1. Introduction

1.1 Embracing Future Potential Ltd takes privacy, and the security of personal data, very seriously, and we are committed to ensuring that we safeguard the privacy and personal data of users of our website and those with whom we communicate through that website (including by email or other messages) at all times and in the best way we can.

1.2 This privacy policy contains important information including:

1.2.1 who we are;

1.2.2 our website;

1.2.3 what personal information we collect about you;

1.2.4 how, when and why we collect, store, use and share your personal data;

1.2.5 how and why we use cookies;

1.2.6 how we keep your personal data secure;

1.2.7 for how long we keep your personal data;

1.2.8 your rights in relation to your personal data;

1.2.9 issues relating to marketing; and

1.2.10 how to contact us or the relevant supervisory authorities if you have a complaint.

1.3 The website to which this policy relates is operated by us, Embracing Future Potential Ltd which trades and operates as Embracing Future Potential Ltd including on our website for which the domain is aspiringtoinclude.com. Our address is The Courtyard Oakwood Park Business Centre, Fountains Road, Harrogate, England, HG3 3BF. We are a private limited company registered in England and Wales, registration number 12406305. We are in the business of providing information services. Our principal contact for data protection purposes is Luke Kitchen, Company Director, who may be contacted by email at info@embracingfuturepotential.com.

1.4 When we collect, use and process personal data we are subject to the provisions of the General Data Protection Regulation (GDPR), which applies across the European Economic Area (EEA) (including in the United Kingdom) and the Data Protection Act 2018, and we are responsible as a ‘controller’ of that personal information for the purposes of those laws. In other words, we are primarily responsible for that data and we (sometimes with others) determine the purposes and means of the processing of personal data.

1.5 If you have any questions about the use to which we put your data, please contact Luke Kitchen whose details are set out in paragraph 1.3 above.

1.6 This policy relates to your use of our website and electronic communications. Please note that our website may link to other third-party websites that may also gather information about you. Third-party websites will operate in accordance with their own separate privacy policies, and we have no control over any personal data that they may acquire, store and use. For privacy information relating to these other third-party websites, you should consult their privacy policies as appropriate.

1.7 We are committed to preserving the privacy of your data so that we can:

1.7.1 offer and deliver services and information to users to maintain and improve the quality of this;

1.7.2 always comply with the law and regulations to which we are subject;

1.7.3 meet the expectations of users, employees and third parties; and

1.7.4 protect our reputation.

1.8 In this policy, please note the use of the following terms:

personal data
has the meaning given to it by the law and means any information relating to an identified or identifiable individual (known as a data subject);

processing
means any operation or actions performed on personal data; for example, collection, recording, organisation, structuring, storing, altering, deleting or otherwise using personal data.

we, us and our
refers to Embracing Future Potential Ltd and its directors;

you and your
refers to the person who is accessing our website and whose data is processed;

2. Your personal data

2.1 Personal data is collected about you whenever you access our website, register with us, contact us, send or receive information or services, post material to our website, complete forms on our website, take part in customer surveys, participate in competitions or the like through our website submit reviews to or through our website, create a profile on our website, list a job on our website and/or in interact in any other way with our website.

2.2 Personal data is collected either directly (for example when you register with us, contact us, obtain information or services from us, complete forms or submit reviews on or via our website) or indirectly (for example where you are browsing our website through the use of ‘cookies’).

2.3 Personal data is also collected about you from other websites operated by us, third party sites and other intermediaries.

2.4 The personal data we receive and process is dependent upon how you access our website, what you do whilst you are accessing it, and what you perceive the end result of accessing our website will be.

2.5 In general, the sorts of data that we can acquire, depending upon the circumstances, include:

2.5.1 your name, address, email, telephone number and other contact details;

2.5.2 your date of birth;

2.5.3 your bank account or other financial details;

2.5.4 details of any feedback you give us, and this may be by phone, email, post or through social media;

2.5.5 information about the services we provide to you;

2.5.6 your account details, such as username, login details;

2.5.7 your IP address, the browser you use, your operating system;

2.5.8 the pages of our website, or other resources on that website, that you have accessed and when you accessed them;

2.5.9 details of any documents or other resources that you have downloaded from our website;

2.5.10 other information which you knowingly provide to us for the purpose of our providing services through the website; and

2.5.11 your qualifications and experience and training.

