Privacy Collection Notice – Contact Us Form
Effective from 2 August 2018
Important Notice. This Notice is provided in connection with the European Privacy Law, General Data Protection Regulation (EU) 2016/697 (“GDPR”) and only applies to individuals who can enforce that law.
The controllers for this personal data are the relevant Gordian company that are providing you with the service that you are entering into a contract with: Gordian GDPR Representative Limited for Representative Services (a UK company); Gordian Services Limited for Data Protection Office Services (a UK company) or Gordian Services Pty Ltd for Australian-based training services (an Australian company).
We are collecting the personal data that you provide to us by submitting the form, which we will use for the primary purpose of dealing with the enquiry or request that you are submitting through the Contact Us webpage.
Gordian GDRP Representative Limited for Representative Services or Gordian Services Limited for Data Protection Office Services will process your personal data in the EU, and/or may authorise other Gordian companies, and their contractors, to process your personal data in Australia, the EU or the United States. Gordian Services Limited will process your personal data in Australia or the EU and may authorise other Gordian companies, and their contractors, to process your personal data in Australia, the EU or the United States. Where your personal data is transferred outside of the EU it will be transferred in accordance with legal requirements, and we will use contractors who have represented to us that they comply with GDPR standards, are subject to US Privacy Shield protections or are bound by EU approved Model Clauses or clauses that reflect Article 30 of GDPR. Accordingly we believe that, although some of the recipients are not subject to GDPR itself, they are reputable companies who have committed to the principles of privacy protection set out in GDPR, and your personal data should be respected accordingly. The primary third party processors for Gordian companies that are subject to GDPR are Citrix (document management), Xero (accounting and payroll), Stripe (payments), WordPress (website) and Mail Chimp (email marketing). By agreeing to this Privacy Collection Notice and submitting your information to us, you give us your explicit consent to make these transfers.
We keep your personal data whilst we have an on-going relationship with you, for a reasonable period afterwards (but not longer than 3 years for this reason) and for any additional period that we are required to do so under the law of the jurisdiction in which the personal data is kept. After this period, your personal data will be irreversibly destroyed.
You have the following rights under the GDPR (although certain limitations or exceptions may apply under that law), including the right to:
In situations where our processing is unlawful and you oppose the erasure of the personal data you may request the restriction of the use instead.
To exercise any of these rights or if you want to contact us for any other reason, please contact us through the Contact Us web form on our website, using the title “DATA SUBJECT RIGHTS REQUEST”.
In the event that you wish to complain about how we have handled your personal data, please contact The Privacy Officer at firstname.lastname@example.org or in writing at 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom. Our Privacy Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact: