Privacy Statement 



For the purpose of data protection legislation[i] “the data controller is De’Leigh Ltd. 1 Five Rise Bingley BD16 4DT. We are a registered with the Information Commissioners Office. Our registration no. (App) C1333658.

Our Commitment to you

Your privacy is important to us. To enable us to undertake our business objectives we collect and use personal data about individuals. We recognise the trust placed in us by individuals whose data we are entrusted with. This policy together with any other documents referred to in it, sets out the basis on how any personal data we collect from you, or that you provide to us, or that we obtain about you will be processed by us. We are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.

Please take some time to read the following carefully to understand our approach and practices regarding your personal data and how we will treat it. We take any complaints we receive very seriously. If you think our collection or use of your personal data is unfair, misleading, or inappropriate, please bring this to our attention and we will provide any additional data or explanations required. We always welcome suggestions for improving our procedures.

If you remain unsatisfied you can contact the Data Commissioner’s Office at ICO, www.ico.org.uk or write to ICO, Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF or telephone 0303 123 1113 for advice or to make a complaint.

Our data protection principles

Private: We will never sell, give, or trade information about you to other companies. Your data will not be supplied with anyone except as described in this policy unless we are obliged by law to disclose it.

Secure: In accordance with the UK Data Protection Act and EU General Data Protection Regulations (GDPR) we will follow strict security procedures in the storage and disclosure of information, that have been given to us to prevent loss, theft, or unauthorised access.

Necessary: We will not collect information unless it is needed for the purposes, we have told you about in this policy, to be able to deliver a better service or to share useful or relevant information.

What personal date do we hold

The data we collect and receive about you depends on the type of interaction /purpose you have with us.

• For business interest: We will require key contact details of the person making the call.
• For training purposes, we will require details of people attending the courses, this is for attendance records, health and safety and certificate references.
• For 1:1 Individual representation or support: If you contact us by telephone we will take your name, contact details and we may ask you for your email address or postal address if you are requesting, we send something to you.
• For projects/investigations where 3^rd parties are referred to, where people cannot give authority themselves / or where the issues are particularly sensitive, we will use anonymised references.
• For website visitors: When you visit our website, we receive information about you in two ways:
• Directly from you: Usually this is your contact details and any other information you provide by completing the on the line contact form. We use this information to enable us to provide you with information, products of services we feel may be of interest to you, where you have agreed to be contacted for such purposes. If you no longer wish to receive information from us, and we are not under contract with you, then please request to be unsubscribed.
• Automatically from the website: This will include you IP address, and your browsing behaviour. Understanding the way, you interact with our site enables us to improve services. Our cookies policy explains our use of cookies and Google Analytics to collect and analyse this information. We use this information for our legitimate interest in ensuring that content from our site is presented in the most effective manner for you and for your computer.
• For legitimate Interest: We will only collect information for legitimate interest.

What we will ask for and why

Accessing our Training Programme: If you are attending training, workshops, away-days, conferences facilitated by De’Leigh Ltd. OPUS Centre of Excellence, we will ask you for completion of the following details. We hold this information administration and health and safety reasons.

• Name | Address | Phone number | Email | Date of birth | Gender | Nationality | Ethnicity | Disability

For Business-to-business Contacts / Projects we ask for

• Contact name | Email address | Job title | Phone number

We will use this information in the following ways:

• Ask the primary form of communication.
• To provide you with information about services and products
• To Provided you updates on the current work projects.
• To signpost content of interest to you, based on the information you entered into our online tools.
• To administer your membership (including follow up renewals, or upgrades) and provide you with services within your membership (retainer) agreement.
• To notify you about changes in our services.

Statutory Retention:

• We retain information about our members and subscribers for the duration of their membership or contract agreement, except as required to protect our legitimate interests of those of third parties.
• Open-Source Intelligence: For the purpose of due diligence, we may also access information that is publicly available this is called “Open-Source Intelligence” (OSI) We will always provide full citation where we use OSI.  
• Recruitment: Anybody applying to work with De’Leigh as a Partner or an Associate will be required to submit two forms of identification taken from the government approved list, this is to prevent money laundering. We will also ask for details of current role, CV, and record of CPD, and evidence of professional accreditation. May also access Open-Source Intelligence (OSI) i.e., social media in support of your application. This data will be used for the purpose of completing projects. The request will be renewed on the anniversary of the start of the contracting relationship.

Who we share personal data with

De’Leigh shares your personal information with the following categories of recipients.

• Third party processors who host and process personal information on our behalf.
• Regulators: Where necessary i.e., as evidence for criminal, regulatory investigation.
• Training Body accreditors: for example: CPD, Institute of Occupational Safety and Health.
• Your employer (as appropriate) in the case employment development purpose.
• 
  

Safeguards and Security

De’Leigh systems are managed and maintained in accordance to the UK Government Cyber Essentials Standard.

We do not operate out of the UK, and we do not transfer date outside of the UK.

Were we plan to use external platforms to undertake parts of our business we ensure that as data impact assessment is undertaken before a decision is made.

• You can manage your De’Leigh communication preferences or unsubscribe at the bottom of any non-essential emails you may receive from us.
• You have the right to update, to correct any information we hold about you.
• You have the right to request from us all personal information that hold that relates to you.
• You have the right to request restrictions of the processing of that data.
• You have the right to request that we delete that data or ask that is not used for the purpose for which it has been collected. 
• You may also have the right to data portability
• 
  

Where you are requesting copies of the information we hold about you, this is call a “Subject Access Request” (SAR) We may request a nominal administration charge for supplying copies of data, and we may also require you to provide us with appropriate identification before we comply with this request.  You can also find out more information about your privacy rights on the Information Commissioner’s Office website; For the public | ICO

If you have any questions, please contact us:

• By post: De’Leigh Ltd. Lock Keepers Cottage 1 Five Rise Bingley BD16 4DT
• By email: hello@deleigh.co.uk
• By telephone: 07714 68310
• Through our website: www.deleigh.co.uk

Making a “Subject Access Request” Data Protection legislation requires us to respond to your request within one month of verifying your identity (or within 3 months for more complex cases). You’ll receive a full response as soon as we can reasonably provide one and we aim to resolve all subject access requests within 30 calendar days from confirming your identity. In more complex cases where we cannot provide a full substantive response within that time frame, we will write to you within 30 calendar days to explain why an extension is needed.

  [i] Data protection legislation means the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018., the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000(SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes or practice issued by the UK Information Commissioner or such other relevant data protection authority.

V:2023.04