2.6 In general terms, we may use this personal data to:

2.6.1 create and manage your account with us;

2.6.2 verify your identity;

2.6.3 provide services and information to you;

2.6.4 customise our website and its content to your particular preferences;

2.6.5 notify you of any changes to our website or to our services that may affect you;

2.6.6 improve our services;

2.6.7 receive your reviews and respond to them.

2.7 Please note that it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal details change during your relationship with us.

2.8 Our website is not intended for use by children, and we do not knowingly collect or use personal information relating to children.

3. The Purposes for Which Your Information is Used

3.1 Data protection law requires that we only use your personal data for the purposes for which it was acquired, or where we have a proper reason for using it. Those may include the following:

3.1.1 Where you have given consent to the use of your personal data for one or more specific purposes.

3.1.2 Where the use is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.

3.1.3 Where the use is necessary for compliance with a legal obligation that we are subject to.

3.1.4 Where the use is necessary in order to protect your vital interests or those of another person.

3.1.5 Where the use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us.

3.1.6 Where the use is necessary for the purposes of our legitimate interests or those of a third party, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you or the relevant person is a child.

3.2 The reasons set out above represent the general position as to the purposes for which data may be used. The specific position in relation to your personal data, however, is that we may use it for the following purposes:

3.2.1 In order to supply services and information to you through or by our website. This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data to assist us to provide information and services which are suitable for you.

3.2.2 To prevent or detect fraud, either against you or against any other person involved in any matter in which you are involved. This will help to prevent any damage either to you, a third party, or to us. This processing relies upon factors related to our legitimate interests in processing the data.

3.2.3 To preserve the confidentiality of commercially-sensitive information, and for our legitimate interests or those of a third party in relation to the protection of our, or another’s, intellectual property and other commercially-valuable information. This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data (in that we are seeking to monitor and improve our website and/or the services and information which we provide).

3.2.4 In connection with credit control and credit reference checks in relation to the services we perform or the products we supply. This processing relies upon your consent where this has been given, upon factors related to our legitimate interests in processing the data (in that we are seeking to provide services and information as part of our business, or the performance of a contract or similar arrangement between us, and the steps needed to deliver those services and information.

3.2.5 To analyse the use made of our website. Here we may make use of your IP address, where you are based, the type and version of the browser you use, details of your operating system, how you came to our website (for example whether you were referred from another website or from a search engine), how long you remained on our site, the number of pages on our site that you viewed, how you moved around our site, the links that you followed, and whether any of those links were used to leave our site. This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data (in that we are seeking to monitor and improve our website and/or the services and information and products we provide).

3.2.6 To improve the operation of our website and provide those services and that information which you have requested us to provide. This may include taking such security measures as are appropriate, backing up the data we hold, and contacting you. This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data (in that we are seeking to provide services as part of our business, or the performance of a contract or similar agreement between us, and the steps needed to deliver those services or that information.

3.2.7 In relation to information which you wish to include in, or post on, our website (for example by submitting a review of our services/information or products, asking a question, or supplying a blog post or the publishing of other information). This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data (in that we are seeking to provide services as part of our business, or the performance of a contract between us, and the steps needed to deliver those contractual services).

3.2.8 For dealing with an enquiry submitted by you to us in connection with our services or information, or in relation to the supply of newsletters, email notifications, product data or general updates. This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data (in that we are seeking to provide services as part of our business, or the performance of a contract between us, and the steps needed to deliver services).

3.2.9 Where it is necessary for us to do so in order to establish, exercise or defend a legal claim, whether in court proceedings or in an administrative or out-of-court procedure. This processing relies upon factors related to our legitimate interests in processing the data.

3.2.10 In connection with the compliance by us with a legal obligation that we are subject to, or in order to protect your, or our, vital interests, or the vital interests of another natural person.

