A series of stimulating talks that meet you right where you are

Explore upcoming events

Privacy Policy

Data Privacy Policy

This policy explains how Osmond Group Limited (The Company) collects, uses, stores, and disposes of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 requirements. This is generally referred to as GDPR. It is EU legislation effective May 25th, 2018, setting guidelines for the way personal data is handled and processed and the responsibilities of the data controller and data processors handling the data.

As defined by ICO (the Information Commissioner’s Office), a data controller determines the purposes and means of processing personal data. A data processor is responsible for processing personal data on behalf of a controller.

What do we mean by personal data?

Personal data means details which can identify an individual or could be used to identify an individual, such as a name, contact details or address.

What personal data does The Company hold? 

The Company holds the following types of data:

  • Personal information of customers, suppliers and third parties who work with us or handle services or products to/from us. This includes contact numbers and email addresses.
  • Names and contact details, including email addresses, for individuals who have registered to receive marketing material, such as our monthly eBulletin (email newsletter).
  • Brief special category data, such as individuals’ anthropometric (body measurement) data, disabilities and/or medical and postural conditions. This data may include an individual’s name, telephone number and/or email address for the purpose of visiting a client and carrying out services such as workstation and disability needs assessments.

How does the Company receive and collect data?

  • Data controllers, third parties and people who work with us: Provided to us either at the time of opening an account with The Company or to update us about relevant changes and additions, as well as orders and instructions to supply products and services.
  • Marketing: Collated through events, exhibitions, meetings, online newsletters and social media where each individual’s consent has been received. Also allowing individuals to opt out, deregister or be anonymised or made invisible at any point.      
  • Individuals (general public): Provided directly by the individual or via an employer, legal entity, therapist or other healthcare professional with the data subject’s consent.
  • Manufacturers: Directly from the manufacturer.

What lawful basis does the Company use to process data? 

The Company processes data where the data subject or relevantcompany/body has given consent or where processing isrequired for the performance of a contract or transaction. An example of this would be assessment visits for individuals who require guidance and advice about our products and / or services.Who does the Company share data with? 

The Company sometimes needs to share personal data with otherorganisations/persons orindividuals. Examples could be family members, manufacturers, couriers, professional or government bodies, and external assessors. 

Subject Access Request 

The Companyrecognises that all data subjects have the right to know about what data The Company holds, stores,shares andprocesses about them, as set out in Article 15 (Right of access by the data subject) of GDPR. Data subjects are entitled only to information about themselves and not about others. A request can be made verbally or in writing. The Company willidentify and act on the request within one month of receipt, as set out in the GDPR guidelines. However, if The Company feels that the individual’s request is uncorroborated, The Company reserves the right to refuse orcharge accordingly. If a request isdenied, The Company will explain to the individual why and inform them that they have the right to appeal to the Managing Director. 

Individual’s Rights 

The Company understands that the individual has the following rightswithregard to any personal data that is stored about them: 

  • The right to be informed. 
  • The right to access.
  • The right to rectification.
  • The right to erasure
  • The right to restrict processing.
  • The right to data portability.
  • The right to object. 
  • The right not to be subject to automated decision-making, including profiling. 

Data Security and Retention 

The Company systems and devices aremonitored and backed up continuously. All emails are encrypted (TLS) and any sensitive attachments have been replaced with a secure storage system providing individual document access via secure hyperlink. All employees receive training to reduce the possible risks involved in handling personal data and to ensure all data is handled in a secure environment. 

The Company holds personal data for seven yearsunless there is a requirement to do otherwise. For example, if the transaction/contract involves a warranty which exceeds this period. Also, if the personal data is requested to be disposed of The Company will act upon the request accordingly.  

Data Breaches 

The Company understands the importance ofand need toidentify,assess and respond to a breach (within 72 hours). The Company has a separate Data Breach Policy which provides anin depth explanation of procedures. A copy can be provided upon request. 

Cookies / Website 

The Company uses cookies to track visitorbehaviour patterns on our website. However,cookies can be restricted or blocked at any point by individuals in the internet settings on their device. Please note that, if all cookies are blocked, this mayimpactfunctionality of the website. The Company also uses Google Analytics which collects anonymous information about how individuals use our website.This particular information is used to help us monitor and improve our site.All of the information mentioned is anonymous and cannot be linkedto a specific individual. 

Complaints 

The Company has a complaints procedure in place to ensure that all complaints are addressed and resolved effectively in an adequate timescale. Complaints can be received verbally in person or by phone, or in writing by email or post. The complaint will then be passed to the relevant Department Manager and/or Managing Directorto action accordingly. 

Policies and Procedures 

Copies of the Company policies and procedures can be requested at any point by phone, emailor in writing. 

Registration with ICO 

The Company is registered with the InformationCommissioner’s Office (ICO). You can view our registration here:https://ico.org.uk/ESDWebPages/Entry/Z8680716 or by visiting the ICO website atico.org.uk and entering the following reference number: Z8680716. 

Data Protection Officer 

The Company has appointed a Data Protection Officer (DPO). The DPO can be contacted at dp.officer@ergonomics.cernagodev.comor by calling 0345 345 0898. It is also acceptable to write to:

The Data Protection Officer
Osmond Group Limited
21 Johnson Road
Ferndown Industrial Estate
Wimborne
Dorset
BH21 7SE

June 2024