Privacy Policy

Introduction

Please read the following information carefully, as it contains important details about how we will use the personal information that you give to us.

Ampersand-us Ltd (“&us”) is a boutique business consultancy, partnering with brands to create valuable change, inside and out. We work with UK and international clients, including retail, financial services, pharmaceuticals, and charity. We partner with them to help them determine their strategic direction, and design and deliver great products and services in a fast-paced, repeatable and fail-safe way. Ampersand-us Ltd is registered in England and Wales with company number 10874029

During the course of our business, it is necessary for us to collect and hold certain data relating to our clients, visitors to our website and those who make enquiries either by using this website, or in other ways, such as by telephone, SMS or in writing.

We comply with all relevant data protection legislation, including the General Data Protection Regulations (GDPR) the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR). Protection of clients and others whose data we hold is paramount. We act as a Data Controller in respect of information held by us.

&us is committed to ensuring that your privacy is protected. If we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Data privacy and security

At &us, we maintain a Data Protection Policy, which includes procedures for ensuring that data protection is a priority in maintaining systems that hold personal data. Where any concerns or risks are identified, we carry out relevant impact assessments in order to determine any actions that are necessary to rectify this.

We also maintain procedures which seek to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:

  • Protect against potential breaches of confidentiality;
  • Ensure all IT facilities are protected against damage, loss or misuse;
  • Increase the awareness and understanding of the requirements of information security and the responsibility of our staff to protect the confidentiality and security of the information that they process; and
  • Ensure the security of this website.

About this privacy policy

This policy sets out how we will gather, process, store, use and share the information that you give us. This privacy policy relates to personal data collected by us via:

  • Our website;
  • Email correspondence;
  • Telephone calls;
  • Paper communications;
  • Social media;
  • Visiting our offices;
  • Enquiring about, or buying products or services from us; and
  • Providing products or services to us.

You should be aware that if you access third party websites, using any links that may from time to time be provided on our websites, these websites are outside our control and have their own privacy policies governing the use of personal data. We do not accept any responsibility or liability for these policies.

What data we process about you

&us may collect and process the following categories of personal data about you: Contact Details:

  • Name, contact details, organisation, employment details;
  • Information generated by the work, service or relationship we may have with you;
  • Business details, bank and financial details, communication and correspondence;
  • Information generated by visiting our website or engaging with us on social media;
  • Social media aliases or usernames;
  • We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not personally identify you;
  • Information that you provide by filling in forms on our site ​www.andus.co Typically, this includes (but is not exclusive to) requests for further services, surveys or complaints procedures;
  • Records of your correspondence (if any) with us;
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access;

We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

In general terms, we collect information about you so that we can, as appropriate:

  • Act on your behalf;
  • Process applications for employment;
  • Provide you with information about our services;
  • Invoice for work we have carried out;
  • Meet all legal and regulatory obligations; and
  • Review how our website is used.

This information is personal data. This includes your name, home address, email address, telephone and other contact numbers and, if relevant, financial information. This is collected in various ways, such as in person, online, over the telephone or by correspondence.

On some occasions, we may also need to ask for sensitive information such as physical or mental health details, and racial or ethnic origin. We will always ask for your permission if we need to record any of your sensitive personal data in our records.

How we collect information about you and how we will use it

We may collect and process information that you provide during your correspondence with us. This could be, but is not limited to, one of the following ways:

  • Giving information directly to us by methods including filling in forms either on our website(s) or via other media;
  • Requesting any of our goods, services, downloads or other information;
  • Submitting an application to work with or for us, via our website or another medium; and
  • Communicating with us through methods including but not limited to e-mail, telephone and written correspondence.

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where you have given consent for us to process your information;
  • Where we need to perform the contractual obligations we have entered into with you, or the business you are working for or with;
  • Where we need to comply with a legal obligation; and
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

The purpose(s) for which we will collect and process your data are shown below:

  • To manage our relationship and administer our business either as a part of a contract or where we believe we have a legitimate interest to do so;
  • To execute a contract or request;
  • Where we have a legitimate interest to keep you informed of our products or services by appropriate communication methods unless you’ve objected to us doing so; and
  • Sending you marketing and information about our business via email, if you have consented to it.

You should also be aware that when you visit our website, cookies will be used to collect information about you. This may include the IP address of your computer or other device; and information about, for example, which pages you visited on our website. This enables us to review our website and consider what improvements we may make to it. Cookies are also used to improve the functionality of the website. This may include sharing data with third party organisations. You are able to control this by changing the cookie settings as set out in our Cookies Policy.

How will we use the information?

We use the data for the specific purpose below:

  • Keeping in contact with you whilst we are acting for you and to respond to your enquiries;
  • Invoicing for the work we have carried out and obtaining payment;
  • Dealing with complaints;
  • Monitoring and recording information about how our services are used and the use of our website; and
  • To deal with all internal Human Resource administration.

The legal basis for processing your data

  • To fulfil our contract with you;
  • To comply with other contractual obligations;
  • To comply with a legal obligation; and
  • To improve the services and experience when visiting our website in the legitimate interests of individuals.

With your consent, we may wish to use your personal data to send marketing information, to keep you up to date with legal updates and information relevant to areas in which you may be interested.

When attending events, we may take photographs and videos for marketing and promotional material for the firm, including our website, leaflets and brochures. We would always seek your specific consent prior to collecting and using this information.

Data sharing

We may share some of your personal data with the following categories of third parties:

  • Printers, Email service providers or other suppliers who help us to send our communications;
  • Suppliers providing services to us to help us run our business;
  • HMRC and any other relevant government departments;
  • Banks;
  • Web service and cookie providers;
  • External auditors and internal auditors; and
  • Marketing Agencies who help us promote ourselves or deliver our services.

We require third parties to respect the security of your data and to treat it in accordance with the law. We will share your personal information with third parties where required by law. We will never share your data with any organisation to use for their own purposes.

International Transfer of Data

&us may send your data outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”). Information that we collect may on occasion be transferred and stored outside of the European Union for the purpose of supplying our goods or services to you. By submitting your personal data, you agree to this transfer, storing or processing.

Where your personal data is transferred or accessed outside of the EEA, we require that appropriate safeguards are in place. Details of the persons and countries to which your information is disclosed will be provided on request.

In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your information.

Unfortunately, the transmission of data over the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee its security. Once we have received your data we will use strict security measures to try to protect it against loss, misuse, or unauthorised alterations.

Your rights

Under the terms of the data protection regulations and legislation, you have the following rights as a result of using this website:

Right to be informed

This privacy notice, together with our Cookies Policy, fulfils our obligation to tell you about the ways in which we use your information as a result of you using our website.

Right to access

You have the right to ask us for a copy of any personal data that we hold about you (known as a Subject Access Request). Except in exceptional circumstances (which we would discuss and agree with you in advance), we would not charge you for doing so. Unless there is any good reason we cannot do so, we will send you a copy of the personal data within 30 days of your request.

To make a Subject Access Request, please see our contact details at the end of this policy.

Right to rectification

If any of the information that we hold about you is inaccurate, please notify us. Our contact details are at the end of this policy.

Right to be forgotten

You can ask that we delete all personal information that we hold about you. Where it is appropriate to do so, your request will be actioned within 30 days. For further information, please see our contact details at the end of this policy.

Right to object

You have the right to object to:

  • The continued use of your data for any purpose for which consent is the lawful basis for processing – you have the right to withdraw your consent at any time; and
  • The continued use of your data for which the lawful basis of processing is that it is legitimate for any other reason.

Right to restrict processing

If you wish us to restrict the use of your data because:

  • You think it is inaccurate but this will take time to validate;
  • You believe our data processing is unlawful but you do not want your data erased;
  • You want us to retain your data in order to pursue, support or defend a legal claim; or
  • You wish to object to the processing of your data, and we are still determining whether this is appropriate.

In any of these instances, please contact us. Our contact details are at the end of this policy.

Right to data portability

If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact us at the address below.

Rights related to automated decision-making

We do not carry out automated decision making and will inform you if this changes. In that event, if you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact us. Our contact details are at the end of this policy.

Is the processing of information likely to cause individuals to object or complain?

&us is not aware of any reason that would constitute a legitimate reason for objecting to the way in which we process or control information.

How long will we retain information for?

We will take reasonable steps to ensure the accuracy of the information we hold about you. We will not use your personal information unless it is (to the best of our knowledge) accurate and up to date.

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

When the purposes for which we have collected the data for have ended we will retain and securely destroy your personal information in accordance with applicable laws and regulations. For further details about data retention, please contact us. Our contact details are at the end of this policy.

Location tracking via our website

We do not use Google Analytics to audit use of our website.

Security

Unfortunately, the transmission of data over the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee its security. Once we have received your data we will use strict security measures to try to protect it against loss, misuse, or unauthorised alterations.

Related information

Please also read our Cookies Policy

You can get in touch with us in any of the following ways:

Questions and comments regarding this terms of use policy are welcomed and may be addressed to us by:

Email: chris@andus.co
Post: Operations Manager, Ampersand-us Ltd, 61 Hartwell Road, Hanslope, Milton Keynes MK19 7BY

You can contact our Operations Manager if you have any concerns or complaints about the ways in which your personal data has been handled as a result of you using this website.

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues, if you believe we have not acted within the law or have infringed your rights.

Online: https://ico.org.uk/your-data-matters/
By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.

We would however, appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Changes

&us may change this policy from time to time by updating this policy document. You should check this page periodically to ensure that you are happy with any changes.
This policy is effective from May 2018.