Privacy policy

 

INTRODUCTION

The present privacy policy relates to the website www.bolasco-consulting.com and explains how we process personal data collected and/or used through our Website.

If you are our client, we have a business relationship with you, or we hold your personal data other than through our Website, please refer to the relevant privacy notice we will have provided to you for that purpose. 

Our Website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

 

‌KEY DEFINITIONS

Data protection legislation: the Data Protection Act 2018 and any other laws and regulations applying to the processing of personal data

Data subject: any identified or identifiable living individual to whom personal data relates

Personal data: any information relating to an identified or identifiable living individual

Special category personal data: special categories of personal data such as ethnic origin, political views, religious beliefs, genetic data, data about health and similar.

Criminal offence data: any information about criminal allegations, proceedings and convictions relating to the data subject

Processing: any operation by which personal data are collected, recorded, altered, stored, retrieved, combined, disclosed, restricted, removed or destroyed.

Cookie: a small file placed on your computer or device by our Website when you visit certain pages and/or when you use certain features of Website;

Data controller: any natural or legal person which processes personal data and decides the purpose and the means of processing those data

Data processor: any natural or legal person (not an employee) who processes data on behalf of the controller

Data breach: a breach of security leading to accidental or unlawful loss, destruction, alteration, unauthorised disclosure of, or access to, personal data

We, Us, Our: means Bolasco Consulting

​

ABOUT US

Bolasco Consulting is owned and run by Alessandro Bolasco. It is a limited liability company registered in England and Wales under the number 11352906 with registered office in 86-90 Paul Street, London, EC2A 4NE.

ICO registration number: ZA528953

Data protection manager: Alessandro Bolasco

 

PROCESSING OF PERSONAL DATA

 

What personal data we process

Depending upon your use of our website, we may collect and hold different data.

We place paramount importance on your personal data and we strive to process it as and only to the extent allowed by the data protection legislation ensuring we always have a valid lawful basis and meet any prescribed conditions for doing so.

Our website makes use of Google Analytics, which processes basic information about our website visitors relating to geolocation details such as country and town of your server / proxy, operating system and browser.

We do not carry out profiling of users’ data.

We make use of cookies. Cookies are small pieces of data stored on a site visitor's browser, usually used to keep track of their movements and actions on a website and may be permanent, temporary or have a certain life span. Please refer to our cookie policy to learn more.

The personal data we may obtain as provided by you through our contact forms are as follows:

• name and surname

• email address

• any additional information as provided by you

If you apply for a position at our company, the personal data collected will be those provided by you in your email and/or your CV or any other documents which you may provide to us.

Depending on whether or not we also do work for you, we will also process information as provided by yourself to provide our services and/or to comply with any specific legal or statutory requirements.

 

How and where we process your personal data

The processing of personal data is carried out electronically.

Data that you provide through our contact forms are sent to our general email address through the Wix platform and checked by us.

We process any messages and emails as and only to the extent provided by law and, if necessary, will save data that have been provided by you on our computers and our cloud servers.

We use the email service provided by Outlook 365 but for communications involving personal data and documents we use appropriately secured platforms.

 

Purposes and legal bases for processing your personal data

We must have a legal basis to process personal data.

For all those data provided by you, the applicable legal basis is that of performing a contract or pre-contract duty. If, for example, you contact us to request technical information or advice we will need to process your personal data in order to comply with your request.

Any processing of personal data through the wix platform is carried out with the only legitimate purpose of ensuring the correct functioning of our website.

The data collected by Google Analytics are processed for a legitimate interest which is that of collection of statistical records.

Should we process data for any marketing or promotional purposes, we shall first obtain your consent.

Before contacting us, you are requested to read our privacy and cookie notices. For additional guidance in this respect, please refer to the section concerning your rights.

 

Data retention

We shall not retain any personal data for any longer than is necessary in light of the purposes for which that data is collected, held, and processed.

Different types of personal data, used for different purposes, are necessarily retained for different periods (and its retention periodically reviewed).

When establishing and/or reviewing retention periods, the following are taken into account:

1. Our objectives and requirements;

2. The type of personal data in question;

3. The purposes for which the data in question is collected, held, and processed;

4. The legal basis for collecting, holding, and processing that data;

5. The category or categories of data subject to whom the data relates;

If a precise retention period cannot be fixed for a particular type of data, criteria shall be established by which the retention of the data will be determined, thereby ensuring that the data in question, and the retention of that data, can be regularly reviewed against those criteria.

Certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period (whether in response to a request by a data subject or otherwise).

