In order for us to provide you with consultancy services we need to collect information about you. Our aim is not to be intrusive, and we won’t ask you unnecessary questions. Any information we receive about you will be subject to strict controls to minimise the risk of misuse, including unauthorised access or disclosure.
2. What information we collect
Information we may collect from you
We may collect and process the following information about you:
Information you provide to us.
You may provide us with information by filling in forms on our website or by talking with us by over the phone or corresponding with us via email or otherwise. This includes information you provide when you browse our website, request a quote, register for our newletter, enter into a contract for the supply of consultancy services, enter a competition, promotion or survey and when you contact us for other reasons.
To raise a query with us or use GreenLight DPM Services, we ask you to provide your name and a phone number. You may optionally provide details of your company, your role, your email address and your physical address.
When we communicate
When you communicate with us for customer service or other purposes, including by phone, email or using other methods, we retain that information and our responses to you.
We may record calls on our telephone lines for quality control purposes and as evidence of transactions. Any information you disclose to us will be held on these recordings, with the exception of credit and debit card numbers, which are not recorded to comply with The Payment Card Industry Data Security Standard. We also record any phone number used to call us where the number is not withheld.
We ask that you do not disclose sensitive personal information, including the state of your health, in any communication, however if you should do so voluntarily, you consent for us to hold that information in our communication records and phone recordings (see further details below).
Information we collect when you use our website
When you arrive at or leave the GreenLight DPM website, whether connected by a fixed line or wirelessly, we receive the web address of the site that you came from or are going to.
While you are using our website we collect information on the services you search for or view, page response times and length of visits to specific pages, how you interacted with each page (including scrolling, clicks and mouse-overs), and methods used to browse away from the page.
We collect information about the device you are using, such as the type of device, operating system and platform, the type and version of browser, browser plug-in types and versions, the times you access our website and the time zone setting, mobile network information and unique device identifier, which may include your Device’s IMEI number and/or MAC address, and the mobile phone number used by the Device. We do not capture GPS information about you.
Individuals who are not registered users of GreenLight DPM Services
If it is necessary for you to provide personal information about other individuals in the course of dealing with us, for example regarding directors and shareholders of a company, you should do so only where you are authorised by those individuals.
These persons have the same rights to access and correct information about themselves as users of GreenLight DPM Services.
Information about you that we receive from third parties
We may conduct a background check on our customers (and, for business customers, also on the business’s directors, shareholders and partners). During this process we will obtain information about you and/or your business, its directors, shareholders and partners, from an identity verification provider.
Information about you from other sources
We may also collect information about you from other sources, including other companies (subject to their privacy policies and applicable law), such as social media companies.
We work closely with third parties (including, for example, business partners and affiliates, refer-a-friend customers, service providers, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with the information you provide to us.
We will only use information we receive from business partners for marketing purposes if you have provided your consent to do so, either to the third party which collected the information, or to ourselves.
Data privacy regulations prohibit the processing of ‘special categories of personal data’, also called ‘sensitive data’ unless you have given your consent.
Sensitive data includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life or sexual orientation. There are also restrictions on processing of criminal convictions and offences.
To avoid infringing these restrictions, it is GreenLight DPM’s policy that we do not ask for or collect any of the above data from you or any other party, so we therefore ask that you please do not reveal any sensitive data about yourself or others in any communication with us.
If you do reveal sensitive data, for example by phone or in an email, you will be giving express consent for us to process that information by storing the recording of the telephone call, or the email or other communication.
3. How we use your information
Our primary purpose in collecting your information is to provide you with a safe, smooth, efficient and customised experience. By submitting your information to GreenLight DPM and using GreenLight DPM Services you agree that we may use your information for the following purposes:
Fulfilling your requests
We will use your information to:
- provide you with the information, products and services that you request from us, including providing you with
consultancy services and quotes;
- administer any promotion, survey or competition that you enter via our website.
Communication and customer service
We communicate with our users on a regular basis via email, phone and SMS to provide requested services. These activities include:
- responding to requests for customer service;
- resolving customer complaints;
- carrying out collection activities;
- resolving disputes about billing; and
- conducting customer surveys.
