Overarching Privacy Notice

‍

1. Introduction

This Privacy Notice explains how Logan Tod & Company Ltd (“Logan Tod”, “we”, “us”, “our”) collects, uses and protects personal data, and describes your rights under UK data protection law.

‍

Logan Tod is a profit-with-purpose company registered in England and Wales (company number 10763659).

‍
Registered office: Mansion House, Manchester Road, Altrincham, Cheshire, England, WA14 4RW.

‍

We are committed to protecting privacy and handling personal data lawfully, fairly and transparently in accordance with:

the UK General Data Protection Regulation (UK GDPR); and
the Data Protection Act 2018.

2. Who we are and our role

Logan Tod is registered with the Information Commissioner’s Office (ICO) as a Data Controller (registration number ZA643572). Depending on the circumstances, Logan Tod acts as either:

a Data Controller, where we determine the purposes and means of processing; or
a Data Processor, where we process personal data strictly on behalf of another organisation under a written contract.

We do not act as a joint controller.

‍

3. How we collect and use personal data

We process personal data according to our relationship with you, as outlined below.

‍

3.1 Prospective clients

If you work for an organisation that may purchase our products or services, we may process:

Name
Work email address
Business contact details
Content of communications and associated metadata
Any information you choose to provide to us

Purpose:
To communicate with you regarding procurement, contracting and implementation of our services.

‍

Lawful basis:

Legitimate interests – Article 6(1)(f) UK GDPR

‍

Our legitimate interest is in developing and managing business relationships. We have carried out a Legitimate Interests Assessment, which you may request.

‍

Logan Tod acts as Data Controller for this processing.

‍

3.2 Client personnel (users of our platforms or services)

If you work for an organisation that uses our products or services, we may process personal data when:

you contact us directly;
a user account is created for you; or
you use our systems.

‍

Data may include:

Name
Email address
Job title
Organisation
Telephone number

‍

Purposes:

creating and managing user accounts;
providing technical support;
delivering contracted services.

‍

Roles and lawful basis:

Where Logan Tod determines the processing (e.g. account administration, direct support):
- Role: Data Controller
- Lawful basis: Performance of a contract – Article 6(1)(b)
Where processing is determined by your employer:
- Role: Data Processor
- Processing is governed by a written data processing agreement

Please refer to your employer’s Privacy Notice for details of their processing.

‍

3.3 Members of the public / service users

Logan Tod provides technology and services to public- and private-sector organisations, including local authorities and NHS bodies.

‍

Where individuals use our clients’ services, we may process personal data only on our clients’ instructions.

‍

Role:

Logan Tod acts solely as a Data Processor

‍

Purpose:
To provide and support the services instructed by the client organisation.

Logan Tod does not access, store or use client or patient identifiable data except where strictly necessary to provide the contracted service.

‍

We apply data minimisation and privacy-enhancing measures wherever possible.

If you contact us directly, we will process your information to respond to your enquiry.

‍

3.4 Job applicants

If you apply for a role at Logan Tod, we may process:

Name and contact details
Employment history and CV information
Assessment results
Interview notes and references
Right-to-work information

‍

Purposes:

assessing suitability for employment;
taking steps prior to entering into an employment contract;
meeting legal obligations.

‍

Lawful bases:

Performance of a contract – Article 6(1)(b)
Legal obligation – Article 6(1)(c)

Logan Tod acts as Data Controller.

‍

4. Special category data

Logan Tod does not routinely access or store special category personal data.

‍

Where such data is processed on behalf of a client (for example in health or public-sector contexts), Logan Tod acts strictly as a Data Processor, and processing is carried out only under the client’s instructions and applicable safeguards.

‍

5. Automated decision-making

Logan Tod does not carry out automated decision-making or profiling that produces legal or similarly significant effects.

‍

6. Data sharing

We do not routinely share personal data with third-party data controllers unless required by law or regulatory obligation.

‍

We may share anonymised or de-identified data for analysis, research and service improvement where individuals cannot be identified.

‍

7. International data transfers

We may use cloud service providers whose data centres are located outside the UK.

Where personal data is transferred internationally, appropriate safeguards are in place, including:

the UK International Data Transfer Agreement (IDTA); or
the UK Addendum to the EU Standard Contractual Clauses.

‍

8. Data retention

Personal data is retained only for as long as necessary for the purposes for which it was collected.

‍

Retention periods are determined by contractual, legal and operational requirements. Where data is no longer required, it is securely deleted or anonymised.

‍

9. Your rights

Under UK GDPR, you have the right to:

access your personal data;
request rectification;
request erasure;
restrict processing;
object to processing; and
request data portability (where applicable).

Requests can be made using the contact details below.

‍

10. Contact details and complaints

Data Protection Lead
Email: zhiqian.huang@logantod.net
Postal address: as above

If you remain dissatisfied, you may complain to the Information Commissioner’s Office (ICO):
www.ico.org.uk

‍

11. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The most current version will always be available on our website.

‍