Should you want us to delete your personal data, we will be willing to delete all those which we are not required to keep for a statutory or a contractual obligation.

 

Who we share your personal information with

We do not share personal data with marketing or advertising companies or third parties.

The personal data obtained through our website are only processed by us and, only to the extent illustrated in this notice, by Google Analytics and Wix.

 

Technical measures to protect your data

We aim at maintaining and improving all those technical and organisational measures necessary to ensure the ‘confidentiality, integrity and availability’ of our systems and services, still having regard of the effective risk involved in our processing.

In accordance with the data protection legislation, we provide the present privacy notice for our website users so that they are aware of us as data controllers, how we process their data, what type of cookies we use, and all other information as per the law.

Our computers and servers are duly protected with relevant anti-virus and firewall applications against unauthorised access and/or processing, loss and/or corruption.

Our website is run on the wix.com platform. 

Wix uses servers based all over the world, including Europe and the US, and has also back-up servers.

Wix uses cryptography hash functions to protect your information and all pages of our websites are encrypted with the https protocol. 

Our email accounts are run with web-based services one.com and google mail, which are protected with appropriately enhanced credentials and we also use Outlook 365 which uses TSL encryption technology for all outbound messages.

As a further measure, any documents containing confidential or important personal information shall be shared with you only through appropriately protected platforms or, alternatively, shall be emailed in non-editable format, such as PDF, and protected with a password to be provided to you via a different communication channel.

​

How we use your information to make automated decisions

We do not make automated decisions about your personal data.

 

YOUR RIGHTS

As provided by the data protection legislation, you have the following rights in relation to the personal data we hold about you:

1. The right to be informed: we are required to provide you with information on how we collect and use your personal data, for how long we are going to keep them, and the recipients or category of recipients with whom we share them. All said information is included in the present privacy notice;

2. The right of access: you have the right to make a so-called “subject access request” or SAR whereby you can request copy of the personal information we hold about you.  We will not charge a fee for providing such information but if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature, we can refuse to provide it or we can charge a fee. Should you make a SAR to us, we will respond within one month as provided by law.

3. The right to rectification: you have the right to have inaccurate / incomplete information about you rectified / completed and we have one month to respond.

4. The right to erasure (also known as the ‘right to be forgotten’): you have the right to request for your personal data to be erased although it is not an absolute right and only applies in certain circumstances. We have one month to respond to such request. The right to erasure is applicable if the personal data we hold are no longer necessary, the data was obtained under your consent and you have withdrawn it, you object to our processing and we are using those data for direct marketing purposes, among other circumstances. However, the right of erasure cannot be applied, among other circumstances, if we are complying with a legal obligation (such as Money Laundering Regulations) or for the establishment, exercise or defence of legal claims.

5. The right to restrict processing: you have the right to request that your personal data are restricted from use while for example we are in the process of rectifying them and again we have one month to respond. During such period we can keep the data but we cannot use them.

6. The right to data portability, which allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.

7. The right to object; by which you have the right to object to the processing of your personal data in certain circumstances. We have one month to respond and this right is absolute in respect of data processed for marketing purposes.

8. Rights with respect to automated decision-making and profiling. We must identify whether any of our processing falls under this category and, if so, make sure that we inform you, introduce simple ways for you to request human intervention or challenge a decision, and carry out regular checks to make sure that our systems are working as intended.

Please note, however, that as a general rule we are exempt from applying the above rights if it is necessary for the prevention or detection of crime, the compliance with any relevant money laundering regulations, the apprehension or prosecution of offenders or for the assessment or collection of tax or duties to the extension that it would be likely to prejudice those matters.

To exercise any of your rights above mentioned please contact us.

If you do not provide your personal information or you want us to delete your personal data

In the event you do not wish to give us certain personal information or you want us to delete the personal data we hold about you, please note this may affect the way our services are provided or it may make it impossible for us to perform our services altogether.

Should you want us to delete your personal data, we will be willing to delete all those data which we are not required to keep for a statutory or legal obligation as stated above.

 

CONTACT INFORMATION AND ADDITIONAL GUIDANCE

 

Changes to our privacy policy

We keep this privacy notice under regular review. This privacy statement was last updated on 30/12/2020.

 

Contact information and further advice

For any additional information or any query feel free to contact us on any of the following:

Info@bolasco-consulting.com

+44 20 3824 1836

 

Complaints

We seek to resolve directly all complaints about how we handle personal information, but you have the right to lodge a complaint with the Information Commissioner's Office, whose contact details are as follows:

​

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF