Prospective Client and Professional Contact Privacy Notice

What data we hold

As one of our prospective clients or a professional contact, we will hold the following personal information about you for the length of time that we consider you to be an existing or prospective customer, or a professional contact.

  • The information that is needed to fulfil a potential contract with you or your organisation. This will be your contact details, so we can provide you or your organisation with quotes and details of how we can support you.
  • If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you or the prospective client you refer or us. We keep a record of enquiries received, so that we know what we have said to whom.
  • Technical personal data is also captured if you use the website.

Using Your Information

We hold this data under legitimate interest; we believe that you would be interested in the services that we offer by virtue of the means by which we gained the data, either on your own behalf, or on behalf of your clients.

If we contact you using these details [as part of a campaign, as opposed to a one-off contact], we will always abide by the PECR which means we will only phone you if you are not on a suppression list. If you are a corporation then we will use your email to advise you of our services that you may be interested in. (You can opt out of these at any time, either by clicking the link in the email or by emailing dataprotection@orcro.co.uk.)

If you are a sole proprietor or partner, then we will only email you for marketing purposes if we have your explicit consent to do so, or you are an existing customer.

If you are reporting issues with the functionality of our website, we will generally collect your name, and contact details, and other information necessary to investigate the problem and advise of the outcome.

Transfers of your data

We only transfer data outside of the EEA if it is to a country or organisation that is deemed by the EU to have adequate protection of data. For example, our cloud data providers in the US are all signed up to the Privacy Shield.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission but we do have a small number of companies providing services to us, e.g. cloud service providers. These are our processors and we have confirmed that they all meet the requirements of the GDPR.

Technical and operational security

As an organisation, Orcro is committed to protecting personal data. This includes technical security measures (e.g. intrusion, detection, firewalls, monitoring), encryption of personal data, restricted access to personal data, protection of our physical premises and hard assets, maintaining security measures for our team members (e.g. pre-screening), a data-loss prevention strategy and regular testing of our security posture.

All of our employees are trained on Data Privacy and work to the highest ethical standards to protect your rights.

Your rights

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

  • Request a copy of your personal data and information about our processing of it.
  • Request that we delete information on you if we do not need to hold it.
  • Request that we correct any personal data that we hold on you.
  • Request that we stop processing your data, for certain things, e.g. marketing although we can still hold it.
  • Request that we move your data to another organisation’s IT system electronically.
  • If you want to exercise any of these rights, please just contact us on dataprotection@orcro.co.uk
  • You also have the right to lodge a complaint about our processing with a supervisory authority — in Ireland that is the Information Commissioner’s Office.

Contact us

If you want to talk to us about this, please email dataprotection@orcro.co.uk