Who we are: Naomi Korn Associates is one of the leading management consultancies in the UK specialising in copyright, licensing and data protection. We work with and provide consultancy services to a range of organisations. We are registered with the Information Commissioner’s Office (ICO) as a data controller: Registration number ZA329287. This privacy notice outlines why we collect personal data, how we use it, keep it safe and the rights of those whose data we hold.
Why we collect data: We collect, store and process personal data of clients, potential clients, training course delegates, employees and our consultants for the purposes of fulfilling our contractual and legal obligations and responsibilities. We will only collect data we need to give you a better experience, to improve and deliver our services to you and to meet our responsibilities to you.
How we use personal data: We use personal data to fulfil our contractual obligations with clients, employees and our Consultants. Personal data of individuals who we provide services for, or on behalf of our clients is used to maintain our relationship and to deliver our consultancy, training and services.
We will send you newsletters, information about our consultancy services, training and our latest advice, guidance and blog posts via our mailing list if you have actively consented to us doing so (e.g. you have opted to join our mailing list). Individuals signed up to our mailing list can withdraw their consent at any point by unsubscribing from the email or by contacting us at info@naomikorn.com.
3.1 Employees and Consultants We will use the personal data of our employees and consultants for the purpose of fulfilling our contract with you and our legal obligations. More information is available in our Employees, Workers and Consultants Privacy Notice which is available on request/at commencement of your contract with us.
3.2 Training Course Delegates When you sign up for our training courses, we collect necessary information such as delegate name, contact details, job title, and organisation. This data enables us to manage course logistics, communicate important updates, and tailor the training experience. Personal data is used to facilitate the delivery of training sessions, workshops, and materials. It allows us to provide relevant content, track attendance, and assess learning outcomes.
3.3 Conference and Show Attendees We value the interactions we have with attendees at conferences, trade shows, and other events. We may contact attendees after the event to provide additional information, answer queries, or discuss potential projects.
3.4 Marketing If you are an existing or previous client or current or former training delegate we may contact you with relevant news, updates, and promotions.
If you do not wish to receive marketing emails, please contact us at info@naomikorn.com.
We may contact corporate contacts with unsolicited marketing. Our legal basis for this is legitimate interests and we comply with the Privacy and Electronic Marketing regulations (PECR) by only contacting corporate subscribers and always offering an opt out. If you do not wish to receive marketing emails, please contact us at info@naomikorn.com.
What personal data do we collect?
• Clients and delegates on our workshops: we collect personal data (name, contact details, job title, organisation) for the purposes of fulfilling our services. We may also take photographs of the course/event. • Employees and Consultants: we collect personal data (name, date of birth, contact details etc). Additional data collected (e.g. financial, pensions etc) is collected for the purposes of processing payroll and our pension obligations. • Subscribers: We collect emails and names from people subscribing to our mailing list. • Conference/event attendees: we collect name, email address, phone number, and organisation details when you visit our stand/talk. We may record the topics or services that you express interest in during conversations at our stand. We may take photographs of attendees visiting our stand/talk. • Business Cards: If individuals share business cards, we collect and process the information printed on those cards. • Social media/public information: We may collect publicly available information from social media platforms to better understand our clients.
From time to time, as part of our contractual relationships with our clients, we may process personal details of third parties for the purposes of providing our services, such as rights clearances.
Our legal process for processing personal data
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal bases we use for processing data are:
• Legitimate Interests: for the purposes of fulfilling our consultancy activities and the provision of our services. For maintaining relationships with attendees, providing ongoing support, and improving our training offerings. We may use publicly available and social network information to enhance our understanding of prospective clients, tailor our communications, and provide relevant services. • Contract: for the purposes of fulfilling our obligations to Naomi Korn Associates employees, our consultants and in some cases direct clients. • Contract: for the fulfilment of any training you have booked or are attending as a delegate. • Legal obligation: for the purposes of fulfilling our statutory obligations, including our pension provisions to our employees. • Consent: we will ask for your consent when people opt into our mailing list, or where we take photographs of identifiable individuals.