We use your email and physical address to send you the following service communications:
- confirm when you register with us for information about our services or to receive our newsletter;
- send you information about important changes to our products and services, including notice of any times that our services may not be available; and
- send notices and other disclosures required by law.
We also use your email address to send you other types of communications that you can control, including newsletters, customer surveys and special promotions. These communications are to:
- provide you with information about services we offer that are similar to those that you have already enquired about or purchased;
- provide marketing and advertising, provide updates on the services we offer, and deliver promotional offers based on your communication preferences and your activities when using the GreenLight DPM Services;
- measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which may be based on your activity on our website or third parties’ websites;
- make suggestions and recommendations to you and other users of our website about services that may interest you or them, which may be based on your activity on our website;
- keep you informed about data privacy events and news; and
- tell you about new products and features we are developing that you may find useful.
You can choose whether to receive some, all or none of these communications by contacting us at firstname.lastname@example.org.
We will use your information to deliver and improve GreenLight DPM Services, including:
- verifying your identity and performing credit and solvency checks;
- validating the accuracy of information, and verifying it with third parties;
- resolving disputes, collecting fees, and troubleshooting problems;
- allowing us to manage risk and to detect, prevent, and/or remediate fraud or other illegal or prohibited activities;
- detecting, preventing or remediating violations of our policies, Terms and Conditions or other user agreements;
- providing you with customer support services including notifying you of changes to our service, including any outages, and to send you service emails;
- improving our existing, and developing new, products, services, websites, apps and capabilities;
- administering our website and for internal business administration and operations purposes, including storage, backup, archiving, troubleshooting, data analysis, testing, research, statistical and survey purposes; and
- as part of our efforts to keep our website safe and secure, including managing and protecting our information technology infrastructure.
We will use this information to:
- administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- improve our website to ensure that content is presented in the most effective manner for you and for your device;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our website safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of website about goods or services that may interest you or them.
Location information / IP (Internet Protocol) address:
We may use information about your location derived from your IP address to deliver relevant advertising to you, for example, information on tailored consultancy services for your region.
Third party information
We will combine third party information with information you give to us and that we collect about you. We will use all of this information for the purposes set out in the sections above (depending on the types of information we receive).
Questionnaires, surveys, competitions and profile data
From time to time, we may offer you optional questionnaires, surveys and competitions. If you choose to answer our optional questionnaires, surveys or competitions, we may use your information to improve GreenLight DPM Services, send you marketing or advertising information, manage the competitions and for such purposes as collecting demographic information or assessing users’ interests and needs. You will be given notice of how the information will be used prior to your participation in the survey, questionnaire or competition.
Accessing and changing your information
You can review the information you have provided to us and make any desired changes to your information at any time by contacting us at email@example.com.
5. Sharing information with third parties
To support our business and provide services to you
GreenLight DPM works with third-party service providers which provide important functions to us that allow us to be an efficient business partner for you. We also work with other business partners under contract with us to support our business operations, such as bill collection, marketing, customer service, contract administration and technology services. We need to disclose user data to them from time to time so that the services can be performed. Our contracts dictate that these business partners only use your information in connection with the services they perform for us and not for their own benefit.
Credit card associations and legal process
Where you purchase our services using a credit or debit card, we may disclose necessary information in response to the requirements of credit card associations or a civil or criminal legal process.
We may disclose or share your information in order to comply with legal obligations, including delivering data to or responding to requests from law enforcement agencies, or in order to enforce or apply the Terms and Conditions and other agreements between you and us or to investigate potential breaches to protect the rights, property, or safety of GreenLight DPM, our customers, or others. This includes exchanging information with other companies and organisations, for example to obtain professional advice.
Where required by law
We may disclose necessary information to the police and other law enforcement agencies, security forces, competent governmental, intergovernmental or supranational bodies, competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations, and other third parties, where we are legally compelled and/or permitted to do so.
Mergers and acquisitions
Analytics and search engine providers
If you are referred to us by a third party – either via our affiliate network or via the refer-a-friend promotion – depending on the arrangement, we may notify them when you engage us for services.
We have a select group of affiliates to whom we occasionally refer customers. If we think you may benefit from these services, we will ask you if you would like us to pass on your details. We will always name the affiliate and ask you for permission before we refer you, and we will pass on your details only where you give us permission to do so. If we refer you, we will typically pass on your name, email address and telephone number.
Third party websites
Our website may, from time to time, contain links to the websites of our business partners, advertisers, affiliates and sources of relevant data privacy information.
Please note that these websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any information to third party websites.
6. Transferring data overseas
GreenLight DPM is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EEA.
We will do our best to protect your information, however we cannot guarantee the security of your information transmitted to our website or sent to us by email or other non-secure electronic methods; any such transmission is at your own risk. Once we have received your information, we will use protective procedures and security features to try to prevent unauthorised access.
7. Data Retention Policy
Our policy is to retain data for seven years after the conclusion of a business relationship. In some circumstances, such as an enquiry from a law enforcement agency, we may have to hold it longer. We may also retain information if required to protect our interests, for example in case of litigation. When data falls outside those retention periods we will take steps to delete it from our system. Where you have asked us not to contact you, we will retain that information on a ‘do not contact’ list to reduce the risk of us contacting you in the future.
8. Customer rights
You have the following rights regarding personal data:
To ask us to correct any information we hold about you if it is incorrect.
Whilst we endeavour at all times to keep your information accurate, we welcome your corrections. You can correct your profile at any time by contacting us at firstname.lastname@example.org, or you can call your personal contact at GreenLight DPM to make any changes.
To ask us to erase your information if we no longer have any reason to hold it, also known as the ‘right to be forgotten’.
Our Data Retention Policy (see section 7) explains the circumstances when we can or are obliged to retain information, however outside of those periods we will delete your information in line with our data retention policy and on request. We will maintain a record that you made an erasure request to reduce the likelihood of us contacting you in the future but we will use that information for no other purpose.
To ask us to return to you information you provided to us, also known as ‘data portability’.
You can ask us to send you in electronic format the information you provided to us under our Terms & Conditions or under consent.
To ask us not to process your information where you previously gave consent or where we are exercising our legitimate interest.
If you make a request for us to stop processing your information, we will investigate to see if there is a compelling reason for processing to continue and will discuss the conclusion of the investigation with you. You cannot object to processing which is a legal obligation or where we must process your information to satisfy a contract to which you are a party. Also, if you previously gave consent and we processed your data on the basis of that consent, you cannot object to that past processing, however you can ask us to stop processing it in the future.
To ask not to be subjected to automated decision making and profiling.
GreenLight DPM puts the human factor at the heart of our customer service, so there are no circumstances when you will be affected by profiling or other automated decision making without a person reviewing and making a decision on the result. If you feel you may have been unfairly impacted by profiling, our team can manually assess whether the decision is fair and discuss the situation with you.
To ask for a copy of the information we hold about you.
We will endeavour to respond to your request within 30 days, however at time of high demand we may need 90 days to compile a full response.
To ask us not to process your information for marketing purposes.
You can do this by checking or unchecking certain boxes on the forms we use to collect your information, or by emailing us at email@example.com, or by clicking on the ‘unsubscribe’ link at the foot of every marketing or promotional email.
You may exercise any of the above rights by contacting us at firstname.lastname@example.org or by calling your personal contact at the company.
9. Contacting us
The Data Controller
The Data Controller is Greenways Services (UK) Limited trading as GreenLight Data Privacy Management, Registered office address Clayton Wickham Cottage, Belmont Lane, Hurstpierpoint, West Sussex, BN6 9EP, Company number 09306493.
Contacting us with questions or requests
Data Privacy Complaints
If you believe that we have breached a privacy law with which we should comply, please send an email to email@example.com. We aim to respond in a reasonable time, normally within 30 days, and will discuss the result of our investigation with you.
Complaints to the UK Information Commissioner
You have the right to complain to the UK Information Commissioner’s Office if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website.