This Privacy Notice is provided by Redpath Deilmann UK Limited and is intended to provide you with all of the information that you need to understand the personal data that we may have about you.
In particular, this Notice describes the categories of personal data we may process, how your personal data may be processed and how your privacy is safeguarded in the course of our relationship with you. It is intended to comply with our obligations to provide you with information about the Company’s processing of your personal data.
We take your data protection rights and our legal obligations seriously. Your personal data will be treated in a secure and confidential manner and only as detailed in this notice.
1. WHO IS THE DATA CONTROLLER OF YOUR DATA
Redpath Deilmann UK Limited, a company registered in England and Wales, Company Number 12892341, whose Registered Office is at C/O Rödl & Partner Legal Limited, 170 Edmund Street, Birmingham, United Kingdom, B3 2HB and/or one or of the companies within the Redpath Group of Companies.
If you have a contractual relationship with us, Redpath Deilmann UK will be the data controller of your personal data.
2. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. In order to carry out any processing of your personal data, we will always ensure that we have a reason to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the information set out in this Notice, where this is required or permitted by applicable law.
We may amend the content of the Notice from time to time to keep it up to date with the current legal requirements and the way we operate our business.
3. HOW WE KEEP YOUR INFORMATION SECURE
Redpath Deilmann UK is committed to protecting the security of personal data you share with us or we otherwise process about you. In support of this commitment, we have implemented all appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk.
4. WHEN DO WE SHARE YOUR PERSONAL DATA
Within Redpath Deilmann UK, your personal data can be accessed or may be disclosed internally on a need-to-know basis. Your personal data may be accessed by:
- Local and global departments including line management and team members
- Local and executive management, responsible for managing or making decisions in connection with your
relationship with the company or when involved in a process concerning your relationship with the Company
- System Administrators
- Where necessary for the performance of specific tasks or system maintenance by staff in such teams as
Finance and IT
Your personal data may also be shared with interconnecting systems such as invoicing systems or customer management systems. In addition to internal recipients, data contained within such systems may be accessible by providers of those systems, their associated companies and sub contractors.
Your personal data may also be accessed by third parties including suppliers, advisers, national authorities and government bodies. Third party recipients may include:
- Service providers
- Tax authorities
- Regulatory authorities
- Our Insurers
- IT administrators
- Consultants and other professional advisers
- Customers and clients
We have a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or in order to enforce or apply our legal rights, in which case we may share your personal data with our regulators and law enforcement agencies in the EAA and around the world or to our legal advisers.
5. HOW LONG WE KEEP YOUR DATA
We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.
6. RIGHTS TO ACCESS AND CORRECT YOUR PERSONAL DATA
Redpath Deilmann UK aims to ensure that all personal data is correct. You also have a responsibility to ensure that changes to your personal data are notified to the Company as soon as possible so that we can ensure that your data is up-to-date. You have the right to request access to any of your personal data that the Company may hold, and to request correction of any inaccurate data relating to you. You should note that we do not always need to comply with your requests, but we will ensure that this is explained to you if this is the case.
You have a right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.
You can also request that we erase your personal data in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- you have made a successful objection (see right to object below); or
- it has been processed unlawfully; or
- it is necessary to comply with a legal obligation to which we are subject.
We are not required to comply with your request to erase personal data if the processing of your personal data is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims.
Right to restriction of processing
You have the right to restrict our processing of your personal data but only where:
- you contest the accuracy of the personal data, pending us taking sufficient steps to correct or verify its
- the processing is unlawful but you do not want us to erase the data;
- we no longer need the personal data for its original purpose, but we require it for the establishment, exercise
or defence of legal claims; or
- you have objected to processing justified on legitimate interest grounds (see below), pending verification as to
whether the Company has compelling legitimate grounds to continue processing.
Where personal data is subjected to restriction in this way, we will only process it with your consent; for the establishment, exercise or defence of legal claims; or to protect the rights of another natural or legal person.
Right to withdraw consent
Where you have provided us with your consent to process data, you have the right to withdraw such consent at any time. You can do this by (i) in some cases deleting the relevant data from the relevant IT system (although note that in this case it may remain in back-ups and linked systems until it is deleted in accordance with our policy) or (ii) contacting us.
In some cases, your withdrawal of consent may mean that we will no longer be able to continue our relationship with you. We will always inform you of the likely consequences of your withdrawal of consent.
Right to object to processing justified on legitimate interest grounds
Where the reason for processing your personal data is our legitimate interests, you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or where we need to process the data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as the legal ground for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Right to object to automated decision making
You have the right to object to any decision that significantly affects you being taken solely by a computer or other automated process. In such a case, you have the right to obtain human intervention, to express your point of view, and to contest the automated decision.
Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the EEA. We may redact data transfer agreements to protect commercial terms.
Right to complain to a supervisory authority
You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the processing of your personal data infringes applicable law.
7. HOW TO EXERCISE YOUR RIGHTS
If you wish to exercise your rights, you should contact us or make contact with your usual Redpath Deilmann UK contact or manager.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information or change account details where we know we are dealing with the right individual.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive, or where charging a fee is otherwise permitted under applicable privacy legislation. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.