Richard Barfield Advisory Services Limited
Privacy Notice

Last updated: 20 October 2022

General

  1. Richard Barfield Advisory Services Limited (“we” or “us”) take the privacy of your information seriously. Our Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of your personal data.
  2. Personal data is information, or a combination of pieces of information, that could reasonably allow you to be identified.
  3. In general, our services relate to the provision of management consultancy services to clients. We collect personal data directly from you in person, via our websites, by online form, by email or by telephone, and from third parties, including our clients and suppliers who you are employed by or affiliated with and introducers.
  4. We may automatically collect personal data when you use our website using cookies, pixel tags, or similar technologies. For information in relation to our use of cookies, please refer to our Cookie Policy which is available on our website.

Personal data we collect

  1. We may collect and process the following personal data about you:
    • for individuals associated with our clients we may hold contact information such as names, email addresses, phone numbers, addresses, and job titles and/or specific roles within your organisation (“Client Contact Information”);
    • for individuals associated with our suppliers (including advisors working with us) and other third parties we interact with we may hold contact information such as names, email addresses, phone numbers, addresses, and job titles and/or specific roles within your organisation (“Third Party Contact Information”);
    • a record of any correspondence or communication between you and us (“Communication Information”);
    • marketing information we may hold about you in order to provide information about our services this may include names, email addresses, phone numbers, addresses, and job titles and/or specific roles within your organisation (“Marketing Information”).
  1. You do not have to supply any personal data to us but in practice we may be unable to provide our services to you without personal data (for instance we will need contact information in order to communicate with you).

How we process your personal data

  1. Please see the table below, which sets out the manner in which we will process the different types of personal data we hold and our lawful bases for processing your personal data:

Purpose/activityType of dataLawful basis for processing
iWhen we are setting up a retainer or engagement with a client or potential client with whom you are associated or entering into an agreement to provide services to our client. Client Contact Information
Communication Information
Performance of a contract
iiWhen we communicate with you as an individual affiliated with our client or potential client in order to provide our services to you.Client Contact Information
Communication Information
Performance of a contract
iiiWhen we enter into an agreement with you or an organisation with which you are connected as a supplier.Third Party Contact Information
Communication Information
Performance of a contract with you
Necessary for our legitimate interests (in order to deliver our services)
ivWhen we communicate with you as an individual affiliated with our supplier or another third party we interact with. Third Party Contact Information
Communication Information
Performance of a contract with you
Necessary for our legitimate interests (in order to deliver our services)
vWhen we communicate with you, or you as an individual affiliated with our client, potential client about our services (for instance if you request support or make a complaint).Client Contact Information
Communication Information
Performance of a contract with you
Necessary for our legitimate interests (in order to deliver our services)
viTo manage our relationship with you. Client Contact Information
Communication Information
Necessary for our legitimate interests
viiTo store your contact information for marketing purposes and sending marketing and other promotional communications to you.Client Contact Information
Marketing information
Consent 
viiiTo cooperate with public and government authorities, courts or regulators in accordance with our legal obligationsClient Contact Information
Communication Information
Third Party Contact Information
Marketing Information
Compliance with legal obligations

  1. When we use personal data to meet our legitimate interests, we take steps to ensure that your rights are not infringed.

Data retention

  1. Our current data retention policy is to delete or destroy (to the extent we are able to) the personal data we hold about you in accordance with the following:

Category of personal dataLength of retention
iRecords relevant for tax and customs authorities8 years from the end of the year to which the records relate
iiPersonal data processed in relation to a contract between you and us7 years from either the end of the contract or the date you last used our services, being the length of time following a breach of contract in which you are entitled to make a legal claim
iiiPersonal data held on marketing or business development records3 years from the last date on which you have interacted with us

  1. For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data. The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
  2. We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.
  3. If you wish to request that data we hold about you is amended or deleted, please refer to clauses 17 and 18 below, which explains your privacy rights.

Sharing your information

  1. We do not disclose any personal data you provide to any third parties other than as follows:
    • we will disclose communications with individuals associated with our clients or suppliers to those clients or suppliers;
    • we will disclose your personal data to law enforcement, court, regulator or government authority if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
    • in order to enforce any terms and conditions or agreements for our services that may apply;
    • if we are sub-contracting services to a third party we may provide information to that third party in order to provide the relevant services on our behalf;
    • we may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
    • we may share your personal data with other companies or organisations to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  1. Other than as set out above, we shall not disclose any of your personal data unless you give us permission to do so. If we do supply your personal data to a third party, we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.

Security

  1. We implement physical, technical and organisational measures designed to safeguard personal data. These measures are aimed to protect the personal data against loss, misuse, and unauthorised access, disclosure, alteration and destruction.
  2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk.

Your privacy rights

  1. The General Data Protection Regulation (“GDPR”) gives you the following rights in respect of personal data we hold about you, including rights to:
    • request a copy of your personal data;
    • rectify, correct, or update the data we hold about you;
    • request deletion of your data;
    • restrict or limit our use of your data;
    • object to our use of your data;
    • ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances (referred to as data portability);
    • where you have provided consent, withdraw such consent to our processing of your personal data at any time; and
    • lodge a complaint with your local data protection authority.
  1. All requests in respect of your above rights should be sent to us in writing to the contact details given at the end of this policy.

Transferring your data outside Europe or the UK

  1. As part of the services the data you provide to us may be transferred to, processed and stored at, countries outside of the European Economic Area and the UK (“European Area”).
  2. If we transfer your data outside of the European Economic Area or UK and the third country in question has not been deemed by the EU Commission or UK Government (as applicable) to have adequate data protection laws, we will provide appropriate safeguards (including contractual commitments) to protect your personal data.

Notification of changes to the contents of this notice

  1. This policy is effective as at the date above. We will post details of any changes to our policy on our website, so please be sure to check back periodically. If we make any changes to this policy that materially affect our practices with regard to the data we have previously collected about you, we will endeavour to provide you with notice in advance of such change by highlighting the change on our website or sending you an email.

Contact us

  1. If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal data or how it is handled, you can do so via the following address: Richard Barfield Advisory Services Limited, 206 Upper Richmond Road West, London, England, SW14 8AH or email: info@rbas.co.uk.
  2. If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting https://www.ico.org.uk/ for further assistance.