The first part of this page deals with cookies, the second more generally with privacy.

Who we are

Our website address is: https://oareborough.com. This is the web site of Oareborough Consulting Limited, a management consultancy working in IT, outsourcing and dispute resolution.

This Web Site and Privacy

What personal data we collect and why we collect it

Visitors are invited to leave contact details. This will be used to contact you to support you in fulfilling your immediate and longer-term business needs. We may subsequently use the contact details provided to maintain contact with you and send periodic updates and articles of potential interest.

Cookies

This site uses Google Analytics to monitor patterns of usage. The resulting data is provided to Oareborough Consulting in anonymised form. Google publishes its privacy policy here. The cookies we use contain no personally identifiable data.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Consent to the use of Cookies

As well as the consent provided by implication through your browser’s settings, we provide a button and associated policy information. If you do not so consent, you may:

  1. Cease using the site;
  2. Set your browser to block cookies (the site will still function);
  3. Clear your browser store of cookies (the site will still function).

Your browser’s Help function should support you with options 2 and 3.

For more general background on cookies, Wikipedia and other sources should be consulted. Information on the law and your rights in relation to cookies is available from ico.org.uk.

Oareborough Consulting Privacy Policy

Our management of your personal data has been revised in the light of the GDPR, effective 25th May 2018 and the UK Data Protection Act 2018.

Oareborough Consulting is firmly committed to privacy and the protection of your information. Oareborough will ensure that the data you supply to us is processed fairly, carefully and lawfully.

Oareborough Consulting Limited is a Data Controller. This privacy policy sets out how we use data about you. You can contact us if you have any questions about this.

Oareborough Consulting operates within the European Economic Area (EEA) and does not export personal data outside that region. Our service providers store our data within the EEA. This web site is hosted in a UK data centre. 

Oareborough Consulting respects the privacy of our Clients and those involved in disputes we are asked to investigate. We recognise and implement protections and management of personal information. When we, and our service providers, collect and use your personal information, we are the data controller for the purpose of Data Protection Legislation (defined below).

In the course of acting as an expert witness we may be provided with your personal information by a client, solicitors or service providers acting on the client’s instructions. In this case we are acting as a joint controller with another organisation (such as the client or instructing law firm). Where we are acting as a joint controller with another organisation, we will have a written agreement in place to govern this relationship.

Purpose of this Policy and Notice

We have prepared this Privacy Notice to assist you in understanding what information we collect and how that information is used by us and by third parties.

Key Terms

When we refer to Data Protection Legislation we mean the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”); and the Data Protection Act 2018.

Personal information is information that can be used to identify or contact a specific individual, such as a name, address, telephone number, email address, etc., and also online identifiers and location data such as IP addresses and mobile device IDs.

Special category data means personal information revealing your racial or ethnic origin; political opinions; religious or philosophical beliefs; or trade union membership; genetic data; biometric data; data related to your health or data concerning your sex life or sexual orientation; and criminal convictions or involvement in criminal proceedings.

A data controller is someone who decides why personal data is to be collected and how it will be used and treated.

A joint data controller is where a person or organisation determine the purposes for which and the manner in which any personal data are, or are to be, processed. Joint controllers act together to decide how data is to be collected and how it will be treated.

What Personal Information do we Gather?

Whether or not you become a customer, we shall use your data within the reasons set out below. If you do become a customer, we shall use it to serve your organisation and to deliver our services to you.

  • Name, work address, telephone numbers, e-mail address and any other relevant contact details which you have communicated to us by whatever means;
  • The address and background to your organisation;
  • Records of services provided to your organisation;
  • Records of conversations and written information you have supplied to us either in preparation to serve your organisation or in the delivery of services; and
  • Personal data about other named stakeholders within your organisation and your network to whom you introduce us.

The provision of such information is always optional. Your assistance in providing it enables us to serve your organisation more effectively. This includes your clients and suppliers where we are working together. Any documents you provide to us may be retained in accordance with our retention policy. We do not record telephone or other conversations.

