Privacy Policy

Who we are:

Naomi Korn Associates is one of the leading management consultancies in the UK specialising in copyright, licensing and data protection. We work with and provide consultancy services to a range of organisations. We are registered with the Information Commissioner’s Office (ICO) as a data controller: Registration number ZA329287. This privacy statement outlines why we collect personal data, how we use it, keep it safe and the rights of those whose data we hold.

Why we collect data:

We collect, store and process personal data of clients, potential clients, employees and our Consultants for the purposes of fulfilling our contractual and legal obligations and responsibilities.

How we use personal data:

We use personal data to fulfill our contractual obligations with clients, employees and our Consultants. Personal data of individuals who we provide services for, or on behalf of our clients is used to maintain our relationship and to deliver our consultancy, training and services.

We will only send you newsletters, information about our consultancy services, training and our latest advice, guidance and blog posts via our mailing list if you have actively consented to us doing so (e.g. you have opted to join our mailing list). Individuals signed up to our mailing list can withdraw their consent at any point by unsubscribing from the email or by contacting us at info@naomikorn.com

What personal data do we collect?

  • Clients and attendees on our workshops: we collect personal data (name, contact details, job title, organisation) for the purposes of fulfilling our services.
  • Employees and Consultants: we collect personal data (name, date of birth, contact details etc). Additional data collected (e.g. financial, pensions etc) is collected for the purposes of processing payroll and our pension obligations.
  • We also collect emails and names from people subscribing to our mailing list.
  • From time to time, as part of our contractual relationships with our clients, we may process personal details of third parties for the purposes of providing our services, such as rights clearances.

We use standard WordPress statistics which record visitor numbers and their country of origin.

Our legal process for processing personal data 

Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal basis we use for processing data are:

  • Legitimate interests for the purposes of fulfilling our consultancy activities and the provision of our services.
  • Contractual basis for the purposes of fulfilling our obligations to Naomi Korn Associates employees, our Consultants and clients.
  • Legal obligations for purposes of fulfilling our statutory obligations, including our pension provisions to our employees.
  • On the basis of consent when people opt into our mailing list.

How long do we keep data?

We store and retain personal data for various periods of time in line our legal obligations, financial regulations and internal requirements. Typically, we will delete personal data collected during project work such as rights clearance after 6 months.

How we keep data secure

Access

We have robust processes, procedures, contracts and agreements in place to ensure secure collection, storage and processing of personal data. Only authorised employees, Consultants and third party data processors (e.g. those who process data on our behalf) have access to personal data we hold.

Security

Personal data is stored securely on our network, on encrypted devices (iPads, laptops, smart phones etc) and within third party systems (e.g. bulk email distribution platform) whose tools we use to process data.

International transfer of data

Prior to engaging or using third party systems to process data, we ensure that sufficient safeguards, contracts/agreements are in place to protect personal data and that all parties comply with the requirements of the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. For example, where data may be transferred outside of the European Economic Area (EEA) to the United States (e.g. if a third party uses multiple servers to back up data), we will ensure that the third party is registered under the EU-US Privacy Shield, such as DropBox which ensures adequate protection of data.

Who we share data with:

In line with our legal obligations we share personal data about employees with HMRC, pensions providers and payroll services. We will also share data with appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.

We do not sell or share data with any other third parties other than those listed above and where we use a third party to securely process our data on our behalf.

Your rights:

Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the following rights:

  • The right to request access to the data we hold about you. This is known as a Subject Access Request
  • The right to have incorrect data rectified or incomplete data completed
  • The right to have data erased (also known as the right to be forgotten)

You can make a request at any point by email info@naomikorn.com. We will respond to a request within one month of receipt. However, where a request is received to erase data, we may not be able to delete all data (for example where data is linked to financial transactions that must be kept for a set period of time under financial regulations).

Complaints:

If you would like to find out more about how we process data, or if you would like to make a complaint, please contact us at info@naomikorn.com

You also have the right to complain to the Information Commissioner’s Office if you feel that your data had been processed in a way that is not compliant with this policy or in line with the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. You can contact the ICO by visiting their website or by calling 0303 123 1113.