The Privacy Notice details the organisation's acquiring, use and sharing of personal data for the delivery of its services alongside its commitment to ensuring the privacy and security of this data. It is drafted to be public facing and support the requirements around transparency and accountability for the use of individual's data.
Logan Tod & Company Ltd. (Logan Tod) is a not-for-profit data and analytics company. We are registered as a limited company in the United Kingdom (no. 10763659) and our registered address is Ynot House 3 Wey Court, Mary Road, Guildford, Surrey, England, GU14QU.
The processing of your personal data is carried out by or on behalf of Logan Tod under the framework provided by relevant data protection legislation such as UK and/or EU General Data Protection Regulations and the Data Protection Act 2018.
This privacy notice tells you what you can expect from us with regards to the collecting, storing and use of your information. It explains in detail:
- the purposes we are processing your information for and why we are lawfully allowed to do this;
where gain your information from and whether there are other recipients of your personal information
- whether we intend to transfer it to another country; and
- how long we store it for;
- whether we conduct automated decision-making or profiling;
- your rights in relation to this data;
- who the DataProtection Officer (DPO) is and contact details for them.
Logan Tod is registered as a data controller with the Information Commissioner's Office (ICO) with registration no. ZA643572. As a data controller, Logan Tod determines what data is collected, how this data is going to be used and how this data is protected.
We process your personal data according to the relationship we have with you which includes:
- Prospective clients
- Client personnel
- Members of the public/patients
- Job applicants and prospects
We interact with you as follows:
If you work for an organisation who buys software or services and engage with us we will collect and process the following information about you as part of our interactions with you:
- Email address
- Content of email communications with you and metadata (including delivery status)
- Any additional information you provide to us through our communications with you
Logan Tod is accountable for how your information is used for these purposes and acts as the “Data Controller”. We collect this information on the basis of our legitimate interests to discuss procurement, purchasing and implementation of our products and services.
If you are working for an organisation that uses one or more of our services or products, we receive information about you in three ways:
- When you contact us directly, for example via email or our website
- User account registration - when you require access to one or more platforms or systems operated by Logan Tod
- Use of platforms or systems operated by Logan Tod
If you contact us for support in relation to your use of our platforms for systems or in relation to the services or products we supply to your organisation we will use any information you provide to us to respond to your enquiry and to assist you.
For all other purposes your employer is accountable for how your information is used by us (they are the “Data Controller”). They either provide us with information, or instruct us to collect this on their behalf, and instruct us how to use it. Logan Tod therefore operates as a “Data Processor” on behalf of your employer and we hold a legal agreement with your employer that sets out what we do with the data and how we keep it safe and secure.
Please refer to your employer’s Privacy Notice for further details about how they process your personal data and ensure this complies with the law.
When an account is created for you, the following information about you may be collected:
- Email address
- Telephone number
- Date of Birth
- Job Title
We use this information to create and maintain your user accounts within our platforms and systems.
Logan Tod provides services and products to a range of client organisations including local authorities and the NHS. If you use the services of one of our clients, we may receive information about you from them.
The organisation is accountable for how your information is used by us (they are the “Data Controller”). When they want to use our services or products they provide us with your information and instruct us how to use it. Logan Tod therefore operates as a “Data Processor” on behalf of organisations and we hold a legal agreement with them that sets out what we do with the data and how we keep it safe and secure. We also ensure that privacy enhancing techniques are applied to ensure that any information which could be used to directly identify you is minimised or removed wherever identifiable information is not required. Please refer to the organisation’s Privacy Notice for further details about how they process your personal data and ensure this complies with the law. If you contact us directly, for example via email or our website, we will use any information you provide to us to respond to your enquiry and to assist you.
If you apply for a role at Logan Tod we will collect the following information about you:
- Email address
- Telephone number
- Employment history and other data in your CV or otherwise submitted to us
- Assessments completed by you as part of the application process
- Feedback about you from our staff and your referees
Logan Tod is accountable for how your information is used for these purposes and acts as the “Data Controller”. We collect this information on the basis of our legitimate interest to assess job applications and to take steps necessary to enter into an employment contract with you. We also collect it because we have a legal obligation to ensure applicants have the right to work.
Your data may, in certain circumstances be provided to other regulatory or law enforcement bodies, but only in compliance with the law and where strictly necessary.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, including profiling, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract.
Under data protection law one of the following lawful bases may be applied to the processing of personal data by or on behalf of Logan Tod:
- Legitimate Interests: Article 6(1)(f) – ‘processing is necessary for the purposes of the legitimate interests pursued by the controller…’
- Legal Obligation: Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest…’
- Public Interest: Article 6(1)(e) – ‘processing is necessary forthe performance of a task carried out in the public interest…’
- Performance of a contract: Article 6(1)(b) - ‘processing is necessary for the performance of a contract to which the data subject is a party; or in order to take steps at the request of the data subject prior to entering into a contract…’
Under data protection law the following Article 9 condition may be applied to the processing of special category data by or on behalf of Logan Tod:
- Healthcare purposes: Article 9(2)(j) – ‘processing is necessary for archivingpurposes in the public interest, scientific or historical research purposes orstatistical purposes…’
Under the common law duty of confidentiality, the following lawful basis applies:
- The data subject has consented to the services and the sharing of their data for the purposes of ascertaining the service.
Logan Tod collects personal data directly from the data subjects themselves such as individuals that agree to service, contracted partners, website enquiries, or providers of Health and Social Care.
We will not ordinarily or routinely share any of your confidential personal data with any third-party data controllers without your consent.
Data which has de-identified so that it is no longer confidential and it is not possible to identify you directly from it will be shared with authorised recipients for the purposes of analysis and research.
We may transfer the data that we collect from you to cloud service providers which have data servers which are based in a variety of locations, including outside the European Economic Area (which includes all EU Member countries as well as Iceland, Liechtenstein and Norway; the “EEA”). For any transfer, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the relevant legislation.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, we will either delete your data completely or anonymise it, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
We do not undertake any automated decision-making or profiling in relation to your personal data.
Under data protection law, you the following rights to your information:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. In order to take up any of these rights you should contact us.
Logan Tod strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we may receive about this very seriously. We encourage people to inform us if they think that any collection or use of information by us is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. You can do this by contacting us via our online form or by emailing our Data Protection Lead directly: firstname.lastname@example.org
If you remain dissatisfied, you have the right to make a complaint to the Information Commissioner’s Office (ICO). Please seethe ICO’s website for more information: www.ico.org.uk
We reserve the right to make changes to this Privacy Notice at any time. If we change our Privacy Notice and procedures, we will post those changes on our website to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it.