Privacy Notice

The protection of personal data is important to us. We process personal data in line with the General Data Protection Regulation (GDPR).  This guidance is designed to inform you of the sort of personal data we collect, why we collect it, how we use it and data subjects’ legal rights in relation to this.

Definitions

In this document you may find the following terms:

• Computer
  By this we mean whatever digital device e.g. personal computer, mobile phone or tablet you use to access the Internet and to visit Keith Borer Consultants’ website.
• Consent
  Your Consent is your agreement to allow us to process your personal data; it must be freely given, informed and specific to the purpose it is required for. You can withdraw that agreement at any time.
• Data Controller or controller responsible for the processing
  The Data Controller is responsible for determining what personal data is collected, what reasons it is required and how it is processed (which includes how it is stored).  This includes occasions when data are collected or processed on behalf of the Data Controller by a third party.
• Data Processor
  The Data Processor is an individual or organisation which processes (as defined above) personal data on behalf of the Data Controller 
• Data Subject
  An individual whose data/information is being processed. 
• Personal data
  Personal data means any information relating to an identified or identifiable individual.  An identifiable individual is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP Address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
• Processing
  By processing we mean the collection, recording, organisation, structuring, storage, alteration, retrieval, use, disclosure (by transmission, or otherwise making available), erasure or destruction of personal data.

Data Collection

We routinely seek, receive and process personal data in order to provide our services. 

We also collect and process personal data about visitors to our website, including: 

1. information about the computer accessing our website and about visits to and use of this website (including the computer’s IP address, geographical location, browser type, referral source, length of visit and number of page views);
2. information provided to us for the purpose of subscribing to our website services, email notifications and/or newsletters, including email address and name;
3. any other information that the visitor chooses to send to us.

Our website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

Using personal data

Personal data submitted to us will be used for our legitimate business purposes, which include:

1. managing our website to improve its functionality and the data subject’s browsing experience; 
2. providing statements and invoices, and collecting payments;
3. non-marketing communications with the data subject;
4. marketing communications (e.g. our newsletter) relating to our business which we think may be of interest to you. Where this is by email we will include the option to unsubscribe from future marketing communications;
5. providing a service requested by or on behalf of the data subject;
6. investigating, preventing or detecting crime.

Legal basis for processing

Article. 6(1) lit. (a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If processing personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, for the supply of our consultancy services, the processing is based on Article 6(1) lit. (b) GDPR.  The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of enquiries concerning our products or services.

Where KBC is subject to a legal obligation by which processing of personal data is required, such as for the maintenance of accounting records and the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. (c) GDPR. 

If the data subject is a litigant or witness in a case in which KBC is, or may be, instructed, KBC has a legal basis for processing the data subject’s personal and case-related data pursuant to Article 6(1) lit. (e) GDPR in the public interest.

By choosing to share with us case-related information associated with a service we are providing, the data subject and/or the Data Controller accepts that there is a legitimate interest in our processing the data under Article 6(1) lit. (f) GDPR. The contact details supplied to us may also be used for marketing purposes under the same premise.

Disclosures

We may disclose personal data to any of our employees, officers, agents, instructing parties, suppliers or subcontractors insofar as reasonably necessary for us to provide our services and for the purposes as set out in this Privacy Notice.  In addition, we may disclose information:

1. to the extent that we are required to do so by law;
2. in connection with any legal proceedings or prospective legal proceedings;
3. to the United Kingdom Accreditation Service (UKAS) or to the Forensic Science Regulator (FSR) for quality assurance purposes. We have authorised UKAS to disclose significant quality-related issues to the FSR;  
4. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
5. to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.

Otherwise where personal data, other than those necessarily recorded by website analytical software for the purposes of website management and user experience optimisation, is to be transferred to countries which do not have data protection laws equivalent to those in force in the European Economic Areas (EEA), we will inform you in advance, unless that country is the country from where you, your advisors or our instructing parties have communicated with us.  

Security of personal data in transmission

Data transmission over the internet is inherently insecure and we cannot guarantee the security of data sent this way.

All personal data received by KBC is subject to appropriate electronic and/or physical security measures including, electronic and physical access restrictions, defined retention periods and secure destruction policies. 

Data retention / destruction

We will process and store personal data only for the period necessary to achieve the purpose of storage.  Our policy for data retention is intended to protect personal interests and the interests of the public. Information held in relation to a forensic case has the potential to be of value in future proceedings (e.g. Appeal), even if this is not immediately obvious. We therefore hold case data for up to 30 years depending on the type of case, although we will destroy it within 18 months if it has not contributed to any service we have provided.

We will hold your contact details in case we need to get in touch regarding one of your cases or a service/update which we think may interest you. We will also keep a record of your preferences regarding email communications.

Where we identify that it is no longer necessary for us to hold personal data, we shall delete it or anonymise it such that it is no longer personal, in accordance with our company policies and legal requirements.

Data protection and Google Analytics and Google AdWords

KBC may employ both the Analytics and AdWords services provided by Google. Google Analytics is a web analytics service that collects data about the website from which a person has come, which pages on our website were visited, and how often and for how long a page was viewed. Google AdWords is a service for Internet advertising that allows KBC to place ads in Google search engine results and the Google advertising network which are designed to promote our service and encourage people to visit our website.   

Google uses the data to evaluate the use of our website and to carry out analysis of our Internet advertising. Personal data is stored by Google outside of the EU in the United States of America and Google may pass this data on to other third parties.   Google provides detailed instructions on how to block cookies at https://support.google.com/accounts/answer/61416

Google’s privacy policy can be found at: https://www.google.co.uk/policies/privacy/

Your rights

Unless the legal requirements of our processing take precedence, data subjects have a right of access to the information we hold about them and to have it amended if it is inaccurate. In order to access the data, a subject access request must be made in writing to the Data Controller.

Data protection and staff recruitment

Keith Borer Consultants collects and processes the personal data of applicants in the process of staff recruitment.  If an applicant submits an application by e-mail or online and is successful the submitted data will be stored in compliance with legal requirements. If they are unsuccessful, the documents will automatically be erased after one year, unless consent is given otherwise by the individual. 

Data protection and social media

Keith Borer Consultants has a range of social media accounts including LinkedIn, Instagram, BlueSky and YouTube. We have integrated components of services on our website. If an individual is logged in at the same time on their social media account, it will detect the activity on our website.  This information is collected through “javascript” code on our website and is linked to the individual’s social media account. If one of the social media buttons integrated into our website is clicked, then this information may be stored by the social media company and linked to that individual’s account. If an individual is not logged in to their social media account then information such as IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), and cookie information may still be stored by the social media company.

Amendments

Please check this Privacy Notice occasionally on our website as we may update it from time-to-time.  We may also notify our contacts of changes by email. 

Contact our Data Protection Officer

Keith Borer Consultants is a division of Orchid Cellmark Ltd and part of the Eurofins Scientific Group. In case of queries relating to data protection, please contact our Data Protection Officer (dataprotection@sc.eurofinseu.com).