How we use your information
This privacy notice tells you what to expect when NEF Consulting collects personal information. It applies to information we collect about:
- Visitors to our websites.
- Complainants and other individuals in relation to a complaint or enquiry.
- People who use our services, eg who book our training, commission us for consultancy services, subscribe to our newsletters or request a publication from us.
- Email contact data via third-party sources.
- Respondents in research we conduct for our clients.
- Job applicants and our current and former employees.
In all cases we ensure full compliance with the Data Protection Act 1998 and are currently reviewing our policies and practice to prepare for the General Data Protection Regulations (GDPR) to come into force May 2018.
Visitors to our websites
When someone visits www.nefconsulting.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this as on our newsletter sign-up page. We will make it clear when we collect personal information and will explain what we intend to do with it.
Our website search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either NEF Consulting or any third party.
Newsletter and updates
We use a third party provider, Dotmailer, to store our mailing data and deliver our newsletters and updates. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see Dotmailer’s Trust Centre.
We send out marketing emails to sell our services. Under current data protection legislation, if you receive a marketing email from us, we believe we can demonstrate having a legitimate interest in using your information for marketing purposes. From 25 May, this is based on the fact you will have, within the last two years, have indicated some interest in our services through either opening a marketing email, subscribing to our updates, enquiring about our services, giving specific consent to be added to our mailing database, or engaging in a commercial transaction with us. It is possible to opt-out of receiving these marketing emails at any time through an ‘unsubscribe’ button at the top of each communication. We currently rent third party contact lists from Wilmington Healthcare Ltd, part of Wilmington plc, a stock market listed company and a reputable supplier of email lists of contacts within the NHS and local authorities. We will be checking with them on their compliance with the new regulations. Through the third party provider, Dotmailer, all third party and in-house lists are screened. In addition, we keep a ‘do not contact’ list of anyone who objects or opts out of our own mailings.
From May we plan to no longer mail sole traders or anyone who does not have a business email address unless they have specifically consented to be added to our mailing lists.
Security and performance
NEF Consulting use technologies designed to safeguard data during its transmission, such as SSL (Secure Sockets Layer) encryption for the data you provide on our website. We use this protection when you submit personal data to us on our website. SSL encryption seeks to ensure that you are actually sending your data to us and that no-one else can read or tamper with it during transmission. When you are asked to provide your personal data to us on our website, you will see that our “http” website address changes to read “https”. The additional “s” denotes that the site is secure for that data transfer. You may also see a closed padlock symbol on your screen, again denoting a secure site.
We use a third party service, WordPress.com, to publish our blog. The themes and plug-ins are monitored regularly and updated on a quarterly basis to ensure version control and install security updates.
People who contact us via social media
When you send Direct Messages via Twitter, Twitter will store and process your communications, and information related to them. NEF Consulting will not copy, store, or re-share the contents of your communications.
People who call our enquiry or bookings desk
We do not retain any information from the calls other than as needed for the purpose of handling your enquiry or placing your booking. We do not record them electronically.
People who email us
NEF Consulting is part of the New Economics Foundation’s IT network. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a complaint to us
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do not currently compile and publish statistics showing information such as the number of complaints we receive, but if we did so it would not be in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
People who use NEF Consulting services
NEF Consulting offers various commercial services to the public. We may use third parties to help us deliver our training or consultancy services, but they are only allowed to use information supplied by our clients and customers on a ‘need to know’ principle.
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have attended training to carry out a survey to find out if they are happy with the level of service they received or to send them marketing information on a similar service.
When people subscribe to our free newsletters or updates through signing up on our website, they can cancel their subscription at any time and are given an easy way of doing this.
When people purchase a service from us, such as booking a place on a training course, their details will be added to a mailing database held by a third party provider, Dotmailer, and sent information on similar services. They can opt out of receiving this information at any time and are given an easy way of doing this.
People completing a survey for a third party acting through NEF Consulting
NEF Consulting conducts research on behalf of its clients involving the collection and analysis of personal data. On collection of data, we ensure compliance with the Data Protection Act 1998 by following the guidelines published in 2003 by the MRS (Market Research Society) and SRA (Social Research Association): Data Protection Act 1998: Guidelines for social research. This will be updated before May 2018 to ensure compliance with the General Data Protection Regulations (GDPR).
In practice, this means we ensure:
- That a potential respondent has a very clear and unambiguous understanding of the purpose(s) for collecting their personal data and how they will be used (‘transparency’).
- That respondents have given their consent to their data being collected and the opportunity to opt out of any other subsequent uses of the data (‘informed consent’).
- Data collected for one purpose cannot be subsequently used for a different purpose unless the individual has given their permission.
- Permission to re-interview is obtained at the time of the first interview.
- Personal data collected in the name of a researcher can only be transferred to a client with the explicit consent of the individual respondent.
- Any sharing of personal data, for example, used for sampling purposes or collected in a survey meets the ICO code of practice for Data Sharing.
- If they ask, respondents have the right to know the source of any personal data used to recruit them.
- Interviewers will return or destroy any sample containing personal details sent to them and such information cannot be used for any other purpose.
- When recruiting for qualitative research, respondents will be informed about any recording or observation at the time of recruitment and at the beginning of the qualitative research.
- The data controller responsibilities will be clearly identified and delineated between the parties involved in any research e.g. client, researchers, sub-contractors, etc.
- Where a client-supplied sample is provided, or sample is provided by another other third party, we will check on the ICO web site that the client and/or third party has appropriately notified the purpose(s) and disclosures for their personal data.
- All parties to a research project will be bound by a written contract this includes clients, researchers and sub-contractors.
- We will not include client-branded incentives when undertaking research projects.
We use third party platforms to store and analyse responses including Survey Monkey. Please check their website for details of where and how they store data.
Job applicants, current and former NEF Consulting employees
When individuals apply to work at NEF Consulting, we use New Economics Foundation as our ‘recruitment agent’ (data processor) and they process the application and monitor recruitment statistics. They are currently updating their policies to ensure greater transparency, at which point we will supply more information.
Once a person has taken up employment with NEF Consulting, we use New Economics Foundation as our ‘HR manager’ (data processor) who will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with NEF Consulting has ended, New Economics Foundation will retain the file in accordance with the requirements of their retention schedule and then delete it.
Complaints or queries
NEF Consulting tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of NEF Consulting’s collection and use of personal information. We are currently working to ensure full compliance with the new General Data Protection Regulations before the May 2018 deadline. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
Access to personal information
NEF Consulting tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
- Give you a description of it.
- Tell you why we are holding it.
- Tell you who it could be disclosed to.
- Let you have a copy of the information in an intelligible form.
To make a request to for any personal information we may hold you need to put the request in writing or an email to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting us.
Disclosure of personal information
We will not disclose personal data without consent.
You can also get further information on:
- Agreements we have with other organisations for sharing information.
- Circumstances where we can pass on personal data without consent for example, to produce anonymised statistics.
- Our instructions to staff on how to collect, use and delete personal data – this is currently being redrafted.
- How we check that the information we hold is accurate and up to date.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review and is currently under review. This privacy notice was last updated on 28 March 2018.
How to contact us
NEF Consulting Ltd
10 Salamanca Place
London SE1 7HB
The contact for NEF Consulting is currently Mary-Louise Nash, Head of Marketing.
This Privacy Notice is based on, and adapted from, material on the ICO website and contains public sector information licensed under the Open Government Licence v3.0.