Our policy on privacy
Concert Consulting believes strongly in protecting the privacy of its users. We collect personal information only when necessary. We do not collect any personal information about users of our web site unless they take advantage of its customisation features. We collect only aggregate information about the behaviour of web visitors in order to improve the quality of the site.
Collection of personal information
In some cases, we may ask you for personal information.
Customisation: Some areas of the site can be customized according to user preferences. We use individual preferences to deliver custom content online and analyse aggregate preferences in order to improve site quality.
Event registration: If a user registers for an event on-line, their personal information will be used to fulfil that request, and may be shared with third parties involved with the event (a hotel, for instance).
E-mail: If you send an e-mail message to us, we will use your e-mail address and other information you provide to respond to your request.
Surveys: The information we collect in online surveys is used for internal research purposes. In general, we do not divulge individual responses to surveys except for participant names. Exceptions to this policy are noted when users access particular surveys. Third parties administer some of our surveys, but they cannot use any of the individual data they help collect.
On occasion, we may share responses with a co-sponsor who works with us to analyse the data; in this case, we expect the co-sponsor to maintain the same level of confidentiality with individual responses.
Provision of personal information by our clients
Our clients, or third parties acting on behalf of our clients, may provide personal information about their employees or members, this information is provided purely for the production and distribution of communications approved by our clients (agreed activity). We commit that:
- We will request only the information required to undertake the agreed activity;
- We will receive and store this information securely using the appropriate means of data transfer and levels of encryption;
- Transmit this information to approved sub-contractors only for the purpose of undertaking the agreed activity; and
- Dispose of the information within two weeks of the agreed activity been concluded (this will include ensuring any sub-contractors also dispose of the any information provided to them).
We will not:
- Share any personal information provided to us to any third party, except for approved sub-contractors who are required to undertake the agreed activity; and
- Transfer or allow the transfer of personal data outside the European Union.
Should we receive information in surplus to the requirements for the agreed activity we will:
- Inform the client additional information has been provided which is surplus to the requirements of the agreed activity;
- At the earliest opportunity, but no later than within 2 working days, remove the additional information from Concert’s databases;
- If required, request for the provision of revised personal information to undertake the agreed activity.
Personal information we may receive
We may receive, store and process the following types of information:
- Employees or members names, addresses (including email addresses) and telephone numbers;
- Employees or members dates of birth, National Insurance numbers and other information which may identify individual members (e.g. membership numbers);
- Employees or members salary and other renumeration data and information in relation to benefits and potential benefits payable to the employee or member and/or their dependants or beneficiaries.
We may use sub-contractors to undertake specific elements of the agreed activity and as a result provide personal information, provided to us by our clients, to these subcontractors for the purpose of undertaking the agreed activity. Before any data is provided to sub-contractors we will ensure:
- A formal contract is in place between Concert and the sub-contractor;
- The sub-contractor has the appropriate data security procedures (as a minimum the sub-contractor must have a current ISO 27001 accreditation or equivalent and be registered with the Information Commissioners Office);
- Any data provided by to the sub-contractor will be appropriately disposed of once the agreed activity has been concluded.
Rights of our clients’ members or employees
Upon request, Concert will confirm to any client’s employee or member the information we hold about them. Such requests should be addressed to:
Concert Consulting (UK) Limited
21 Prince Street
The information will be provided within 2 working days of receipt of satisfactory confirmation of the individual’s identity. Concert are not obliged to confirm that data has previously been provided in respect of an individual if it has already been removed from Concert’s databases. We reserve the right to charge a processing fee (of no more than £10 per data subject) for the provision of this information. If a fee is levied this must be paid prior to the release of the information.
Our data controls
Concert are ISO 27001 accredited and registered with the Information Commissioners Office. Copies of the latest certificates are available on our website www.concertconsult.co.uk. Our ISO processes are independently audited on an annual basis.
If you have any questions about our privacy practices, please contact us at firstname.lastname@example.org.