3.3 The purposes set out above will not apply to what is termed ‘special category personal information’. This includes personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership, genetic and biometric data, and data concerning health, sex life or sexual orientation. We will only ever process information of that nature with your explicit consent.

4. Contacting You

4.1 In addition to the general matters dealt with in paragraph 3.2 above, we may also need to send you updates concerning our services and information, and about relevant developments or other related matters which might concern you, or be of interest to you. This may be by post, telephone, email or text, and may include information about the products and services we offer and information relating to changes in the

4.2 We regard ourselves as having a legitimate interest in processing your personal data for these purposes, and we take the view that we do not require your consent in order to do so. From time to time we undertake what are known as ‘legitimate interest assessments’ in order to balance our interests in contacting you with your interests in relation to your data. Where we believe that consent is required, we will contact you specifically for this, and will do so in a clear and transparent manner.

4.3 Where you have agreed to us doing so, we may also send you information about third party products and services in which you have expressed an interest, or which are relevant to what we supply.

4.4 We treat your personal data with the utmost respect and will never share it with others for marketing or promotional purposes. You have, at all times, the right to request that we do not contact you for any purpose other than supplying our services. We may ask that you confirm your marketing preferences from time to time so that we can be sure that your views remain the same, especially in relation to issues such as legal and regulatory updates.

Sharing your data with others

5.1 Notwithstanding the fact that we will not share your personal data for marketing purposes, it may be necessary for us to share your personal data with others in order to perform our services for you, to comply with our obligations to you, or to comply with any contractual, legal or regulatory obligations that apply.

5.2 When sharing your personal data, we will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. In doing so we impose contractual obligations on all providers of services to ensure that your personal data is kept secure. We will only ever allow others to handle your personal data if we are satisfied that the measures which they take to protect that personal data are satisfactory.

5.3 We may be required to disclose your personal data to, and exchange information about you or relating to you with, government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.

5.4 We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

5.5 From time to time it may be necessary for us to share data for statistical purposes. We will always take steps to try to ensure that information shared is anonymised but, where this is not possible, we will require that the recipient of the information keeps it confidential at all times.

5.6 otherwise, we shall not share your personal data with any other third party.

6. How Your Personal Data is Kept

6.1 Your personal data will be kept secure at all times.

6.2 Some of your data may be held on secure cloud-based servers either directly controlled by us or a third party on our behalf. Where this takes place outside the EEA then the provisions set out in Paragraph 7 below will apply.

6.3 We operate various security measures in order to prevent loss of, or unauthorised access to, your personal data. In order to ensure this, we restrict access to your personal data to those with a genuine business need to access it, and we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

6.4 We will delete and/or anonymise any personal data which it is no longer necessary for us to retain.

6.5 Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing.

6.6 Where your personal data is retained after we have finished providing services to you, this will generally be for one of the following reasons:

6.6.1 so that we can respond to any questions, complaints or claims made by you or on your behalf;
6.6.2 so that we are able to demonstrate that your matter was dealt with adequately and that you were treated fairly; or
6.6.3 in order to comply with legal and regulatory requirements.

6.7 In general, we will retain your data for only so long as is necessary for the various objectives and purposes contained in this policy. Please note, however, that different periods for keeping your personal data will apply depending upon the type of data being retained and the purpose of its retention.

6.8 We will also retain your personal data as follows:

6.8.3 So that we can inform you of updates concerning our services, and about relevant developments in relation to you, our services or other related matters which might concern you, or be of interest to you,

6.8.4 for such time as is necessary for compliance with a legal obligation that we are subject to, or in order to protect your vital interests or the vital interests of another natural person.

7. Transferring Your Data Outside The EEA

7.1 From time to time, it may be necessary for us to transfer your personal data outside the EEA where, for example, those with whom we need to make contact on your behalf have offices outside the EEA or where electronic services and resources are based outside the EEA. Where this is the case, special rules apply to the protection of your data.

7.2 It may be necessary during the course of your transaction for us to transfer personal data relating to you to another country which has been assessed by the European Commission as providing an adequate level of protection for personal data.

