Your rights

As a data subject you have rights in respect of our processing of your personal data:

• Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it;
• Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
• Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
• Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
• Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another service. This would be sent in a structured, commonly used, electronic form;
• Right to object: You can object to us using your personal data for particular purposes; and
• Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances.

If you want to exercise any of these rights, please just contact us on DPO@firemelon.com

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/

Data sharing and transfer

Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.

Where data is transferred outside of the UK and EEA, we ensure that appropriate protection and mechanisms are in place, for example EU Standard Contractual Clauses or the UK International Data Transfer Agreement/Addendum. When we rely on these, we also carry out due diligence and transfer impact assessments to ensure they provide enough protection within the local legal framework. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

Automated decision making

We do not use your personal data in automated processes to make decisions about you.

Technical and operational security

At Firemelon all our employees are trained in data privacy on a regular basis. All our data and devices are encrypted. We maintain up to date anti-virus and anti-malware protection.

What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

Changes to our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date. If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

Contact us

We are happy to talk to you about how we process and protect data, just email us on DPO@firemelon.com

Tell me more…

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

• I am an employee or a potential employee
• I am a supplier
• I am a client or potential client
• I have submitted a data subject right request
• I am a visitor to the Firemelon office

Employee or Potential Employee Privacy Notice

If you are an employee, please refer to the document section of the PeopleHR system for information about how we use your personal data, or email us on DPO@firemelon.com

Supplier Privacy Notice

What data we hold

In some circumstances we will hold the following information about you:

• Your name and work contact information
• Your payment details

This data will have been sourced from you.

Using your information
Managing our relationship with you

We will use your data to manage our relationship with you, and to enquire about/buy products and services from you.

We also need to use your details to enter into and perform contracts with you, as well as keeping track of what we have agreed. In this case, the lawful basis for processing is Contract.

Dealing with your enquiry

If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom. It is also legitimate for us to keep track of what we said to you, so we can understand further business need and plan our strategy accordingly. In this case, the lawful basis for processing is [Legitimate Interest].

Retention periods

We hold your data for as long as we have a relationship with you or think we might want to buy products or services from you, or unless we are required by law to hold it for longer, e.g. litigation.

Client or Potential Client Privacy Notice

What data we hold and how we use it

As one of our clients, we hold information that is needed to onboard you to our systems and fulfil our contract with you. This will be: your name and work contact information. This data will have been sourced from you. In this case, the lawful basis is Contract.

As a client or a potential client, we will use your contact details, including your LinkedIn profile, to stay in touch with you during the course of everyday business and to manage our relationship with you. This data will have been sourced from you, from LinkedIn, or from someone in your company who has passed us your details. If we received your details from someone other than you directly, we will contact you and let you know how we have received them. The lawful basis for processing is Legitimate Interest to keep in touch and manage our relationship with you; due to the nature of our existing relationship or your role, we think you wouldn’t be surprised to hear from us.

As a potential client, if you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. The data will be: your name and work contact information, and details about your enquiry. This data will have been sourced from you. We keep a record of enquiries received, so that we know what we have said to whom. The lawful basis for processing is legitimate interest for handling your enquiries and informing you about services we believe will be of interest to you; based on the nature of your enquiry or your role, we think you wouldn’t be surprised to hear from us.

Retention of your data

We hold your contact data for the length of time that you are a client of ours, then another 7 years in case of any dispute (which we are sure there won’t be!)

In the 8th year, contact data is purged as an annual event.

Contact us

If you are a member of the public rather than a business entity, please contact your insurance, claims or assistance company, who will be the Controller, for any further information.

If you are a business who is a client of ours and want to talk to us about this, please email us on DPO@firemelon.com

Privacy Notice for Data Subject Rights requests

What data we hold

If you contact us to exercise a one of your rights as a data subject, we will hold the following information about you:

• Your name, how and when you contacted us, the nature of your request
• Any of your personal data that we process in order to handle your request

This data will have been sourced from you.

Using your information

We use this data to process your request. In this case, the lawful basis for processing is Legal Obligation.

Retention periods

The length of time we need to keep this data will depend on the nature of the request and the data involved.

Privacy Notice for visitors to the Firemelon office

What data we hold

If you visit us at our office we will hold the following information about you:

• Your name and organisation you work for

This data will have been sourced from you.

Using your information

We use visitor book data to know who’s on site in the event of an emergency and to help manage security at the office. In this case, the lawful basis for processing is Legitimate Interest, for keeping our site secure and our visitors safe.

Retention periods

We hold visitor book data for one year after the last entry in the book.