(last updated 31.08.22)
Data Privacy and Protection
Kate Fitzgerald Consulting Limited (Company No. 13195832) is committed to protecting the privacy of our customers, suppliers, contractors and staff in accordance with the Data Protection Act 2018 (DPA 2018), UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
Who We Are
Kate Fitzgerald Consulting Limited (ICO registration ZB370708) specialises in providing data privacy and protection services, as well as research support and data insights to arts, cultural and heritage organisations. We work solely as a business-to-business consultancy and have no direct relationship with consumers.
Our Privacy and Data Principles
- To provide clear, honest and open information about how we use any personal data in our business.
- To use personal data appropriately and in a way that would be reasonably expected by our clients and their customers.
- To only process personal data where it is absolutely necessary and when our client organisations have specifically asked us to, or where we need to do so in order to fulfil our contract with a client.
- To be accountable and responsible: to take active steps to protect personal data from harm, and to ensure that data is deleted once the reason for processing it has passed.
- To ensure our clients and partners (suppliers and contractors) understand these principles and their responsibilities in delivering them.
What Information We Collect
Contact and Business Information
We will hold contact details of our clients on our systems in order to operate our business effectively. This includes contact details for members of staff involved in the project, and finance teams for invoicing.
Email, Web Activity and Social Media
We keep a record of the emails we send and receive from clients in order to track progress of a project, or to keep a record of the work we have undertaken with them. Emails are kept for the duration of a project and then regularly purged in-line with our retention policy.
Like most websites, we receive and store certain details whenever you use the katefitzgeraldconsulting.com website. We use “cookies” to help us make our site better, including gathering usage data via Google Analytics.
We use social media to broadcast messages and updates about our work, and to signpost industry colleagues to useful content. We never buy paid advertising on social media.
From Third Parties
Occasionally we are asked to process personal data relating to donors, visitors or customers as part of our work with a client. Our principles in doing this are:
- We only ever do so at the request of, or with the explicit permission of the client.
- Where possible, we aim to interrogate the data on the client’s own systems, with a member of staff from the client organisation present.
- On the unusual occasion that data is passed across to us for independent processing, we take care to ensure a Data Processing Agreement is in place, and that the data is adequately protected and deleted at the earliest opportunity after the need for processing has ceased.
We operate a number of audience research projects and surveys on behalf of our client organisations. We use SurveyMonkey in order to gather these responses. Our principles around this are:
- To only capture non-personal data wherever possible (i.e. anonymised answers to survey questions, with no contact data or individual identifier)
- Where an organisation has asked to include data capture, such as a prize draw or similar, the client organisation is encouraged to capture this on their own website, via a link at the end of the survey (so that the personal data is not held by Kate Fitzgerald Consulting Limited)
Any data regarding children, disability or medical need, religion, political affiliation, sexuality or ethnicity is regarded as sensitive. We very rarely have the need to process any data of this kind, but when we do, we take steps to ensure that any such information is only collected where necessary, is subject to enhanced security measures, used only for the purposes agreed, and erased when no longer necessary.
What We Do With Your Data
The personal data we hold is used to perform the contract of work we have with our clients. This includes project updates and reports, billing and payment enquiries, and sharing information we believe to be of use or interest.
Sharing Your Data With Third Parties
We will not share any personal data with any other third parties unless required to by law.
How We Keep Your Data Safe
Our clients’ data will be held and processed on Kate Fitzgerald Consulting Limited systems. We maintain secure systems to hold contact details and a record of your interactions with us.
All information received by us is retrieved using secure technology. In order to provide a safe and secure environment for your personal information we use up to date technology with a view to protecting that information against loss, misuse or unauthorised alteration.
Data is held by us for as long as is legally or practically necessary for our business. Once that necessity is past we have a regular programme of data suppression and deletion.
You have the following rights related to your personal data:
- The right to withdraw consent at any time
- The right to request a copy of personal information held about you
- The right to request that inaccuracies be corrected
- The right to request us to stop processing your personal data
- The right to lodge a complaint with supervisory bodies such as the Information Commissioner’s Office or Fundraising Regulator
- The right to erasure of personal data
- The right to restriction of processing
- The right to data portability
If you wish to exercise any of the rights set out above, please contact us using the details below. If you are unhappy with how we are processing your personal data, you have the right to complain to the ICO.
The Information Commissioner can be contacted at:
Please contact us if you have any questions about how your data is used, data retention periods, or wish to be removed from any communications or data processing activities.