At Blackfoot UK Limited, we are committed to protecting and respecting your privacy.
Everything that is done with data, including storing it, using it or even deleting it is referred to as “processing”.
This Privacy Notice explains how the personal data you have provided, or that has been collected is processed, it explains the basis upon which that processing, including where appropriate providing it to trusted third-parties, is performed.
Throughout this privacy notice, references to ‘us’, ‘our’ or ‘we’ means Blackfoot UK Limited. References to ‘you’ or ‘your’ means you as an individual, and references to “data” or “personal data” relates to those elements that identify you as an individual amongst the many.
Blackfoot UK Limited is registered in England and Wales under registration number 06778791.
• Our registered office is at Maria House, 35 Millars Road, Brighton, BN1
• Our Data Protection Officer (DPO) is Matthew Tyler. In his capacity as DPO Matthew can answer any questions you may have about this privacy notice or our privacy practices; he can be contacted via email to DataProtectionEnquiry@blackfootuk.com or mail to our registered office.
Blackfoot UK Limited is committed to ensuring your privacy and your personal data is protected whenever and wherever we process it.
1. The Data: you provide, we collect, how we use it, and why?
1.1 Data you provide
When you contact us either via our “contact us” form on this website, email us directly, phone us or even correspond by letter you will provide us with, or be asked to provide, basic contact information so that we can respond to your query.
Unless you tell us not to, we’ll retain that information in case we need to contact you again in relation to that enquiry, or any of our related services that we feel may be of interest to you.
As part of services we are contracted to perform for you, you may be required to provide personal data about you, your employees, service providers and / or customers.
For current and potential employees, contractors, associates and service providers we will require you to provide personal data appropriate to your relationship with us. This may include standard CV details e.g. contact details, qualifications, prior employment details. Once engaged, this may include additional personal data such as bank details, hours worked, and health data.
We process this data on the basis of:
• your consent in providing that information to contact you e.g. via the website or about potentially working for us
• legitimate interest – you contacted us about a service and we believe there is a related service you may be interested in.
• contract – where we have entered into an agreement with you e.g. regarding delivery of services or employment
1.2 Data we collect
Whenever you visit our website we collect small amounts of technical data about you; your IP Address, the pages you visited, when and how long you spent on each page.
This information helps us recognise you as a returning visitor and see which pages generate the most interest; either single or multiple visits. Using this data we can refine our pages to provide a better user experience.
In delivering services to you as part of a contract, we take care to collect the minimum personal data as is necessary for the performance of the contract, and this may vary based on the services being provided.
For current and potential employees, contractors, associates and service providers, we may collect data e.g. references, which we will only do with your consent.
1.3 Data we receive
We don’t buy personal data from any data providers, any data not provided by you or collected by us, will have been provided by someone who knows you and believes that we have a service that could benefit you.
We take this information on trust that the person providing it has your consent to give it to us. If we use this information to contact you, and that contact turns out to be unwanted you can ask us to remove your details and not to contact you again; and we will comply with your requests.
1.4 Data we share with third parties
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the categories of recipients:
• Where necessary for administrative purposes and to provide professional
services to our clients
• Parties that support us as we provide our services (e.g. providers of telecommunication systems, IT system support, archiving services, document production services and cloud-based software services.)
• Payment service provider.
• Law enforcement or other government and regulatory agencies (e.g, HMRC) where we have a legal obligation to do so.
1.5 Transferring personal data outside the EEA
We store data on servers located in the European Economic Area (EEA). We may store personal data outside the EEA when we have business reasons to engage these organisations, but these organisations are required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
2. Using cookies
We use traffic log cookies to identify which pages are being used, to help us analyse data about web page traffic and improve our website in order to tailor it to customer needs. Overall cookies help us provide you with a better website.
Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our website’s features.
Further information about managing cookies can be found in your browser’s help file or through sites such as www.allaboutcookies.org
3. Your Data Protection rights
Under the General Data Protection Regulation (GDPR) every individual within the EU region has rights in respect of their Personal Data. These rights are highlighted below, and more information on each can be found on the Information Commissioner’s Office (ICO):
• Access – You can ask us to verify whether we are processing personal data
about you, and if so, to provide more specific information.
• Correction – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
• Erasure – You can ask us to erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
• Processing restrictions – you can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
• Data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
• Automated Individual Decision-making – You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
• Right to Object to Direct Marketing including Profiling – You can object to our use of your personal data for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
• Right to Withdraw Consent – You can withdraw your consent that you have previously given for one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
In seeking to exercise any of your Rights under the GDPR you can contact us at DataProtectionEnquiry@blackfootuk.com or our registered address: Blackfoot UK Ltd., Maria House, 35 Millars Road, Brighton, BN1 5NP.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
We are committed to ensuring that your information is secure. We have put in place appropriate technical and organisational security policies and procedures to protect personal data we collect from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
If you have access to parts of our website or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the internet is not completely secure. Whilst we do all we can to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
5. Links to other websites