1 About us
Intelligent Business Consulting Group Limited (hereinafter collectively referred to as “IBC” “we,” “us” or “our”) takes data protection seriously and are committed to safeguarding all data in our possession and ensuring the privacy of our customers. We will only use information provided to us for specified and lawful purposes as provided under the UK General Data Protection Regulation and will handle this information both respectfully and responsibility.
IBC shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorised. To the extent necessary for those purposes, IBC shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
This privacy notice provides details about how your personal information is collected, shared and used by us. To learn more about IBC, visit www.trustibc.com. If you have any questions about this privacy notice or the practices described herein, you may contact email@example.com.
We have written our Privacy Notice to comply with the UK GDPR (now referred to as ‘GDPR’) ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
3 Information covered by this Privacy Notice
This privacy notice covers personal information, including any information we collect, use and share from you, as described further below. This privacy notice applies to all IBC websites, our products, and services (collectively, the “Services”).
When you purchase a Service from us, your personal information will be collected, used, and shared consistent with the provisions of this privacy notice.
The Privacy Notice of IBC is based on the terms used by the UK legislator for the adoption of the GDPR. We use the following terms:
4.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4.2 Data subject
Data subject is any identified or identifiable natural person, whose personal data are processed by the controller responsible for the processing. Within this data protection policy, the terms; “you” and “data subject” are used freely and interchangeably.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
4.7 Sub Processor
Sub Processor is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5 Information we collect from you
The information that is processed by IBC falls into three distinct categories:
- Client, supplier and prospect contact information, including enquiries submitted via the www.trustibc.com website. IBC are a data controller in this situation.
- Details relating to users of our training portal, as provided by our clients. IBC are a data processor in this situation
- Details processed as part of the delivery of our services to our clients. IBC are a data processor in this situation
We collect this data for the purposes described under “How We Use Your Information”.
5.1 Data collected via our website
For each visitor to our web page, our web server may use a tracking code or collect information that your browser sends whenever you visit our Web page. This information is aggregated to provide us with usage statistics and reports on Website visits. Data relating to your online activity on our websites including the following:
- IP address
- browser type and version
- geographic location
- pages you view
- how you got to our Services and any links you click on to leave our Services
- your interactions with any videos we offer
- issues you encounter requiring our support or assistance
- any device or other method of communication you use to interact with the Services
5.2 Training data processed on behalf of our clients
IBC provide access to a training portal for our clients and their employees. In the course of providing these services, IBC processes data, including Personal Information, on behalf of its customers. Our purpose in processing this covered data is solely for the purpose of loading the data into our training portal to enable users to undertake the training available. IBC acts as a data processor and does not control the data provided by its clients. IBC processes Customer Data under the explicit direction of its Customers and has no direct control or ownership of the personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her query to IBC client (the data controller). If the Customer requests IBC to remove the personal data to comply with data protection regulations, IBC will respond to their request within 30 business days.
The types of personal data processed includes:
- Email address
5.3 Data processed during the provision of our services on behalf of our clients
During the provision of our professional services to our clients, IBC may be required to process client-supplied personal data. Such personal data could cover the client’s employees. In this context, IBC acts as a data processor and does not control the data. IBC processes such data under the explicit direction of its customers and has no direct control or ownership of the personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her query to the client (the data controller). If the customer requests IBC to remove the personal data to comply with data protection regulations, IBC will respond to their request within 30 business days.
6 How we use your information
We use the information we collect, both on its own and combined with any other information we collect about you, for the following purposes:
- To provide the requested Services to you in line with the contract with you;
- To provide your employees with access to our training portal;
- To provide you with useful content;
- To ensure the proper functioning of our Services
- To offer and improve our Services;
- To provide you with requested information or technical support
- To facilitate your movement through our websites or your use of our Services;
- To diagnose problems with our Services;
- In connection with our security and compliance programs;
- To administer our websites;
- To communicate with you;
- To target prospective customers with our products or services;
- To assist us in offering you a personalised experience or otherwise tailor our Services to you; and
- As otherwise described in this privacy notice.
7 Sharing of information
Under direction from our clients, IBC may transfer some Personal Data we collect to our third party sub-contractors or other partners.
In the context of an onward transfer IBC has responsibility for the processing of personal information it receives under the GDPR and subsequently transfers to a third party acting as an sub-processor on its behalf. IBC shall remain liable under the Principles if its sub-processor processes such personal information in a manner inconsistent with the Principles, unless the organisation proves that it is not responsible for the event giving rise to the damage.
IBC is under the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. IBC will notify Customer of such request unless prohibited by law.
8 Tracking technologies and online advertising
You always have the opportunity to opt out of our marketing communications with you or change your preferences by following a link in the footer of all non-transactional email messages from us or by emailing us at firstname.lastname@example.org.
We may contact you by telephone, with your consent where applicable, for marketing purposes. In the UK, we will check the Telephone Preference Service (TPS), Corporate Telephone Preference Service (CTPS) and our internal CRM system before making calls. If your number appears as blocked on either list, we will not call you. If you do not want to receive marketing calls, please contact customer support and we will update our records.
10 Retention of personal information
We retain your personal information to provide services to you and as otherwise necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain your personal information for no more than three years following the later of (i) the date on which you terminate your use of the Services or (ii) May 25, 2018, unless we are otherwise required by law or regulation to retain your personal information for longer.
Following this period, information related to referral source, service requested and geographical location will be pseudonymised (i.e. amended to be unidentifiable) for statistical purposes. On occasion reports may be completely anonymised for training purposes. All other data will be securely destroyed in accordance with GDPR requirements.
11 Legal basis for processing your information
Depending on what information we collect from you and how we collect it, we rely on various grounds for doing processing your information under the GDPR, including the following reasons:
- Under the instruction of a controller in line with a contract with them
- We have a legitimate interest in promoting our services to you
- Through your consent provided via the forms provided on our website
- Comply with a legal obligation
- Protect the employees or another individuals’ vital interests
- Carry out a task in the public interest, or in exercising official authority vested in the employer
- To respond to a question or job application that has been sent to us through the website
- To respond to service tickets which have been submitted or provide updates on the services being supplied
- To communicate services which we think will be of interest
12 Your rights
Under the General Data Protection Regulation (GDPR) you have a number of rights with regards to your personal data. You have the right to request from IBC access to and rectification of the data as well as for it to be erased and to restrict processing of the data in certain circumstances.
If you have provided consent for the processing of your data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before consent has been withdrawn.
You also have the right to lodge a complaint with your local supervisory authority if you feel that IBC has not complied with GDPR requirements regarding your personal data.
We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. To exercise any of your rights, please email email@example.com. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
Informed – You have the right to be informed about the collection and use of your personal information.
Access – You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
Portability – You have the right to receive a subset of the personal information you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party. If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal information or its processing once received by the third party.
Rectification – You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
Erasure – You may request that we erase the personal information we hold about you in the following circumstances:
- where you believe it is no longer necessary for us to hold the personal information;
- we are processing it on the basis of your consent, and you wish to withdraw your consent;
- we are processing your data on the basis of our legitimate interest and you object to such processing;
- you no longer wish us to use your data to send you marketing; or
- you believe we are unlawfully processing your data.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
Restriction of processing to storage only – You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:
- You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;
- We wish to erase the personal information as the processing we are doing is unlawful, but you want us to simply restrict the use of that data;
- We no longer need the personal information for the purposes of the processing, but you require us to retain the data for the establishment, exercise, or defense of legal claims; or
- You have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.
Objection – You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.
Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by emailing firstname.lastname@example.org.
Not to be subject to automated processing – You have the right not to be subject to decisions based solely on automated processing, including profiling.
Our website and services are not directed to persons under 18. We do not knowingly collect personal information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal information without such parent or guardian’s consent, he or she should contact us. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files.
Individuals with inquiries or complaints regarding our Privacy Notice should first contact IBC at:
- Intelligent Business Consulting Group Limited
- Mail: 10 Beech Court, Hurst, Reading, RG10 0RQ
- Phone: 0330 223 4922
- Email: email@example.com
IBC has committed to cooperate with UK data protection authority (DPA), concerning both human resources data and non-human resources data transferred from the UK. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the Information Commissioners Officer (ICO) for more information or to file a complaint.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
16 Notification of changes
We reserve the right to modify this privacy notice at any time, so please review it frequently. If we decide to change this privacy notice in any material way, we will notify you here. Your continued use of any Services constitutes acceptance to any such changes.
Last modified May, 2023