1. About this policy and our role
emdrfocus.com (the “Site”) is operated by EMDR Focus Ltd, registered in England and Wales with company number 9413560) (“EMDRFocus”, “we” or “us”). EMDRFocus is the data controller in respect of any personal data collected when you use the Site and when you interact with us.
We respect your privacy and are committed to protecting your personal data. This policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
2. When and what personal information we collect and what we use it for?
Information we collect
When you visit our Site, we may collect certain technical information about your visit, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Site. We may collect such data for administrative and statistical purposes and to help us improve our Site. You can find more information about the technical information we collect and how we do so in our Cookies Policy.
Information you provide to us
We will need to gather more personal information from you when you reach out to us to make an enquiry, interact with any of our open-source projects or contact us about our work or events. The information we collect during our interactions with you allows us to respond to your requests, facilitate your collaboration on open-source projects, and provide you with further information. For example, if you make an enquiry via our Site, we will need to collect your contact details in order to respond to your enquiry and keep records of our interactions.
Information we obtain indirectly
Your personal information may be shared with us by third parties, such as our partners, platforms, or organisations who organise events in which we participate. For example, we may receive your name, contact details, employer, and job title as part of a list of attendees at an event.
We may also receive contact information and personal data about you from various other third parties, such as from our analytics providers (Google Analytics), advertising networks, and social networking sites (only if you interact with us on such sites). We may require that you provide us with your contact information, such as your name, job title, company name, address, phone number, email address through these third parties. Your interactions with social media features are governed by the privacy policies and terms and conditions of the companies providing them.
In addition to the purposes mentioned above, we will also process your personal information to manage our business, including for accounting and auditing purposes, to conduct our regular reporting activities on the performance of our company, including in the context of a business reorganisation or group restructuring, to maintain our IT systems, to deal with legal disputes involving you, our agents and/or our suppliers, and to comply with our legal obligations.
We collect personal data only if required to provide our products or services, fulfil our legitimate business purposes (or those of a third party), and/or comply with applicable laws and regulations. We may use personal information to communicate with you, respond to your requests, or provide the information requested by you via email or social media.
A legitimate interest is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your rights and interests.
Special categories of data
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3. Lawful processing
We are required to rely on one or more lawful grounds to collect and use the personal information that we have outlined above. The following are applicable, depending on the context:
Generally we do not rely on consent as a legal basis for processing personal data other than in relation to certain direct marketing activities.
Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject.
Where it is necessary for us to process your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract), for example if you are the contact at one of our clients.
We rely on this basis where applicable law allows us to collect and use personal information for our legitimate interests and the use of your personal information is fair, balanced, and does not unduly impact your rights. For instance, it is in our legitimate interest to process personal data of any person who contacts us with an enquiry, in order to respond to such enquiry, or process data for the purposes connected with the administration of our business, for developing our business strategy and monitoring the performance of our business.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Communications and marketing
You may receive marketing communications from us (including news about our ongoing projects and events we may be attending).
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
5. Sharing your personal data
We may share your personal data between our company groups (Braynework), for the purposes of performing our contractual obligations to our clients or furthering our legitimate business interests (as set out above).
We will never pass your personal data to anyone else, except for any successors in title to our business and associated group companies or to suppliers that may process data on our behalf as part of providing a service to you. We may also need to share your personal information for auditing purposes, with our advisers, if we are under any legal obligations or in connection with any legal proceedings, in order to establish, exercise or defend our legal rights.
We will not sell your personal data, but we cannot be held responsible for the actions of any third party sites from which you may have linked or been directed to our Site.
6. International transfers
We are aware that certain countries outside the UK or European Economic Area (EEA) have a lower standard of protection for personal information, including security protections.
We may transfer personal data outside the EEA. However we will do so only if we can be satisfied that the recipient implements appropriate safeguards (as required by UK data protection laws) designed to protect your personal information.
7. Keeping your data secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. How long do we keep your personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, by law, we keep basic information about our clients for six years after the relevant contract ceases. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Once the personal information is no longer required, we will securely destroy your personal information in accordance with applicable laws and regulations.
9. Your rights
Please let us know if your personal information changes during your relationship with us.
Under certain circumstances, by law, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
- Request the transfer of your personal information to another party.
If you would like to exercise any of the above rights, please:
- email, call or write to us (see our contact details below);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorized third parties; and
- let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
10. Contacting us or the ICO
You can email us: firstname.lastname@example.org
You can write to us at: 1a Havelock Rd, Sheringham, Norfolk, NR26 8QD, UK.
You can also contact the Information Commissioner’s Office on 0303 123 1113.