Brytlyt Limited (“Brytlyt”, “we”, “us”) are committed to protecting the privacy and security of those whose personal data we process. We acknowledge the need to protect personal data that is collected by or disclosed to us and to manage it in accordance with the Data Protection Act 2018 and EU General Data Protection Regulation 2016/679 (GDPR).
The purpose of this notice is to inform you how we collect and use (process) your personal data during and after your relationship with us, in accordance with applicable Data Protection Laws.
Brytlyt is what is referred to in law as the data controller of your personal data. As the data controller we have a number of legal obligations to ensure that we only use your data in a fair, transparent and secure manner. If you have any questions regarding this privacy notice, our use of your data or wish to exercise any of your legal rights under data protection law, you can contact us either by writing to The Data Protection Lead, Brytlyt Limited, Globe House, Eclipse Park, Sittingbourne Road, Maidstone, Kent, ME14 3EN or by email firstname.lastname@example.org
How we obtain your data
In most cases the personal data that we process will be provided by you. This may be in relation to an enquiry you have made, where you have instructed us to undertake work and when signing up to our blog. Correspondence between us in writing, by telephone and when attending meetings. We may also receive personal data from third parties such as contractors, our partners and credit reference agencies and your legal representatives. We may also ask you to provide information regarding your satisfaction of the service we have provided to you. Please help us to keep your information up to date by informing us of any changes to your contact details.
What personal data do we capture
We will only ever ask for the minimum personal data required to fulfil the task in hand. In most cases we would only process some or all of the following personal data:
- Your name and where relevant job title
- The name of your company (employer)
- Contact information, for example telephone numbers, email address, postal address. These could be either work or private contact details
- Telephone call recordings
- Your use of our website which may include your IP address
- Customer satisfaction correspondence
- Marketing preferences
We would only ask you for special category (sensitive) personal data if there was a specific need for this.
How we use your personal data
We will only use your personal data where the law allows us. This is likely to be limited to the following examples.
- When responding to your enquiry, for example taking steps to entering in to a contract with you
- To carry out our obligations arising from any contracts entered by you, your company and us
- For our own internal record keeping where there is either a legal requirement for us to do so or where it is in our legitimate interest
- To control access to, and/or provide security at our offices
- To seek your views or comments on the services we provide
- To contact you with information about company updates, services, offers and other things we think might be relevant to you
Disclosure of your personal data
We will only ever disclose your personal data to a third party if we have your consent or are required to do so by law. We may pass your information to our third-party service providers, contractors, auditors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. When using third party service providers we only disclose the personal data that is necessary to deliver the service. We have a contract in place that requires them to keep your information secure and prohibits them from using your data for their own purposes. All contractors are subject to a duty of confidentiality.
Security of your personal data
We undertake regular IT security and data protection auditing to ensure our systems meet the expectations of the law and those of our clients. Our employees and contractors who have access to personal data are required to undertake data protection training.
Transfers of data outside of the EEA
We may transfer your personal information to third party data processors who are based in countries outside the European Economic Area (EEA). We use some US-based companies that provide services such as IT, communications and data analytics service such as Google Analytics. We only use US-based organisations that are self-certified as adhering to the EU-US Privacy Shield. We will not transfer your information to any processors based in other countries outside the EEA unless there is a European Commission adequacy decision for the specific country to which the data is transferred, or where we can be certain that there are adequate safeguards provided for your information and individual rights standards that meet the GDPR requirements.
How long we keep your personal data
We will retain your personal data as long as is necessary to provide the services to which you have requested, or where we have another legitimate and lawful reason to do so. We may need to retain some information to comply with our legal obligations such as financial and accounting records. Unless there is an ongoing business relationship, we will only retain your personal data for 7 years after our last contact with you.
Cookies and similar tracking technology
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our websites. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
- Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions
- Recognise when you return to our websites. We may show your relevant content, or provide functionality you used previously
- Identify the web browser you are using, operating systems and device type
- Operate our webform
We have included a tool within our website to enable you to enable and disable all non-essential cookies.
Your rights in respect of your personal data
You have a number of rights under data protection law. In summary these include:
- Subject Access – you have the right to request details of the personal data which we hold about you and a copy of that data
- Right to Withdraw Consent – where our use of your personal data is based upon your consent, you have the right to withdraw that consent at any time. In the event you wish to withdraw your consent to processing, please contact us using. You should be aware that withdrawing consent may result in us no longer being able to provide you with the service you originally requested
- Data Portability – you may, in certain circumstances request us to provide with a copy of your data for transfer to another organisation. In view of the services we offer it is unlikely that this right would be relevant to our data relationship with you
- Rectification – we want to ensure that the personal data we hold is accurate and up to date. If you believe that any data we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate personal data about you
- Erasure (‘right to be forgotten’) – you have the right to have your personal data ‘erased’ in certain specified situations
- Restriction of processing – you have the right in certain specified situations to require us to stop processing your personal data and to only store such personal data
- Object to processing – You have the right to object to specific types of processing of your personal data, for example, where we are processing your personal data for the purposes of direct marketing
- Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing
To exercise any of these rights or if you have any questions about our Privacy Notice please contact our Data Protection Lead using the contact details provided at the top of this notice.
While we hope to be able to resolve any concerns you have about the way that we are processing your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR or have any wider concerns about our compliance with data protection law. You can do so by calling the ICO helpline on 0303 123 1113 or via their website https://ico.org.uk/
We keep our privacy notices under regular review. This notice was last updated on 12th June 2020.