We want you to feel comfortable on our website and not have to worry about the security of your data. That is why data protection is an important part of our corporate philosophy.
i) What is Personal Data?
Personal Data is “any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device ID and your IP address.
ii) What is processing?
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
iii) Who is responsible for data processing?
The responsible party for data processing is Brit Consulting International Limited, Bm Centre, 11 St Martin’s Close, Winchester, SO23 0HD, United Kingdom (“Brit Consulting”, “we”, “us”, or “our”). If you have any questions or if you wish to exercise your rights, please contact us by email at email@example.com, call us at +44 (0) 23 800 16 999, or write to us at the above address.
iv) What law applies?
Our use of your Personal Data is subject to the UK`s Data Protection Act (“DPA”), and the EU’s General Data Protection Regulation (“GDPR”), and of course, we process your Personal Data accordingly.
v) What are the Legal Bases for processing Personal Data
In accordance with the DPA and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfilment of a contract / pre-contractual measures, c) the data is necessary for the fulfilment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
vi) Who is the competent data protection authority?
The competent data protection authority in the UK is The Information Commissioner’s Office (ICO), which is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK and their website can be found at www.ico.org.uk.
vii) How long will you keep my data?
We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with the UK`s Commercial Law and Fiscal Code and others for up to 6 years. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
What Personal Data do we process?
i) Technical Data
When you access our website, some access data is recorded automatically and stored in a log file on our website’s server. This means if you browse and simply have a look at our website, we process a) the IP address of your computer, b) the date and time of your access, c) the name and URL of the accessed file, d) the browser used, e) the number of bytes transferred, f) the status of the page request, g) the session ID and g) the referrer URL. The legal basis for processing is our legitimate interest.
ii) Hosting of our website
We use the hosting services of FastComet Inc for the purpose of hosting and displaying our website. FastComet does so on the basis of processing on our behalf, and that also means that all data collected on our website is processed on FastComet’s servers. The basis for processing is our legitimate interest and the initiation and/or fulfilment of a contract.
iii) Content Management System
We also use the Content Management System (CMS) of WordPress by Automattic Inc to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us are transferred to WordPress. This represents a legitimate interest.
We use Google Fonts by Google LLC on our website to display external fonts. To enable the display of certain fonts on our website, a connection to a Google server is established when our website is accessed. The connection to Google established when you open our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted. This represents a legitimate interest.
v) Google reCAPTCHA
We also use Google’s reCAPTCHA from Google LLC to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as you enter our website. The legal basis for using reCAPTCHA is our legitimate interest.
vi) Contacting us
You can contact us in various ways, and data is always collected in the process. You provide us with most of the data that we process when you contact us, such as your name and email address. This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted again, provided that there is no legal obligation to retain it. The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service, and your consent.
vii) UK Export Readiness Self-Assessment
When you use our self-assessment, we ask you for your company name, your location, your name, your position in the company, and your email address. Following the completion, you are able to contact us, and we will process your data to discuss your results and the initiation of our services. The legal bases for processing are your express consent, the initiation of a contractual service, and our legitimate interest.
We process and store personal data that is required for your use of our webinars. For this purpose, we collect your name, your email address, your phone number, and the personal and non-personal data that you are voluntarily disclosing. To provide our webinars, we use the GoTo Webinar services of GetGo Communications LLC, and the personal data provided is processed exclusively for the purpose of providing the webinar. The legal bases for this processing are your consent to carry out pre-contractual measures and our legitimate interest.
ix) Using our services
We process the personal data that arises when you use our services in order to provide our contractual services. In particular, this includes our support, correspondence with you, invoicing, fulfilment of our contractual, accounting, and tax obligations. Accordingly, the data is processed on the basis of the fulfilment of our contractual obligations and our legal obligations. The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service and your consent.
x) Data management and support
For optimal data management and support, we store the data related to your contract with us in our customer relationship management system, Freshsales provided by Freshworks Inc. This represents a legitimate interest.
We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lie in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service, and your consent.
On this website, we use so-called “cookies”. Cookies are small text files that are stored in the memory of your device via your browser. Cookies store certain information (e.g., your preferred language or page settings), which can be sent back to us by your browser when you visit the website again (depending on the lifetime of the cookie).
i) Which cookies do we use?
We distinguish between two categories of cookies:
Essential or Necessary cookies. These cookies are essential or necessary to ensure that a website works properly and is secure so that you can navigate a website and use its features. Without these cookies, certain features of a website would not function, and thus you would not be able to use certain services.
Optional cookies. These cookies are non-essential for the website to function and require your consent. When it comes to optional cookies, the following distinctions are made:
- Functional cookies or sometimes called convenience cookies. These cookies allow a website to remember the options a user has made (including user IDs stored, consents given, or languages selected) and other personalization options you have selected when browsing.
- Analysis and performance cookies, which are used to monitor and improve the function and service of a website. Those can track down problems when using a website, facilitate online surveys, record visitor numbers, and provide analytics metrics.
- Advertising cookies or targeting cookies. They are used to deliver customised advertising to the user. This can be very convenient but also very irritating.
The UK`s Privacy and Electronic Communications Regulations (“PECR”) and the EU`s Privacy and Electronic Communications Directive (“PECD”) require us,
- to ask for your consent when using specific cookies (in particular, any cookie that is not strictly necessary for the operation of the website, for example, Functional cookies, Analysis and performance cookies and Advertising cookies or targeting cookies “Optional cookies”); and
ii) Subject to your consent
Our website uses the cookie consent tool Piwik PRO by Piwik PRO SA to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legitimate interest and your consent.
We use Piwik PRO by Piwik PRO SA for web analysis and conversion tracking. Within the scope of Piwik’s reach analysis, the following data is processed on the basis of our legitimate interests: i) the type and version of the browser you use, ii) the operating system you use, your country of origin, iii) the date and time of the server request, iv) the number of visits, v) the time you spend on the website and the external links you click. The user’s IP address is anonymised before it is stored. The legal basis for the processing is your consent in conjunction with our legitimate interest.
We use Plerdy to analyse user behaviour by means of so-called A/B testing. This enables us to analyse our offers, improve them regularly and make them more interesting for you as a user. Before the analyses are carried out, the IP addresses are processed in abbreviated form so that direct personal contact can be ruled out. The IP address transmitted by your browser is not merged with other data collected by us. The legal basis for the processing is your consent in conjunction with our legitimate interest.
iii) Online Advertising
We use Google Ads, an online advertising service provided by Google LLC. Google Ads enables us to show advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be shown on the basis of user data available to Google (e.g. location data and interests) (target group targeting). With the help of Google Ads, we can evaluate this data quantitatively, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks. The use of this service is based on your consent.
Google Ads Remarketing
We also use the remarketing functions of Google Ads. Google Ads Remarketing allows us to assign people who interact with our advertisements and website to specific target groups and to display interest-based advertising to them within the Google advertising network.
Further, the advertising target groups created by us using Google Ads Remarketing can be linked to Google’s cross-device functions. This means that interest-based, personalised advertising (that is advertising that has been adapted to you depending on your previous usage and surfing behaviour) can also be displayed on another of your end devices (e.g. tablet or PC). The use of this service is based on your consent.
Google Conversion Tracking
iv) Pixel Cookies and Tags
Event data collected through Pixel Cookies is used for targeting our advertisements and improving ad delivery and personalised advertising. For this purpose, the event data collected on our website by means of Pixel Cookies is transmitted to the relevant operator of the Pixel Cookie and in part, also stored on your device. However, this only happens with your consent, and we and the relevant operator of the Pixel Cookie are considered joint controllers. Nonetheless, for the subsequent processing of the transmitted Event Data, the relevant operator of the Pixel Cookie is the sole controller.
For more information about how the relevant operator of the Pixel Cookie processes personal data, including the legal basis on which they rely on and how you can exercise your rights against it, please refer to the following Privacy Policies: Facebook, and YouTube (Google).
v) Opting Out
You can disable tracking by Google Analytics with future effect by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser following this link http://tools.google.com/dlpage/gaoptout?hl=en.
Google Ads, Google Ads Remarketing, Google Conversion Tracking
If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.
If you do not wish to participate in usage-based advertising through Facebook you can object here: https://www.facebook.com/settings?tab=ads
If you do not wish to participate in usage-based advertising through YouTube you can change your ad settings by following these instructions: https://www.youtube.com/howyoutubeworks/user-settings/ad-settings/
If you do not wish to participate in our advertising personalization or retargeting/tracking, you can object to behavioural advertising at the following websites: Your Online Choices, Digital Advertising Alliance of Canada, Network Advertising Initiative, AdChoices and the European Interactive Digital Advertising Alliance (Europe only).
In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.
If necessary, we transfer your Personal Data within Brit Consulting. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorised employees who need access to the data due to their job, e.g., to provide our services or to contact you in case of queries.
ii) External bodies
Personal Data is transferred to our service providers in the following instances:
- in the context of fulfilling our contract with you,
- to use marketing services and to advertise our services online,
- to communicate with you,
- to provide our website, and
- to state authorities and institutions as far as this is required or necessary.
iii) International transfers
Security of your data
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
Insofar as you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent. You may give us your consent in a number of ways, including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of account-based marketing using the services of Albacross Nordic AB or via email and our newsletter using the services of Mailchimp by Intuit Inc but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt-out.
We are present on social media on the basis of our legitimate interests (currently Facebook and LinkedIn). If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The Personal Information collected when contacting us is to handle your request, and the bases are both your consent and our legitimate interest.
ii) Market research and advertising
In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. The legal basis is our legitimate interest.
iii) When you visit our profiles and interact with us and others
When you visit our social media profiles, we, as the operator of the profile, process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts or comments that you send to us or leave on our profile or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture). Which Personal Information from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account. The legal basis is our legitimate interest and your consent.
Your Rights and Privileges
Under the DPA and GDPR, you can exercise the following rights:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
- The right to complaint to a supervisory authority
Updating your information
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.
Withdrawing your consent
You can withdraw the consent you have given at any time by contacting us.
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
What we do not do
- We do not request Personal Data from minors and children;
- We do not use Automated decision-making including profiling; and
- We do not sell your Personal Data.
Validity and questions