How long do we keep data?
We store and retain personal data for various periods of time in line our legal obligations, financial regulations and internal requirements. Typically, we will delete personal data collected during project work such as rights clearance after 6 months. We have a Data Retention Policy to ensure that your data is not held for longer than is necessary.
How we keep data secure
Access
We have robust processes, procedures, contracts and agreements in place to ensure secure collection, storage and processing of personal data. Only authorised employees, consultants and third-party data processors (e.g. those who process data on our behalf) have access to personal data we hold. All our suppliers and contractors meet the standards we require. Training is undertaken regularly, and checks are made to ensure data quality is maintained.
Security
Personal data is stored securely on our network, on encrypted devices (iPads, laptops, smart phones etc) and within third party systems (e.g. bulk email distribution platform) whose tools we use to process data.
International transfer of data
Your information is held securely in the UK. Prior to engaging or using third party systems to process data, we ensure that sufficient safeguards, contracts/agreements are in place to protect personal data and that all parties comply with the requirements of UK GDPR and the Data Protection Act 2018.
Who we share data with
In line with our legal obligations, we share personal data about employees with HMRC, pension providers and payroll services.
We also share personal data with third parties who process our data for the purposes of providing services to you, such as email providers, digital file storage providers, those processing credit card payments, our online invoicing system, Eventbrite for booking events etc.
We ensure that any third-party we use complies with the UK GDPR and the Data Protection Act 2018. Sharing with a third-party (known as a Data Processor) will always be carried out under contract, as part of which we will specify that your data must be kept safely, used only under our instructions, and not be used for the third parties’ own purposes without prior agreement.
Finally, we will share data with the appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.
If you have been booked on a training course by your employer/a third-party we will share the outcome of that course where applicable.
Third-party partners may share data with us, for example, during collaborations for training or events. We may also securely share relevant details with these partners if you book through us, always ensuring data is secure and we have a legal basis for sharing.
Your rights
Under the UK GDPR and the Data Protection Act 2018, you have the following rights:
• Right to be informed. This Policy provides you with information in relation to how your data is processed. This ensures that we are transparent about what we will do with the information you supply to us. • Right of Access: You can ask us to provide you with the personal data about you we hold. This right always applies. There are some exemptions, which means you may not always receive all the information we process. • Right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. • Right to erasure: You have the right to ask us to erase your personal information in certain circumstances. • Right to object. You have the right to object to processing if we are able to process your information because it is in our legitimate interests. You can also unsubscribe from our mailings and remove your details at any time. If you wish to stop receiving communications from us, you will be able to do so by contacting us at info@naomikorn.com • Right to data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. • Rights related to automated decision making. If there is additional profiling based on the information we hold, then you can object to us making decisions about you based on such processing.
You can make a request at any point by email info@naomikorn.com. We will respond to a request within one month of receipt. However, where a request is received to erase data, we may not be able to delete all data (for example where data is linked to financial transactions that must be kept for a set period of time under financial regulations).
Links to other websites:
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
How we use cookies:
We use cookies to ensure you get the best experience on our website. We also use them for analytics such as Google Analytics and other web tracking technologies. Cookies allow web applications to respond to you as an individual.
The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences such as identifying your computer’s previous visits to a website, ascertaining the most popular features of a website or enabling an organisation to present specific information to you.
We use standard WordPress statistics which record visitor numbers and their country of origin.
Complaints:
If you would like to find out more about how we process data, or if you wish to make a complaint, please contact us at info@naomikorn.com.
If we are unable to resolve your complaint, you also have the right to complain to the Information Commissioner’s Office if you feel that your data had been processed in a way that is not compliant with this policy or in line with the UK GDPR and the Data Protection Act 2018. You can contact the ICO by visiting their website, http://www.ico.org.uk or by calling 0303 123 1113.
Notification of Changes:
We keep this Policy under regular review and will update this page. You should check this page from time to time to ensure that you are aware of any changes.
