Evolve North Privacy Notice

Who we are

Evolve North is a specialist IT Security and Information Governance consultancy, working in both public and private sectors across the UK and overseas.

Evolve North are registered in England and Wales under registration number 5040178 and our registered office is at 1 The Orchard, Old Cassop, Durham, DH6 4RS.  We are registered as a data controller with the UK Information Commissioner’s Office and our data protection registration number is Z8721590.

Evolve North’s Data Protection Lead details are included in the “Contact Us” section below.

Scope of this Privacy Notice

Evolve North are committed to safeguarding the privacy of our clients, website visitors and staff.  This privacy notice sets out the way in which the personal data you provide to us (and the data collected by us) is handled, stored and processed.

A separate privacy notice exists for staff employed by Evolve North and is made available separately to all staff members.

How we obtain your information

Your information may come to us from a number of different sources.  You may provide it directly to us when using our services, it may be generated in the course of using those services or it may be publicly available information.

Information may be provided directly by you in some of the following circumstances:

  • You complete a form on our website
  • You contact us and provide information over the telephone
  • You send us information as part of ongoing service delivery

Other examples of where Evolve North obtain your personal data from include:

  • Collecting information via cookies on our website
  • Accessing your publicly available contact details online e.g. to contact you about a service of interest

Where personal data is provided to us by a third party, we will make sure that these third parties have provided you with appropriate privacy information on the sharing of this data with Evolve North and have a clear lawful reason for sharing this data.  Where this is found not to be the case, we will make every effort to make sure you are aware that we are processing this information within a month.  Where contacting you directly in relation to this is difficult to achieve, then we will ensure that our privacy notices clearly detail where this is happening.

Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this notice.

More information on our current uses of data from different sources are detailed below.

How we use your information

This section describes how we use your information.  Each purpose is described below with detail relating to:

  • Why we collect this information [Purpose]
  • What we collect – what personal and potentially more sensitive data we collect for this purpose [Information]
  • The source of this data – was this provided by you or obtained from another source [Source]
  • Our legal justification for using this data – what lawful basis Evolve North has under the UK General Data Protection Regulation and Data Protection Act 2018 for using your data in this way [Legal Basis]

Using our Support Services

Purpose
To allow organisations and individuals to contact and communicate with Evolve North in relation to the provision of ongoing Information Governance and IT Security Services and for Evolve North to effectively deliver these services (see also Cyber Toolkit Service below).
Information
Name, email address, job title, organisational address, telephone number of key contacts and also of specific staff members for delivering certain services e.g. phishing simulations
Source
Provided by individual or their employer when procuring services from Evolve North
Legal Basis
For the performance of a contract or to take steps to enter into a contract with you

Using our Cyber Toolkit Service

Purpose
To allow organisations and individuals to purchase Cyber Essentials support and certification packages online via the Evolve North www.cybertoolkit.co.uk website and using Stripe for payments
Information
Name, email address, billing address, overview of your organisation’s IT Security, password (for members area) and Stripe payment authorisation token [see also Cookies and our Websites section below]
Source
Provided by individual when procuring Cyber Essentials support and certification services from Evolve North via email or the cybertoolkit.co.uk website
Legal Basis
For the performance of a contract or to take steps to enter into a contract with you

Communications and providing information on the work of Evolve North

Purpose
To send you email notifications you have specifically requested in relation to Evolve North’s services and communications such as newsletters and bulletins. To send you marketing communications relating to our business which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications)
Information
Email address, job title, organisation name, consent status for receiving marketing materials
Source
Provided by you as part of accessing Evolve North services or attending Evolve North events
Legal Basis
As part of the legitimate interests of Evolve North to market our business to you, in line with current privacy law and balanced against your rights and interests. Where this marketing relates to individuals, sole traders, or partnerships this will be based on explicit consent except where information is being provided on similar services to a previous customer.

Dealing with your enquiry or a complaint

Purpose
To allow Evolve North to effectively deal with any enquiry or complaint you or others may have
Information
Name, contact email and telephone number and nature of the enquiry or complaint. Personal data of complainants and respondents
Source
Provided by you and others via our website, social media channels, telephone or in writing. Potentially provided by another organisation that we have contacted about a complaint you have made and who gives us your personal information in its response or a complainant may refer to you in their complaint correspondence
Legal Basis
As part of the legitimate interests of Evolve North. This will only be carried out in a way that balances the rights and interests of individuals against the legitimate interests of Evolve North

Managing Events and Training

Purpose
To allow Evolve North to effectively run events and manage training. To communicate with event and training attendees and with business contacts who have asked to be kept in touch with, for events and training
Information
Name, job title, contact email and telephone number, postcode and nature of the event you are attending. Potentially some more sensitive information on health requirements should they be required e.g. for ensuring appropriate accessibility to events and dealing with dietary requirements. Photographic images taken at event.
Source
Provided by you via our website, via an event booking site, telephone or in writing
Legal Basis
As part of the legitimate interests of Evolve North in running events that may be of interest to you, with your explicit consent where any more sensitive special categories data may need to be collected or for use of photographs including your image

Dealing with rights of data subject requests

Purpose
To allow Evolve North to respond to requests under the Data Protection Act for individuals to exercise their rights e.g. to access their own data, request erasure of data, object to processing etc.
Information
Name, contact email and telephone number, nature of data subject request and proof of ID where required to verify your identity
Source
Provided by you via our website, social media channels, via email, telephone or in writing
Legal Basis
Evolve North are legally obliged under the Data Protection Act to respond to data subject requests

Managing data breaches

Purpose
To be able to assess any impact on individuals of a data breach involving personal data held on Evolve North systems or on third party systems
Information
Any information relating to an individual that may have been breached
Source
From any organisation or individual that may have reported this data breach to Evolve North
Legal Basis
Evolve North are legally required under the Data Protection Act to respond to data breaches appropriately

Supplier Management

Purpose
To ensure appropriate financial management of ongoing contracts with Evolve North suppliers including sending statements, invoices and payment reminders to you, and collecting payments from you
Information
Suppliers name, email, contact numbers and financial documentation such as purchase order, invoices etc.
Source
Provided by the supplier organisation or generated by Evolve North
Legal Basis
In order to manage the ongoing contract with that supplier

Improving the use of our website and IT systems

Purpose
To ensure appropriate system administration and troubleshooting of website issues, to track the pages you have visited in order to improve the quality of the site and to personalise the website experience. To keep track of and solve issues users are experiencing with our technology systems, personalising our website for you, enabling your use of the services available on our website, keeping our website secure and preventing fraud
Information
User’s IP Address or the location of your computer or network on the Internet and any individual’s data needed to deal with an internal system issue (where the issue is linked to that individual’s data)
Source
Automatically collected as part of using our website and via cookies on the website [See Cookies and our Website section below] and identified by Evolve North in managing specific IT issues
Legal Basis
Explicit consent is sought for use of cookies when you access our website. Methods of turning off cookies can be found in our Cookies Policy section below. Ensuring our systems are working effectively and user issues can be resolved is part of our legitimate interests in running the organisation effectively

Sensitive Data

The only sensitive special categories data that Evolve North need to process would be information provided by you with explicit consent on dietary or accessibility requirements for hosted events. There is currently no other reason for Evolve North to process sensitive information (special categories or criminal convictions data) about you. Should this change, then this privacy notice will be updated to reflect this.

Does Evolve North have to use my personal data?

Evolve North are committed to only collecting the minimum personal data required in order to achieve the purposes highlighted above.  It will continually review its data collection practices to ensure this continues to be the case and to ensure that data is deleted when no longer required for the specified purposes.

Profiling

The UK General Data Protection Regulation includes certain provisions around how personal data can be used for:

  • Profiling – where personal data is processed to evaluate certain things about an individual
  • Automated individual decision making – where a decision is made based on your personal data solely by automated means

This include ensuring that individuals are made aware of this profiling, how decisions are made based on this and the consequences of these decisions.

Evolve North do not carry out any automated individual decision making or profiling about individuals.

When we might disclose your data

We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as is reasonably necessary for the purposes set out in this notice.

We may share your data with third parties to perform services on your behalf.  Types of third parties who may have access to your personal data include:

  • Third Party IT System Suppliers who may host your data on their systems and may need some level of access to resolve technical concerns
  • Printers and digital advertising suppliers to print off and send out marketing materials
  • Solicitors, counsel and claimants in relation to legal matters
  • Accountants in relation to finance matters

We may disclose your personal information:

  • to the extent that we are required to do by law
  • in connection with any ongoing or prospective legal proceedings
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purpose of fraud prevention and reducing credit risk)
  • to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such or authority would be reasonably likely to order disclosure of that personal information

We will never sell or share your personal information with other organisations for their direct marketing purposes without your explicit consent. Except as provided in this policy, we will not provide your personal information to other third parties.

Transferring data outside the UK

Occasionally, in order to meet the purposes defined in this notice, we may need to transfer personal information you submit to us to countries or jurisdictions outside the UK.

In each case, we ensure that our suppliers provide adequate protection for the confidentiality and security of this information and the rights of data individuals in connection to the transfer of their personal data.

Specific safeguards exist to govern this sharing, including ensuring that these countries have adequate data protection provisions in place as agreed by the Information Commissioner’s Office or other additional safeguards are in place, most commonly implementing standard contractual clauses agreed by the European Data Protection Board and the ICO for international transfers within their contracts.

Security of your Data

Evolve North are committed to processing and retaining data within established technological and physical controls in a transparent manner, as well as promoting and safeguarding the information rights of data subjects.

Evolve North has established procedures to ensure that technological and physical controls are in place that guarantee the privacy of data subjects, the security of data held on technological systems and that all data held by Evolve North is processed according to an established lawful processing condition.  Any such procedures will be reviewed as necessary and updated to ensure their effectiveness in line with advances in technology.  We will store all the personal information you provide on our secure servers.

Our website has security measures in place to protect against the loss, misuse or alteration of the information under our control.  Whilst we have done everything we can to ensure security of data sent using our systems, any transmission of data is done so at your risk.

Cookies and our websites

Our websites (www.evolvenorth.com and www.cybertoolkit.co.uk) are owned and operated by Evolve North Ltd.  They include hyperlinks to, and details of, third party websites over which we have no control.  We are not responsible for, the privacy policies and practices of these third parties.

Our websites use cookies.  A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. You can click here to manage your Cookie Settings.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use first party, session and persistent cookies on our websites. First party cookies are set by the website you are visiting, and they can only be read by that site. Session cookies are stored only temporarily during a browsing session and are deleted from the user’s device when the browser is closed. Persistent cookies are a type of cookie that is saved on your computer for a fixed period (usually a year or longer) and is not deleted when the browser is closed. Persistent cookies are used where we need to know who you are for more than one browsing session. For example, we use this type of cookie to store your preferences, so that they are remembered for the next visit.

Most browsers allow you to refuse to accept cookies and to delete existing cookies already stored on your computer.  More information on how to do this for different browsers can be found from the link below:

Managing Cookies, How to enable & disable a Cookie – All about Cookies

Blocking all cookies and deleting cookies will have a negative impact upon the usability of many websites.  If you block cookies, you will not be able to use all the features on our website.

A list of cookies in use on this website can be found below.

How long we keep your data for

This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.

Personal data that we process for any purpose will not be kept for longer than is necessary for that purpose.   Different purposes will have different retention periods, and we will (for example) retain data about financial records longer than we would retain information for general enquiries.

Notwithstanding the other provisions of this section, we will retain your personal data:

  • To the extent that we are required to do so by law
  • If we believe that the information may be relevant to any ongoing or prospective legal proceedings
  • In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
  • To support the ongoing business purposes of Evolve North as specified above (with due consideration for the rights and freedoms of individuals privacy)

If you would like further details of how your personal data is retained by Evolve North, please contact us directly.

Your rights

You have a number of rights under Data Protection law including:

  • The right to be informed about the collection and use of your personal data e.g. via this privacy notice
  • The right to access your personal data
  • The right to have any inaccurate personal data rectified, or completed if it is incomplete
  • The right to have your personal data erased in certain circumstances
  • The right to request the restriction or suppression of their personal data in certain circumstances
  • The right to data portability – to obtain and reuse your personal data for your own purposes across different services
  • The right to object to our use of your information in certain circumstances e.g. for marketing or profiling purposes

If you would like to access your own personal information or exercise any of the rights detailed above, please contact us by emailing [email protected] or by telephone on 01748 905 002.

In the majority of cases, we will respond to your request within one month of receiving the necessary information required to deal with your request.  We may ask you to supply appropriate evidence of your identity and any additional information to help us to deal with your request effectively.

There may be some exemptions to dealing with your rights as specified in Data Protection law, but we will ensure you are fully informed of this within a month of receiving your request.

Full information on your rights under the Data Protection Act can be found from the following link:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Can I object to your use of my information?

You can object to our use of your information in certain circumstances such as for profiling (not currently carried out by Evolve North) and for marketing purposes.  You can unsubscribe to receiving marketing materials from Evolve North at any time and we will ensure that you are given the opportunity to opt out of receiving this type of information whenever we contact you in this way.

If you would like to object to marketing or any other uses of your data please contact the Data Protection Lead.

How do I raise a concern if my rights are not met?

If you are unhappy about the use of your personal data, then please contact us directly and we will try to resolve your concern.  If you have a concern that cannot be resolved through discussion with us, these can also be raised with the Information Commissioner’s Office.  More information can be found from the following link:

https://ico.org.uk/concerns/

Different versions of this privacy notice

The information provided within this privacy notice can be made available in different formats including in printed form, different languages, child friendly notices and approaches that meets the need of the visually and hearing impaired.

Should you require this information in a different format, please contact the Data Protection Lead.

Changes to our privacy notice

This privacy notice will be reviewed annually or sooner, should any new types of processing be identified or changes to current data protection legislation may mean changes are required.  Any changes we may make to our privacy notice in the future will be posted on this page.

Contact Us

If you have any questions about our privacy notice, our use of personal data or if you wish to exercise your rights in respect of your personal information, please contact us by using our website contact form, by email to [email protected] or by telephone on 01748 905 002.

Evolve North’s Data Protection Lead can be contacted using the contact details specified above or by writing to:

Data Protection Lead
Evolve North
Gatherley House
Moulton
Richmond North Yorkshire
DL10 6QH

Last updated: June 14, 2023