Ensemble Consulting Limited

Ensemble Consulting Ltd

Ensemble Consulting Limited

Menu

Ensemble Consulting Ltd – Privacy Notice

Who are we?

This privacy statement applies to Ensemble Consulting Ltd with registered office address at Needlefurze House, Lower Pennington Lane Lymington SO41 8AN; or the entities we own or control (“Ensemble Consulting Ltd”, “we”, “us” or “our”).

Ensemble Consulting Ltd is committed to handling your information responsibly and safeguarding it using appropriate technical, administrative and physical security measures.

1.  Who does this privacy statement apply to?

This privacy statement explains what information we gather about you, what we use it for and who we share it with. It also sets out your rights and who you can contact for more information or queries.

Please read this statement carefully and should you have any questions contact us using the details  outlined in Section 11 – Right to Complain:

If you are an employee or independent contractor of Ensemble Consulting Ltd, please refer to the relevant privacy statement available on the Ensemble Consulting Ltd intranet or handbook for information on why and how your personal information is processed by Ensemble Consulting Ltd.


2.  Personal data that we may collect

We may process information about you that: (i) you provide to us, (ii) that we obtain from third parties or (iii) that is publicly available. This information may include your name, age, gender, date of birth and contact details. It may also include ‘sensitive’ or ‘special categories’ of personal data, such as dietary requirements or mobility information. For a more detailed description of the information about you that we may process  – Appendix 2 – Personal Data that we may collect

3.  Why and how we collect personal information

During the course of our normal operations, we may collect and process information about you to enable Ensemble Consulting Ltd to:

  • provide our services to you or our clients;
  • to enable us to provide you with information that we think may be of interest to you; and
  • to meet our legal or regulatory obligations.

For detailed list, on the various methods on how we may collect your data please see Appendix 1 – Data Collection Methods – Appendix 2 – Personal Data that we may collect

4.  Legal grounds we use for processing personal data

We are required by law to set out in this privacy statement the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:

  • you have explicitly agreed to us processing your information for a specific reason;
  • the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
  • the processing is necessary for compliance with a legal obligation we have or providing information to a public body or law enforcement agency; or
  • the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be:

(a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed;

(b) to prevent fraud;

(c) to protect our business interests;

(d) to ensure that complaints are investigated;

(e) to evaluate, develop or improve our services or products; or

(f) to keep you or our clients informed about relevant products and services and provide you with information unless you have indicated at any time that you do not wish us to do so.

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because:

  • you have given us your explicit consent to process that data;
  • we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us);
  • the processing is necessary to carry out our obligations under employment, social security or social protection law;
  • the processing is necessary for the establishment, exercise or defence of legal claims; or
  • you have made the data manifestly public.

Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases is applicable.

5.   How we use your personal data

We will only use your personal information when the law allows us to do so, i.e., where we have a lawful basis for processing. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we are about to enter or have entered into with you or take any steps you ask us to do, before entering into a contract with you.
  • Where it is necessary to do so, to comply with any legal obligations we have, such as under money laundering laws.
  • Where the processing is necessary for our legitimate interests in:
    • providing advisory and/or consultancy services;
    • ensuring regulatory compliance and maintaining accreditations.
    • providing our clients with the best service;
    • promoting our services;
    • receiving feedback; and
    • improving our services and identifying ways to grow our business

and/or for the legitimate purposes of our clients and or other third parties in receiving those services.  We will only rely on this lawful basis where we consider that your interests and fundamental rights do not override such interests.

  • Consent:
  • Where we rely on your consent for processing this will be brought to your attention when the information is collected from you.
  • You have the right to withdraw consent at any time, see the Your Rights section below for further information about how you may withdraw your consent.
  • We do not rely on or require your consent for the majority of our processing.

When processing your personal information, we comply with the provisions of this privacy statement and, in respect of the provision of consultancy services we are also bound by professional obligations of confidentiality.  You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us via options noted in Section 11 – Right to Complain.

6.  Who might we share your information with?

For the purposes set out in the ‘How we use your personal data’ section above, we may disclose details about you to:

  • professional advisors, suppliers and sub-contractors in the course of the provision of Ensemble Consulting Ltd services
  • competent authorities (including authorities regulating us and other members of Ensemble Consulting Ltd network, if applicable);
  • in exceptional circumstances (e.g personal safety) your employer and/or its advisers, or your advisers;
  • any other person or organisation after a restructure, sale or acquisition of any member of Ensemble Consulting Ltd network, as long as they use your information for the same purposes we did;
  • third parties who have a right to access information through legal disclosure rules as part of litigation;
  • other service providers with whom we share information who are approved by us and subject to contractual obligations designed to ensure that those providers comply with data protection legislation.

Our social media hosts various blogs, forums, and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal data that you contribute to these Social Media Applications can be read, collected and used by other users of the application. We have little or no control over these other users, so any information you contribute to these Social Media Applications might not be handled in line with this privacy statement.

