GDPR Policy

BiOME Consulting Ltd – Terms & Privacy Policy 

BiOME Consulting Ltd (“BiOME Consulting”, “we”, “our”“the Company”) is a UK based Private Limited Company registered in Scotland (Registered Number SC 481122).

Our registered Office is: 272 Bath Street, Glasgow, G2 4JR.

The BiOME Consulting website is designed to provide information about the business services we offer and the disciplines we support. 

We not take any responsibility for damage or loss suffered from the use of information on our website and any visitors reading or using information contained on our website do so entirely at their own risk. 

The Terms and Privacy Policy only applies to BiOME Consulting Ltd and any dealings or interactions you may have with BIOME Consulting Ltd. 

Privacy Policy 

BIOME Consulting Ltd is committed to protecting the privacy of any personal data we receive and hold. 

Our privacy policy explains the purpose of BIOME Consulting holding personal data, how it is used and stored, and your right to request details of any personal data we may hold on you. 

We will only use your personal information in accordance with this privacy policy, and in accordance with UK’s data protection laws and regulations. 

This privacy policy applies to BIOME Consulting Ltd and the BIOME Consulting website at biomeconsulting.com (the “Website”). This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”). 

For the purpose of the DPA and GDPR BIOME Consulting Ltd are the data controllers and any enquiry regarding the collection or processing of your data should be addressed to Laura Owen via info@biomeconsulting.com

By using the Website you consent to this policy. 

Personal Data Usage 

BIOME Consulting is principally a business to business organisation and only retains personal data required to conduct day to day business operations, provide business services, meet our contractual commitments and maintain adequate business records. 

We will only collect personal contact data (such as your e‐mail address, name, physical address or telephone number) on the Website if it is directly provided to us by you the user, via an email to info@biomeconsulting.com, or by using the “contact us” form. This personal data has therefore been provided by you with your consent. 

For BIOME Consulting clients, prospective clients or business contacts this personal information is required to maintain a business relationship. It is typically limited to personal data required to enable communication such as an email address and telephone number. On occasions this may include a personal address where a client or contact is not located at business premises. 

For BIOME Consulting employees personal data is the information required to support employment in the UK. This includes personal data to enable management of payroll; conduct staff communication; and retain a complete record of recruitment and employment, including performance information. 

You need not provide any personal information requested by us. However, without that information, for example contact details, we may be unable to make our services available to you. 

Personal Data Security 

BIOME Consulting personal data is held in a secure and protected environment that adheres with best practice standards of data security. 

However, the transmission of information via the Internet or email is not always completely secure. Although we will do our upmost to protect your personal data once in our possession, we cannot guarantee the security of data while you are transmitting it to ourselves or our site; any such transmission is at your own risk. 

Once we have received your personal data, we will use the following security features to try to prevent unauthorised access. 

BIOME Consulting uses Rackspace for email and client contact information. Please refer to Rackspacefor information on security, privacy and compliance of this system. https://www.rackspace.com/en-gb/managed-security-services/privacy-data-protection

BIOME Consulting uses Dropbox and WeTransfer for the secure storage of project files (which often includes a client point of contact) and employee information. Please see Dropbox Security and WeTransfer for information on security, privacy and compliance of this system. www.dropbox.com and wetransfer.com 

Data Sharing 

BIOME Consulting does not sell or provide any personal information to third parties for marketing purposes. 

Third party links 

You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them. 

Accessing Your Personal Data and Erasing Personal Data 

Under the UK Data Protection legislation (https://www.gov.uk/data‐protection) you have the right to obtain copies of any personal data we retain, and to inform us of any inaccuracy. If you have a request please contact us at the address detailed above or via an email at info@biomeconsulting.com and we will endeavour to respond within 30 days of receipt. 

You have the right at any time to request that the personal data we retain is erased. However, without such information, for example contact details, we may be unable to continue our service provision. 

Should you have any questions or complaints about your privacy please contact us via info@biomeconsulting.com

If a complaint is not resolved by us to your satisfaction, you may complain to the UK’s Information Commissioner’s Office https://ico.org.uk/. 

We reserve the right to make changes to this privacy policy from time to time for any reason. We will notify you of such changes by posting an updated version of this policy on our website. 

Individual Rights

Data subjects have a number of rights in relation to the personal data relating to them which may be held by the Company.