7.3 We may also need to transfer your personal data to non-EEA countries that have not been assessed by the European Commission as providing adequate protection. In such cases we will always take steps to ensure that, wherever possible, the transfer complies with data protection law, and that your personal data will be secure. We use standard data protection contract clauses which have been approved by the European Commission.

7.4 For further information please contact us.

8. Your Rights in Relation to Your Data

8.1 Data protection legislation gives you, the data subject, various rights in relation to your personal data that we hold and process. These rights are exercisable without charge, and we are subject to specific time limits in terms of how quickly we must respond to you. Those rights are, in the main, set out in Articles 12–23 of the GDPR. They are as follows:

8.1.1 Right of access—the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and various other information, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights (see below).

8.1.2 Right to rectification—the right to obtain from us, without undue delay, the putting right of inaccurate personal data concerning you.

8.1.3 Right to erasure—sometimes referred to as the ‘right to be forgotten’, this is the right for you to request that, in certain circumstances, we delete data relating to you.

8.1.4 Right to restrict processing—the right to request that, in certain circumstances, we restrict the processing of your data.

8.1.5 Right to data portability—the right, in certain circumstances, to receive that personal data which you have provided to us in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted to another controller.

8.1.6 Right to object—the right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing supported by the argument of legitimate interest.

8.1.7 Right not to be subject to automated decision making—the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

8.2 Full details of these rights can be found in the GDPR or by reference to guidance produced by the Information Commissioner’s Office.

8.3 In the event that you wish to exercise any of these rights you may do so by:

8.3.1 contacting us using any medium you wish, including in writing, by telephone, by text, electronically, or using such social media as we employ for communication purposes;

8.3.2 by completing a form which we can supply to you for this purpose; or

8.3.3 through a third-party whom you have authorised for this purpose.

9. About Cookies

9.1 We use cookies in connection with the operation of our website. A cookie is a small file that is sent by a web server (where we host our website) to a web browser (from where you view our website) and which is then stored by the browser. The cookie contains an identifier which is stored in your browser and then sent back to our server each time your browser accesses our website. These cookies may either be ‘persistent cookies’ (in which case they will continue to be held by your browser until they are deleted, or until a specified event/date) or they will be ‘session cookies’ which expire when you close your browser.

9.2 Usually, cookies do not hold any data by which you can be identified, although if we do hold personal data about you (for example, because you have subscribed to a service that we offer) the cookie may be linked to that data.

9.3 You should be aware that if you block or delete cookies this may be to the detriment of your ability to access our website and the services that we provide. It may mean that not all of the facilities on our website will be accessible by you, or it may mean that you are unable to access any member services which we provide.

9.4 In addition to cookies used by us, our service providers may also use cookies, and those cookies may also be stored in your browser when you visit our website.

9.5 We use Google Analytics. This uses cookies to gather data about how users use our website. This data is used to create reports about that use. Further information about Google’s use of data may be obtained from Google’s website.

9.6 If you wish to do so then, usually, you can prevent cookies from being downloaded to your browser and can delete those that have already been downloaded. How this may be achieved varies between different browsers. We suggest that you consult the website of your browser provider for more details.

9.7 For further information about the cookies we use please email info@embracingfuturepotential.com.

10. Keeping Your Data Secure

10.1 In order to ensure that your personal data is kept secure, and to prevent there being any breach of confidentiality, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used, or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and we take regard of the need for confidentiality when that personal data is processed.

10.2 In the event that there is a suspected data security breach you will be notified. Where relevant we will also inform the appropriate regulator (including the Information Commissioner’s Office) of a suspected data security breach where we are legally required to do so.

11. Making a Complaint

11.1 If you have any queries as to the acquisition, use, storage or disposal of any personal data relating to you please contact Luke Kitchen, Company Director, at info@embracingfuturepotential.com.

11.2 Notwithstanding our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office, who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510; or online at www.ico.org.uk. Our ICO registration number is ZA779075.

12. This Policy

12.1 This privacy policy was published on 11th August 2020 and last updated on 11th August 2020.

12.2 The terms and provisions of this privacy policy may be changed, updated and amended from time to time. If we do so during the time when we are providing you with services, we will inform you of those changes.