Privacy Centre

Why we are doing this

The General Data Protection Regulation, or GDPR, will become EU Law as of the 25th May 2018. This legislation is intended to bring data protection and privacy measures up to date with latest developments in technologies, data uses and standards. It supersedes the existing Data Protection Act 1998.

A cornerstone of GDPR differentiating it from existing legislation is the concept of privacy as a fundamental right. It is our responsibility to look after people’s data. This includes being clear about our purpose for processing personal data, recording our lawful basis for this, and enhancing our technological and operational measures to ensure data remains private and protected.

We at Quarto Consulting Ltd are implementing measures to ensure that as Data Controllers we factor data privacy by design in our decision making and undertake due diligence with our suppliers and associates who act as Data Processors on our behalf.

Your rights and choices

The right to be informed

We will inform individuals of their right to object “at the point of first communication” and clearly lay this out in the following privacy notice.

If a Data Subject makes a request to the Data Controller, then we will issue a “Data Subject Access Request form”. We will not release information to the requestor until we have received the completed form.

Should you wish to receive a record of the personal data that we hold about you, then please write to Kevin Martin, Quarto Consulting Ltd Limited, 9 High Street, Woburn Sands, Buckinghamshire, MK17 8RF

Or email data@quartoconsulting.co.uk

We will issue a Data Subject Access Request (DSAR) form for completion by you with the nature of your request. We will respond within 40 calendar days of receipt of this DSAR. We also reserve the right to increase the response time to three months if we consider the request to be complex and time consuming. You have the right to contact the Information Commissioner’s Office (ICO) if you disagree with our findings.

The right to rectification

We have implemented processes that ensure your personal data remains accurate and up to date.. In the event data is deemed not accurate and you wish this data to be amended, you must contact the Data contact

Quarto Consulting Ltd, Quarto Consulting Ltd Limited, 9 High Street, Woburn Sands, Buckinghamshire, MK17 8RF

Or email data@quartoconsulting.co.uk

You must identify which records you wish to be updated. For a list of data fields that we store, refer to Table 1, Section “Quarto Consulting Ltd Processed Data”.

The right to erasure

At any time you may request that your personal data is erased from our records.

Your right to erasure

Your rights

You must provide details of the record you wish to be erased.

By post

Quarto Consulting Ltd, Quarto Consulting Ltd Limited, 9 High Street, Woburn Sands, Buckinghamshire, MK17 8RF

By email data@quartoconsulting.co.uk

What we will do

We will erase all records in accordance with our storage and retention policy.

The right to restrict processing

You have the right to block or restrict the processing of your personal data. This means that we will store your personal data, but will not process it for further use in our marketing services. We will restrict processing under the following circumstances:

Your right to restrict processing

Your rights

Where you contest the accuracy of the personal data.

What we will do                                                                 

We will restrict processing until we have verified the accuracy of the personal data with you.

Your rights

Where you object to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our businesses legitimate grounds override those of you as the individual.

What we will do

We will store the data, but will not undertake any further processing until both parties have agreed that our business use is within our lawful purpose.

Your rights

When processing is unlawful and the individual opposes erasure and requests restriction instead. Refer to section “The right to erasure”.

What we will do

We will store the data and will not undertake further processing. We refer you to the right to erasure policy, and will implement our erasure policy upon receiving your request.

Your rights

If we no longer need the personal data but you require the data to be retained to establish, exercise or defend a legal claim. You must state details of the record you wish to be retained.

What we will do

We will automatically delete personal data records in accordance with the consent policy. However, should you wish this data to be retained in order to establish, exercise or defend a legal claim, then we will store and retain this data until the legal claim has been resolved.

If you wish this data to be retained, then please contact the Data Controller:

By post

Quarto Consulting Ltd, Quarto Consulting Ltd Limited, 9 High Street, Woburn Sands, Buckinghamshire, MK17 8RF

By email data@quartoconsulting.co.uk

We will inform you when we decide to lift a restriction on processing.

The right to data portability*

You have the right to obtain and reuse your personal data for your own purpose. We will provide you with your personal data or move, copy or transfer that data to another business in a safe and secure way.

The right to data portability only applies:

* to personal data you have provided us;

* where the processing is based on your consent or for the performance of a contract.

We will provide this data to you or the business to which you require your personal data to be transferred, within 40 calendar days of receiving instruction from you. However, if we decide that the data request is complex, then we will extend this time period for a further two months. Where this is the case, we will provide an explanation.

Should you wish your data to be sent to you or transferred to another business, then you must contact the data contact.

By post

Quarto Consulting Ltd, Quarto Consulting Ltd Limited, 9 High Street, Woburn Sands, Buckinghamshire, MK17 8RF

By email data@quartoconsulting.co.uk

You must state the following in your request:

  • details of the record you wish to be received
  • proof of identity that you are the individual to which the personal data relates (e.g. recent utility bill, driving licence)
  • details of the business to whom you require the data to be sent (if applicable).

We will provide the personal data in a structured, commonly used and machine readable format. Examples of appropriate formats include CSV and XML files.

If we are unable to transfer the data to another business due to technicalities or restrictions, then we will send the personal data to you for you to complete the transfer.

This service will be provided free of charge.

The right to object

You have the right to object to any processing undertaken for the purposes of direct marketing (including profiling). Without prejudice, we will stop processing for direct marketing as soon as we receive your objection.

However, there are data items which we must retain, for example, including any accident logs, first aid assessments. We identify in the associated privacy statements where we must retain information for legal purposes.

Should you to processing of your personal data, you must contact the data contact

By post

Quarto Consulting Ltd, Quarto Consulting Ltd Limited, 9 High Street, Woburn Sands, Buckinghamshire, MK17 8RF

By email data@quartoconsulting.co.uk

We will stop processing without exception from the date of receipt of your objection.

The right not to be subject to automated decision-making including profiling.

We do not perform automated decision-making using your personal data to profile, nor do we supply the information we hold to third parties for use in analysis or prediction.