Privacy Policy

1. Who We Are

This Privacy Policy explains how McKay Consulting (“us”, ““we”), whose office is at Bryn Ial, Ffordd Rhiw Ial, Llanarmon-Yn-Ial, Denbighshire, CH7 4QE, processes and safeguards the Personally Identifiable Information (“PII”, “Personal Data”, “Personal Information”, “Your Information”) we hold about our data subjects including employees and customers in accordance with the General Data Protection Regulations (EU 2016/679) and the Data Protection Act 2018 (c12).

For the purposes of the GDPR we are the Data Controller for any PII that we collect.

This Privacy Policy explains:

  • Why we collect, process and store information about you.
  • What information we collect.
  • How long we may keep your information.
  • Who we may share your information with.
  • Your rights in relation to your information.

2. Visitors to our Website

If web site visitors use the contact us form we will be sent whatever you type into the form. The fields that can contain PII are the name field and the email address field. The information you enter into the form is not stored on the website, nor anywhere else. We do not capture any other PII from visitors to our website, and we do not use cookies.

3. The Personal Data We Collect

It is important to ensure that the personal data we hold about you is accurate and up-to-date, and you should let us know if anything changes. For example, if you change your surname, phone number or email address. You can contact us by using the details set out in the section How To Contact Us.

People Who Email Us

When you email us, you unavoidably share your email address, name, and any other information in the email signature. For example, if you email us from your place of work, we may be told the name of your employer and your work phone number.

We monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Clients and Their Staff

In order for McKay Consulting to fulfil its contract with Clients we must collect the personal details of people within your business. The data collected can include your full name, business address, email address, business phone number and mobile number and you position, role or title.

Employees

If you are employed by McKay Consulting, we will collect and process your name, address, phone number, mobile number, age, gender, national insurance number, bank details and any other information for which we have a legal obligation or a legitimate interest in doing, such as taking up references or performing background checks.

4. How We use Your Data

We use your PII to:

  • Fulfil our contract with Clients, in the delivery of the Data protection Officer, IT Governance, Data Protection and Compliance servers we provide to them.
  • To notify you about changes to McKay Consulting’s services, terms and conditions, or this Privacy Policy.

5. Our Lawful Basis for Processing Personal Data

To govern and manage the business, and to organise and fulfil our contracts with Clients, we will collect and process personally identifiable information as detailed in the section above, titled The Personal Data We Collect. Our lawful bases for storing, processing and transmitting this personal data are described below.

Governance of the Business

To administer and manage the business, the personal data of employees must be stored and processed. Our lawful bases for this under GDPR are Article 6(1)(b) (Contract clause), Article 6(1)(f) (Legitimate Interest clause).

Fulfilling Contracts With Clients

To fulfil our contracts with Clients the personal data of Clients and their employees must be stored and processed. Our lawful bases for this under GDPR are Article 6(1)(b) (Contract clause), Article 6(1)(f) (Legitimate Interest clause), Article 6(1)(c) (Legal obligation clause).

Handling Questions

We provide an email link on our contact us page to allow website visitors to ask us questions about our services. When we respond to the enquiry we will use your email address to email back to you. We have a legitimate interest to allow us to gather and reply to questions about our services. Our lawful basis for this under GDPR is Article 6(1)(f) (Legitimate Interest clause).

Handling Complaints

To answer queries or complaints we will collect and process the contact details of the person raising the complaint, and records of their interactions with us. We have a legitimate interest to provide complaint handling services to customers. Our lawful basis for this under GDPR is Article 6(1)(f) (Legitimate Interest clause).

6. Use of Data Processors

Data processors are third parties who provide services to McKay Consulting. We use some cloud platforms providing software as a service. These providers do not process your data beyond providing storage facilities.

Zoho Corporation

We use cloud-hosted CRM and invoicing packages from Zoho. They have EU-based data centres in Amsterdam and Dublin. No CRM or invoicing data is transmitted nor processed outside of the EU. You can see their Privacy Policy here.

HMRC

PII may be shared with HMRC.

Legal Obligation

We may share your personal data with the police, law enforcement and security services to assist with the investigation and prevention of crime and the protection of national security.

7. Where We Will Store Your Data

All information you provide to us is stored in our own secure systems and in the Zoho cloud platforms, in EU-based data centres.

8. How Long is the Information Retained For?

  • Financial and employment records are retained for the minimum legal obligation that is placed on McKay Consulting. Currently this is six years.
  • Clients’ personal data is retained for five years after your last completed project with McKay Consulting.

9. Your Rights

Under the General Data Protection Regulation (EU 2016/679) (GDPR), you have rights as an individual which you can exercise in relation to the PII we hold about you. The GDPR provides the following rights for data subjects:

  • The right to be Informed
  • The right of Access
  • The Right of Rectification
  • The Right to Erasure
  • The Right to Restrict Processing
  • The Right to Data Portability
  • The Right to Object
  • Rights Related to Automated Decision Making and Profiling

You can read more about these rights here: Data Subjects Rights.

10. Complaints or Queries

McKay Consulting tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This Privacy Policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the collection and use of personal information by McKay Consulting. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address in the How To Contact Us section.

11. Access to Personal Information

McKay Consulting tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any of their personally identifiable information by making a subject access request under the General Data Protection Regulation (EU 2016/679) (GDPR).

If we do hold information about you, we will:

  • Respond within 30 days
  • Tell you what it is
  • Tell you why we are holding it
  • Tell you who it is shared with
  • Let you have a copy of the information in an intelligible form

To make a request to McKay Consulting for any personal information we may hold you need to put the request in writing to the postal address or email address in the How To Contact Us section. If we do hold information about you, you can ask us to correct any mistakes there may be in the data.

12. Data Breaches

In the unlikely event of a Personal Data Breach that is likely to result in a high risk to your rights, McKay Consulting will notify you of the breach without undue delay. However, if your Personal Data is encrypted or otherwise rendered unintelligible McKay Consulting will not be required to notify you of a breach because your data will not have been exposed.

This privacy notice does not cover the links within this site linking to other websites. This website may, from time to time, contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that McKay Consulting does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

14. Changes to This Privacy Policy

We keep our Privacy Policy under regular review.

This Privacy Policy was last updated on March 31st, 2021.

15. How To Contact Us

You can write to us at:

Data Protection Officer
McKay Consulting
Bryn Ial
Ffordd Rhiw Ial
Llanarmon-Yn-Ial
Denbighshire
CH7 4QE

Mail: dpo@dpocompliance.co.uk

Content © 2020-22 McKay Consulting. All Rights Reserved.

In case you haven’t found the answer to your question please feel free to contact us, we will be happy to answer any questions.