We may also be provided with information, documents and data by clients as part of the process of working as an expert witness in relation to a project or other technical activity that you have been involved in. In this context the client holds that data as a result of an employment or contractual relationship.

Why do we collect this information? How do we use it?

We process your personal data:

  1. As necessary to perform our contract with you for the relevant service:
    1. To take steps at your request before entering into it;
    2. To decide whether to enter into it;
    3. To manage and perform that contract including identifying and fulfilling the needs, concerns and performance of stakeholders; and
    4. To update our records.
  2. As necessary for our own legitimate interests or those of our associates:
    1. For good governance, accounting, managing and audit of our business operations;
    2. To monitor and identify potential to deliver new or extended services to you or others;
    3. To assist us in identifying you;
    4. To research the market and develop the services we offer; and
    5. To maintain awareness of each other and prompt consideration.
  3. As necessary to comply with legal obligations:
    1. When you exercise your rights under data protection law and make requests;
    2. For compliance with legal and regulatory requirements and related disclosures; and
    3. For establishment and defence of legal rights.

We do not attach copies of documents to reports provided to the courts or include any personal information, other than names, in such reports.

The basis of processing is legitimate interests, for the following:

  1. Ongoing communications on matters of potential interest that may include marketing communications, events, articles and others;
  2. When we enter into a Linkedin or face-to-face connection with the exchange of details.
  3. When we undertake the delivery of services to your organisation.

If you wish that we should not communicate with you any further, please inform us by email.

Subject to applicable data protection law, we may share your personal data with:

  • Subcontractors and other persons who help us to provide our services;
  • Companies and other persons providing services to us;
  • Our legal, accounting and other professional advisors;
  • Courts, to comply with legal requirements and the administration of justice;
  • In an emergency or otherwise to protect your vital interests;
  • When we restructure or sell our business or its assets; and
  • Any others where we have your consent, or it is required by law.

Your Rights Under Data Protection Legislation

Your rights are as follows for residents of the EU:

  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it is inaccurate and to have incomplete data completed;
  • The right to object to processing your personal data;
  • The right to restrict processing your personal data;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to request access to your personal data (“data portability”); and
  • Rights in relation to automated decision-making including profiling.

Please inform us by email if you wish to exercise any of these rights in respect to your own personal data.

If you wish that we change the way that we contact you or opt out from further communication, please tell us by email.

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law. ico.org.uk.

Who May Receive your Data

We may disclose your information to service providers under contract who help with our business operations (including, but not limited to, fraud investigations, software development, email delivery, marketing communications, bill collection, payment processing, audits, technical services and site analytics and operations).

We may disclose your information to other third parties to whom you or a contracting party explicitly ask us to send your Personal Data (or about whom you are otherwise explicitly notified and consent to when using a specific service).

We may disclose your Personal Data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to comply with such legal process, or to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We will use reasonable endeavours to notify you before doing so, unless we are legally restricted from so doing.

Non-Disclosure of Personal Information

Oareborough Consulting will not sell, trade, rent or otherwise release your personal information to any other organisation for any purpose unless you have previously been asked for and given your consent.

We will not disclose any personal information provided other than as described in this privacy policy unless you have authorised us to so do, or if we are required to do so by law. If at any time Oareborough Consulting is required by law to release information about you or your organisation, we will co-operate fully with the relevant authorities.

Data Retention Criteria

The following criteria are used to determine data retention periods for your personal data:

  • Retention in case of queries and investigations
  • Retention in case of claims
  • Retention in accordance with legal and regulatory requirements
  • Retention of common interest. We recognise that people move between organisations, retire and otherwise leave.

ICO Registration

Under the Data Protection Act 2018, most UK organisations are required to register with the Information Commissioner’s Office (ICO) as the UK’s data regulator. Oareborough Consulting holds registration number ZA866172 in compliance with the regulations.

Data Residence

The data that we collect from you will usually be stored inside the UK or the European Economic Area (EEA). However, if you live or work outside the UK or the EEA, we may need to transfer your personal data outside this region to correspond with you. Where this applies, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.