- Omada Consulting handles the personal data of our customers, suppliers, employees, workers, and other third parties. This Privacy Standard document sets out how that information is used, with whom we may share it, and how we keep it secure. It does not do so in exhaustive detail but we will of course be happy to provide any additional explanation or information needed. We recognise and are committed to the need to treat all personal data we hold in an appropriate and lawful manner.
- The Data Protection Officer for Omada Consulting is Gemma Thomas, who can be reached on email@example.com or 0117 973 1555.
- This Privacy Standard was last reviewed in July 2018.
Personal data used by Omada
- Omada provides business psychology consultancy services to clients to help develop and improve the performance and effectiveness of individuals, teams, functions and organisations as a whole. The data we therefore hold may include but not be limited to:
- Surveys and questionnaires
- Psychometric questionnaires
- Personal biographies, as completed by the individual
- Session notes from both individual consultations and group or team workshops
- CVs, appraisals and other information provided to us by a client organisation or individual
How we obtain your personal data
- You provide us with personal data in the following ways:
- By completing surveys, psychometric questionnaires and other fact or opinion based questionnaires
- By participating in reviews or other business related exercises
- During individual, paired or small group coaching sessions
- During team or large group sessions, meetings and forums
- By signing a terms of engagement form or letter
- Through email, over the telephone, via our website, or by post
- This may include the following:
- Basic details such as name, address and contact details
- Details of contact we have had with you such as referrals and session requests
- Information relating to your psychological and personal history
- Information concerning the history and details of employment with current and previous employers
- We may also obtain sensitive information from colleagues and your employer, and on occasion from third party suppliers that are working on our, your or your employer’s behalf. We may only use such information with your consent or, if for contractual reasons, with the consent of your employer.
- If you access our website, we may also obtain details of your operating system, browser version, domain name and IP address, as well as the details of the website you came from to enable us to monitor and improve the site. Although our site may link to other websites, we are not responsible for their data policies or procedures or their content.
How we use your personal data
Data controllers determine the purposes for which, and the manner in which, any personal data is processed. They have a responsibility to establish practices and policies in line with the Act. We are the data controller of all personal data used in our business. Data processors manage personal data on behalf of a data controller. Employees of data controllers are excluded from this definition but it could include suppliers which handle personal data on our behalf.
- We act as a data controller when we use your personal data to provide direct advice or consultation services.
- We act as a data controller and data processor in regard to the processing of any data received from third parties, such as psychometric questionnaire providers, as well as any other assessment, development or survey providers.
- We act as a data processor in regard to the processing of information provided to us by your employer.
- We use information held in order to provide you or your employer with direct or indirect development, effectiveness, performance or employment advice. Our holding of your personal data is therefore of contractual or legitimate interest and with a basis in law.
- We may anonymise and aggregate raw data from questionnaires and other individual data collection methods in order to gain insight into, or advise organisations on patterns and themes present across its employee population. It will not be possible for your individual data to be identified by any employer in such data sets.
- We may use your personal data where there is an overriding public interest in using the information, for example to safeguard an individual, or to prevent a serious crime, or where there is a legal requirement to do so, for example a formal court order.
- We may share your or any collated information or data gathered, but only in anonymised form, with psychometric testing and survey companies to improve the quality of tests and instruments. We will not include any sensitive or identifying information.
- We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
- Our registrant body, The Health Care Professions Council and our professional association, The British Psychological Society, for the processing of a complaint made by you
- Any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential
- Anyone to whom we may transfer our rights and duties under any agreement we have with you
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so and/or if the law allows us to do so
How we store your personal data
- We undertake at all times to maintain the confidentiality of data held on individuals or organisations, and to protect your personal data in a manner which is consistent with the standards laid down by our registrant and regulating bodies, our commitment to professional competence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection.
- Within the field of personal development, we also follow the common law duty of confidentiality, which means that where identifiable information about you has been given in confidence it should be treated as confidential and only shared for the purpose of providing these services to you.
- We often work with individuals, teams, functions and client organisations, continuously or intermittently, over a long period of time. Following completion of any performance or development process in which you directly or indirectly participate we may retain your personal data for up to ten years. We do so to establish a baseline against which to assess progress and development over the long term, and for the purpose of longitudinal studies of the development and career progression of individuals and teams. However, that timeline and the data stored is continually assessed in the context of guidance provided by our professional association, the British Psychological Society, and/or the guidelines of the organisation, typically your employer or prospective employer, by which we are commissioned to provide the required services.
- We also take reasonable security measures to protect your personal data storage. We will ensure that the information we hold is kept in secure locations, restrict access to information to authorised personnel only, and protect personal information held on equipment such as laptops.
- All data which is not for current use will be encrypted. Encryption masks data so that unauthorised users cannot see or make sense of it. Our encrypting file systems are compliant with the encryption requirements defined by government agencies as necessary for protecting classified information.
- We ensure that external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
- Omada Consulting is registered with the Information Commissioner’s Office (ICO) as a data controller. A copy of the registration is available through the ICO website (search by business name Omada Consulting Limited).
How consent is given
- Consent for the processing of your data is given by completing our request for information such as
- a survey or other questionnaire
- a psychometric questionnaire
- a personal biography or other pro-forma
- a signed letter or form outlining our terms of engagement
- Consent for your data to be held and processed by Omada is also given by your participation in individual or group sessions, development programmes, workshops or similar work activities or interventions.
- Every individual has the right to see, amend, delete or have a copy of their data, or data held that can identify them. You do not need to give a reason to see your data.
- If you want access to your data you must make a subject access request in writing to Gemma Thomas – firstname.lastname@example.org, or at Omada Consulting, 29 Wellington Park, Clifton, Bristol BS8 2UW. We shall respond within 20 working days of receiving the request.
- Our response will include the details of the personal data we hold on you including
- Sources from which we acquired the information
- The purposes of processing the information
- Persons or entities with whom we are sharing the information
- You have the right, subject to exemptions, to ask to
- Have your information deleted
- Have your information corrected or updated where it is no longer accurate
- Ask us to stop processing information about you
- Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, without hindrance from us
- Object at any point to the processing of personal data concerning you
Monitoring and review of the policy
- This policy is formally reviewed annually by the Managing Director.
- We will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives. It is in our interests and yours for us to manage all data safely and securely at all times.