Dunedin LLP ("We") are committed to protecting and respecting the confidentiality, integrity and security of personal information about individuals whose data we hold ("you", "your").
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, and how Dunedin complies with its responsibilities under applicable data protection laws, including, when and to the extent in force, the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and the Privacy and Electronic Communications Regulations 2003 ("Data Protection Laws"). Please read this policy carefully.
For the purpose of the Data Protection Laws, the data controller of your personal information is Dunedin LLP of Saltire Court, 20 Castle Terrace, Edinburgh, EH1 2EN.
We may collect, hold and use certain personal data about you namely
- Contact details;
- Job title
- Relevant notes from any meetings held with you.
How is your personal data collected?
We use different methods to collect data from and about you including through: -
- Direct interactions. You may give us your personal data directly when we meet, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- provide us with your business card;
- provide services to us;
- are involved in businesses in which we invest;
- subscribe to our publications; or
- request marketing to be sent to you.
- Third parties or publicly available sources. We may receive personal data about you from various social media sites, including LinkedIn and other publicly available sources.
Purposes for which we use your personal data
We may use your personal data for the following purposes: -
- to contact you when we have a potential business opportunity which we believe may interest you and which we wish to bring to your attention and/or discuss with you;
- to manage our relationship with you, including to ask you periodically to correct/update the information we hold and/or confirm your preferences;
- to send you updates, articles, news items and other communications or materials on topics which we believe may be of interest to you; and
- to allow us to comply with a legal obligation on us or a contract entered into with you, or to be entered into with you.
Lawful basis for processing
Data Protection Laws only permit us to process your personal data to the extent that one of the lawful bases set out in the Data Protection Laws applies to that processing. In processing your personal data, we rely principally on the following lawful basis namely that processing is necessary for the purposes of our legitimate interests, and those are not overridden by your interests or your fundamental rights or freedoms.
We consider it to be in the legitimate interests of pursuing and developing our business to use your data for the purposes set out above.
In certain circumstances, we may rely on one of the following lawful bases for our processing namely: -
- processing is necessary for the performance of a contract entered into between us, or to be entered into between us; or
- processing is required for compliance with a legal obligation of ours.
We may process your personal data relying on more than one lawful bases depending on the specific purpose for which we are using your data. Please contact us using the contact details set out below (see Contact Us) if you need details about the specific lawful basis on which we are relying on to process your personal data.
Your right to opt out
You may at any time by contacting us using the contact details below (see Contact Us), object to our processing your personal data for direct marketing purposes. You will also be given the option to unsubscribe from marketing on each marketing communication you receive from us. If you do unsubscribe or opt out of marketing, we shall no longer use your personal data for that purpose.
Access and other legal rights
You may request to view personal information we hold about you at any point by making a request in writing to us using the contact details set out below (see Contact Us). On receipt of such request, we will provide you with a copy of the information we hold about you within 30 working days, unless we require more time to respond fully to your request, in which case we will notify you in writing within that 30-working day period. Any additional copies of any information we provide to you may be subject to a reasonable fee.
You also have other rights under Data Protection Laws in relation to your personal data. In particular, you may have (i) the right to request that we rectify or erase information we hold about you in certain circumstances, (ii) the right to ask us to limit our processing of your information, (iii) the right (if we are processing information based on your consent, such as for marketing purposes) to withdraw your consent, (iv) the right to object to certain processing of your information (including the right to object to processing of your personal data for direct marketing purposes at any time), (v) the right to ask us to move, copy or transfer your personal information to another organisation. If you wish to exercise any of these rights, please contact us by using the contact details below (see Contact Us).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Accuracy of personal data
We try to ensure that the information we hold about you is accurate and kept up-to-date by contacting you at regular intervals. However, if in the meantime you believe that any information we are holding about you is inaccurate, out-of-date or incomplete, please contact us by using the contact details as set out below (see Contact Us). We will promptly correct or delete any information found to be incorrect.
We have put in place what we consider to be appropriate security measures against unlawful or unauthorised processing of your personal data we hold, and against the accidental loss of, or damage to, your personal data. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Disclosure of your personal information
We may disclose your personal data to third parties who are providing services to us.
We may also disclose personal data we hold to third parties:
- in the event that we sell any business or assets, in which case we may disclose personal data we hold to the prospective buyer of such business or assets; and/or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This could include for example exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
To the extent we transfer any of your personal data to any third party, we will only do so if that third party puts in place appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, the personal data.
Transferring personal data outside the EEA
We do not intend to transfer any personal data we hold about you to a country outside the European Economic Area ("EEA"). If we do transfer any of your personal data outside the EEA, we will ensure that at least one of the following safeguards is implemented:
- the personal data is transferred only to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission;
- we have put in place with the transferee specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or
- where the transferee is based in the US, the transferee is registered with the Privacy Shield (which requires the transferee to provide similar protection to that required for personal data in Europe).
Retention of Data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You will be given the opportunity every 3 to 5 years to confirm whether you would like your data to be removed from our database. Please note that you may contact us at any time by using the contact details as set out below (see Contact Us) to ask for your personal information to be removed from our systems.
Links to other websites
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to this policy
We may make changes to this data protection policy at any time. Any changes we make will be posted on this page and, where appropriate, notified to you in writing. Please refer back to this page regularly to see any changes or updates to this policy.
If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal information has been handled, please do so in writing and address this to Karan Darroch, Data Protection Manager at Dunedin LLP, 20 Saltire Court, Edinburgh, EH1 2EN or by email to firstname.lastname@example.org.
If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data not in accordance with the Data Protection Laws you can complain to the Information Commissioner’s Office (https://ico.org.uk/).