The Right to be Informed

Individuals have the right to know why and how their personal data is being processed. The Company has a privacy notice which is available on its website. Where information is obtained from other sources individuals will be supplied with a copy of the privacy notice as soon as is reasonably possible and no later than one month from the Company obtaining the data. 

The Right of Access

Individuals have the right to access their personal data and any supplementary information held by the Company.

Requests for information should be made by email or in writing to the Company, full details are contained within our privacy notice. The Company reserves the right to contact the individual in order to verify their identity before supplying any information.

Where the request has been made electronically the information will be supplied in an electronic format unless otherwise requested.

Information will be supplied free of charge; however, the Company reserves the right to charge a fee based on the administrative costs incurred where additional copies of the information is requested or where the request is excessive or repetitive.

Information will be provided as soon as is reasonably possible and within one month of receipt of the request at the latest. However, the Company reserves the right to extend this period by a further two months should the request prove complex or numerous. In these circumstances the Company will inform the individual within one month of receipt of the request and will explain why the extension is necessary.

Where the request is manifestly unfounded or excessive the Company may refuse to respond. In such cases it will contact the individual to explain its decision and inform them of their right to complain to the Information Commissioners Office.

The Right to Rectification

Individuals have the right to have their information corrected if they believe it is factually inaccurate. Requests for rectification of information may be made verbally or in writing and the Company reserves the right to verify the identity of the individual if deemed necessary. Where possible requests should be made by email to info@biomeconsulting.com 

Any changes requested will be made free of charge and as soon as is reasonably possible, at the latest within one month of the date of the request.

Where the Company believes that the request is unfounded it reserves the right to refuse to make any changes to information. In such cases it will contact the individual to explain its decision and inform them of their right to complain to the Information Commissioners Office.

Where information has been disclosed to a third party (i.e. HMRC) the Company will inform them of the changes made to any information held.

The Right of Erasure (the right to be forgotten)

Individuals have the right to request that personal data is erased. Requests for erasure may be made verbally or in writing and the Company reserves the right to verify the identity of the individual if deemed necessary. Where possible requests should be made by email to info@biomeconsulting.com

The right to erasure is only valid in certain circumstances. Where a request for erasure of information is made the Company will consider the request and will inform the individual of its decision as soon as is reasonably possible. Where the request is accepted information will be deleted free of charge and within one month of the date of the request. Where the request is not accepted the Company will inform the individual of its decision and of their right to complain to the Information Commissioners Office within one month of the date of the request.

The Right of Restriction of Processing

In certain circumstances individuals have the right to stop the Company processing their personal data, for example when contesting the accuracy of their data.

During any period of restriction, the Company will continue to hold data but will not use it until the restriction has been lifted.

The Right to Data Portability

Individuals have the right to obtain and reuse their personal data for their own purposes. The right applies:

• To personal data you have provided to a controller

• Where the processing is based on your consent or for the performance of a contract, and

• Where processing is carried out by automated means

Information will be supplied free of charge in a commonly used format.

The Right to Object

Individuals have the right to object to the processing of their personal data for several reasons. Should you wish to object to the processing of your data please contact info@biomeconsulting.com

Security

The Company takes the issue of data security very seriously and works to maintain the GDPR’s ‘security principle’ at all times. The Company has:

• secure business premises with access restricted to key holders as necessary

• Secure cabinets for storage of paper files with access restricted to keyholders as necessary

• Password protected electronic devices

• Encryption, firewalls and anti-virus software installed and/or used as necessary to ensure confidentiality and integrity is maintained

Data is audited on a regular basis and out of date information is deleted from IT systems and/or shredded as appropriate.

The Company understands its obligations with regard to any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, personal data and has an internal policy to deal with such instances should they occur

Addendum A

Data Retention Periods

BiOME Consulting Limited has carried out and information audit and for the purposes of this policy will retain information in line with the data retention periods stated below: 

Recruitment paperwork including, but not restricted to, CVs, application forms, interview notes (for unsuccessful candidates):

12 months from the date of application or interview whichever is later.   (Paperwork pertaining to successful candidates will be transferred to the personnel files).

Paperwork relating to payroll including HMRC records:

6 years after the end of the financial year to which they relate.

Company and accounting paperwork:

6 years from the end of the last company financial year they relate to.

Quotations and tender documents issued and not accepted:

12 months from the expiry date of the quotation/tender.

Supplier details:

6 years after the end of the financial year to which they relate.

Subcontractor records:

12 months from the date of receipt.

Volunteer records:

12 months after the final working date.