to establish their level of compliance with GDPR and only use those that provide sufficient guarantees to implement appropriate technical and organisational measures to safeguard personal data.

Our website provider only stores this data on UK based servers.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.

If you suspect your personal data has been lost or misused, please report it to us.

Transferring personal data outside of the UK and EU

We sometimes use back-up cloud server providers to store our information, including Easily (email server) and Apple (document and photo files).  Some of this information may be stored on servers outside of the UK and EU.  We therefore check that these parties have appropriate safeguards in place (see above links) to comply with the GDPR rules relating to the transfers of any personal data to 3rd countries, which may include transferring your data.

Retention of information

When we have concluded the provision of our service to you, we will keep your data for a period of 7 years before it is securely disposed.

Your rights

Unless you are a sole trader or a partnership (in certain cases), it will be the individuals who work for your business that have various rights in relation to how we process their personal data.  Individuals can:

  • access the personal data we keep about them and be given specific information about the processing.
  • ask us to update inaccurate personal data we hold about them.
  • ask us to delete their personal data but only when specific grounds apply.
  • ask us to restrict the processing of their personal data, for example if they are contesting the accuracy of it.
  • object to the processing of their personal data if they do not agree with our legitimate interest grounds and for direct marketing purposes.

We do not undertake any solely automated decision-making, including profiling.

Should you wish to exercise any of your rights please get in touch with us.

If you are not happy with how we have been processing your personal data or have not dealt with one of your rights correctly when you have asked us to you may lodge a complaint with the Information Commissioners Office (ICO).  The ICO has several ways in which you can get in touch with them, including post, email, and online forms.  To find out how click here.

Our Contact Details

You can contact us by:

Emailing us at jane@janefisherassociates.co.uk; or

Telephoning us on 07837 024374