Ensemble Consulting Ltd may share data across its network but does not sell or share user data with third parties.  Ensemble Consulting Ltd does not transfer personal data to any country or organisation outside the UK.

7.  Protecting your personal data

We use a range of measures to ensure we keep your personal data secure, accurate and up to date. These include:

  • education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
  • administrative and technical controls to restrict access to personal data to a ‘need to know’ basis;
  • technological security measures, including fire walls, encryption and anti- virus software (accredited in relation to the UK Government’s Cyber Essentials security standards: and
  • physical security measures, such as security passes to access our premises.

The transmission of data over the internet (including by email) is never completely secure. So, although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.

8. How long we keep your personal data for?

We seek to ensure that we only keep your personal data for the longest of:

  • the period necessary for the relevant activity or services;
  • any retention period that is required by law; or
  • the period in which litigation or investigations might arise in respect of the services.

9.  Your rights

If we process your personal data, you have the following rights. You can exercise these rights at any time by emailing us at info@EnsembleConsulting.co.uk or by using contact details given in Section 11 – Right to Complain. You have the right:

  • Your right of access – to obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
  • Your right to rectification – ask that we update the personal data that we hold about you, or correct such data if you think that it is inaccurate or incomplete;
  • Your right to erasure – ask that we delete personal data we hold about you, or restrict the way that we use such personal data; withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
  • Your right to restriction of processing – to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
  • Your right to object to processing – ask us not to process your personal data in certain circumstances.
  • Your right to data portability – ask that we transfer copies of the personal information you gave us to another organisation, or to you, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract).

If you would like to access or see a copy of your personal data, you must ask us in writing. We will endeavour to respond within a reasonable period, and in any event within one month in line with Data Protection Legislation. We will comply with our legal obligations as regards your rights as a data subject.

10.  Right to Complain

Should you have any issues, concerns or problems in relation to your data, or you wish to notify us of data which is inaccurate, you can contact us by:

  • writing to Director – Ensemble Consulting Ltd, Needlefurze House, Lower Pennington Lane Lymington SO41 8AN; or
  • sending an email to enquiries@EnsembleConsulting.co.uk

If we are unable to resolve your concerns, you have the right to complain to the Information Commissioner’s Office (ICO) which regulates and supervises the use of personal data in the UK. The ICO’s contact details are available here: https://ico.org.uk/concerns.

 11.  Changes to this privacy statement

We may modify or amend this privacy statement from time to time.

When we make changes to this privacy statement, we will amend the revision date at the top of this page. The modified or amended privacy statement will apply from that date. We encourage you to review this statement periodically to remain informed about how we are protecting your information.


Appendix 1 – Data Collection Methods

We use different methods to collect personal information from and about you including:

Direct interactions: you may voluntarily provide us with your personal information, for instance when you:

  • fill out a form on our website, e.g. completing an online form sign up to our marketing list;
  • correspond with us by email or post;
  • speak to us in person or on the phone;
  • visit our offices;
  • give us feedback (for example, by completing a survey);
  • give us your business card at an event or meeting; or

 Automated technologies or interactions

  • As you interact with our website, we will automatically collect information about your browsing activities and your equipment. We collect this information by using cookies. For full details about our use of cookies, please see our Cookie Notice.
  • Publicly available sources: we may collect personal information available publicly from the publicly accessible and online sources such as:
  • online professional social networking services and applications, such as LinkedIn;
  • your company’s website;
  • the Land Registry; and
  • Companies House.

 Third party sources: we may collect personal information from the following third party sources:

  • our clients;
  • our agents;
  • professional advisers instructed by us;
  • fraud prevention and credit reference agencies;
  • subscription databases;
  • insurance databases; and
  • government agencies.

Appendix 2 – Personal Data that we may collect

We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection Legislation and as set out in this statement.

The personal data we process may include your:

  • name, gender, age and date of birth;
  • contact information, such as address, email, and mobile phone number;
  • country of residence;
  • lifestyle and social circumstances (for example, your hobbies);
  • family circumstances (for example, your marital status and dependents);
  • employment and education details (for example, the organisation you work for, your job title and your education details);
  • financial and tax-related information (for example your income, investments and tax residency);
  • postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties);
  • IP address, browser type and language, your access times;
  • information in any complaints you make;
  • details of how you use our products and services;
  • CCTV footage and other information we collect when you access our premises; and
  • details of how you like to interact with us, and other similar information relevant to our relationship

The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:

  • dietary requirements (for example, when Deloitte would like to provide you with lunch during a meeting);
  • health (for example, so that we can make it easy for you to access our buildings, products and services); and
  • sexual orientation (for example, if you provide us with details of your spouse or partner).

We may also process personal data relating to ethnic or racial origin (for example, any multicultural networks you belong to), or about your political opinions (inferred from information you give us about political associations you belong to or have donated to).

Scroll to Top