Pearn Kandola LLP
This website is not intended for children and we do not knowingly collect data relating to children.
It is also important that the personal data we hold about you is accurate and up to date. Please inform us should your personal data change during your engagement with us.
Managing Your Personal Information
In some areas of our website we ask you to provide information that will enable us to supply you with our services or to contact you.
The data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (i.e. anonymous data).
We may collect, use, store and transfer different kinds of personal data about you from a number of different sources, including:
- Information that you provide to us when you complete our online forms, or register with our website or sign-in to use our online tools;
- Information about the services we provide to you;
- Information provided to us by third parties, including organisations with whom you are engaged or employed; and
- Information we automatically collect about your visits to our website to enable us to maintain and improve our services and website;
- Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.
In addition to information that we collect where we are in control, we may also collect information on behalf of third parties. Where personal information is collected through our online tools (available by registration only), we do this as a data processor on behalf of the organisation that has directed you to our website and services, and this data is managed in accordance with our contractual obligation with that organisation and its own privacy notices, and not our own privacy notice. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
The data we collect
We will only use your personal data when the law allows us to. We use your personal data for a number of different lawful purposes including:
- to provide information and services to you, or your Organisation under the terms of a contract with you;
- for our legitimate business interests to maintain and improve our website and services including analysis to develop and improve our software, testing, research and surveys. Where possible we use this information in an anonymous and aggregated form to protect your privacy;
- to comply with any legal obligations that we may have; and/or
- for our legitimate interests to keep in touch with you for marketing purposes and let you know about developments in the field of business psychology.
In order to protect your privacy, we do not routinely share personal data with third parties. However, we may share your personal data with:
- our suppliers and contractors who enable us to provide the website and our online tools and materials;
- our third party partners for analysis and reporting, and where possible we try to do this with anonymous information; and/or
- if we have a legal duty or obligation to disclose your personal information.
We may disclose personal information if we buy or sell relevant business assets which may include your personal information.
We may also use your personal information to contact you to advise you of other services that may be of interest to you.
We have a legitimate interest in using your personal data for promotional purposes (see above: ‘How we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is required, we will ask for your consent clearly and separately.
You have the right to opt out and request that we do not use your personal data for marketing. You can exercise this right at any time by contacting us at firstname.lastname@example.org. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of a service purchase, service experience or other transaction. Further, if you choose not to receive marketing information, we may still contact you to advise you of changes to our website, or security concerns or where permitted by law.
Where your personal data is stored
Personal data may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: ‘How we use your personal data’).
Some of these third parties may be based outside the UK/EEA. For more information, including on how we safeguard your personal data when this happens, see below: ‘Transferring your personal data out of the UK and EEA’.
Transferring your personal data out of the UK and EEA
The EEA, UK and other Countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
We will transfer your personal data to:
- our service providers located outside the UK in the EEA, New Zealand and United States of America.
As we are based in the UK we will also transfer your personal data from the EEA to the UK.
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
- in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. A list of countries the UK currently has adequacy regulations in relation to is available here. We rely on adequacy regulations for transfers to the following countries: countries in the EEA and New Zealand.
- in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here. We rely on adequacy decisions for transfers to the following countries: UK and New Zealand.
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
- a specific exception applies under relevant data protection law.
Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available) legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.
Where we transfer your personal data outside the EEA we do so on the basis of an adequacy decision or (where this is not available) legally-approved standard data protection clauses issued further to Article 46(2) of the EU GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law and reflected in an update to this policy.
International transfers of your personal data outside the UK—in more detail
More details about the countries outside the UK to which your personal data is transferred can be provided on request. Transferring your personal data out of the UK and EEA—further information
If you would like further information about data transferred outside the UK/EEA, please contact (see ‘How to contact us’ below)
Protection of your information
The information you provide will be kept confidential. We have in place administrative, technical and physical measures on our website and internally designed to guard against and minimise the risk of loss, misuse or unauthorised processing, alteration or disclosure of the personal information that we hold. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We do not store your information longer than reasonably necessary in order to fulfil the purposes we collected it for, or to ensure we have appropriate and auditable records. We generally hold appropriate records for the duration of your engagement with Pearn Kandola and for up to 2 years after (unless agreed otherwise). We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for your personal data, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
When we deem it to be no longer necessary to keep your personal data, we will delete or anonymise it.
Linking to external websites
We do not have any control over the content on these websites and we do not accept any liability arising from your use of the links.
Use of this website is subject to English law and the user agrees that the courts of England and Wales will have jurisdiction over any issues relating to the use of the website.
A cookie is a small data file which is placed onto your device (e.g. computer, smartphone, etc.) when you use our website. A cookie file can contain information such as a user ID that the site uses to track the pages you visit. The only personal details a cookie can contain is information you supply yourself.
Third party access to the cookies
Your legal rights
You have various legal rights under data protection legislation:
- the right to request access to your personal information (known as a subject access request);
- the right to request inaccurate information is corrected;
- the right to request information is deleted in certain situations;
- the right to request we stop using your information for certain purposes, including for marketing;
- the right for decisions not to be made by wholly automated means;
- the right to request that your personal data be transferred; and
- the right to withdraw consent.
These rights may not be available in all circumstances, and we will confirm if this is the case. Where you wish to exercise your rights or gain further information, please contact us via email@example.com and we will respond within the applicable statutory time period. We will not charge a fee should you request to access your personal data providing your request is not clearly unfounded, repetitive or excessive. We may refuse to comply with your request in these circumstances.
To protect your privacy and security, we may require you to provide further information in order for us to verify your identity.
We will respect your personal information and undertake to comply with all applicable UK General Data Protection Regulations (UK GDPR), both in respect of the personal information supplied by you on registration or as part of the recruitment process and in respect of any personal information which we may process. We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to the services we offer to individuals in the European Economic Area (EEA).
How to complain
If you are unhappy about the way we are handling your personal data, please contact us via firstname.lastname@example.org.
Further details of our and your legal obligations and duties, including details of how to make a complaint, can be found at the Information Commissioner’s website at www.ico.gov.uk/make-a-complaint .
Changes to this policy
We may make changes to this policy from time-to-time as our business and internal practices and/or applicable laws change. Any changes will be posted on this page with an updated revision date. We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible) or otherwise than is permitted by applicable law.
How to contact us
If you have any questions, comments, complaints or requests about this Policy or if you would like us to update information we have about you or your preferences, please contact us by email at email@example.com.
Alternatively, please write to us at the following address: Pearn Kandola LLP, Latimer House, Langford Business Park, Kidlington, OX5 1GG or telephone 01865 399060
You may also lodge a complaint with the data protection authority in the applicable jurisdiction.
If you would like this notice in another format (for example audio, large print, braille) please contact us (see ‘How to contact us’ above).
Updated March 2022