GDPR COMPLIANT PRIVACY POLICY

The following document explains how Intent Communications Ltd. uses, processes and protects personal data collected via our website. We therefore request you to carefully read the following Privacy Policy as you will be legally bound by its terms whenever you visit our website or when you provide any personal data about yourself.

Background

Intent Communications Ltd. (“Intent Communications”, “The Company”, “we”, “us”) value and respect the privacy of those who visit our website or provide information and personal data to us for the purposes of availing our services and/or for carrying out any other business or dealings with us.

This Privacy Policy (“the Policy”) provides information on how we collect information from our clients and other persons or organisations that visit our website or who we deal with for the purposes of carrying out our business. It should be read in conjunction with the Terms of Business that we may have issued to you, our website and with the information contained in the Register of Fee Payers published electronically by the Office of the Information Commissioner (“ICO”).

​

Who we are

For the purposes of the Data Protection Act 2018 (“the DPA”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”), the data controller in respect of any personal data submitted by you will be Intent Communications Ltd. which is a private limited company incorporated under the laws of England and Wales and registered at the Companies House under number 12411948. Our registered office address is 40 Haig Road West, London, England E13 9LH. ​ ​

Who is the person responsible for the management of your data?

We are registered with the Information Commissioner’s Office (ICO) under reference number ZA795486.

The Person responsible for data protection is Namrata Nadkarni. For any queries relating to the management of your personal data please do not hesitate to send us an email at info@intentcommunications.co.uk. ​ ​

What personal data do we need/receive?

“Personal Data” has been defined under the GDPR as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Any references to “personal data” in this Policy therefore means information about living individuals, which, alone or in conjunction with other information held by us is capable of identifying them. The DPA and the GDPR regulate our use of your personal data.

In order to provide our services or for the purposes of conducting our business we may need the following data from the individuals we are dealing with (We have tried to cover categories of data that we generally require while providing services to our clients or for operating our business. However, this is not an exhaustive list)

• Name(s) of the individual(s)
• Their physical and electronic addresses;
• Their phone number;
• If the client is a company, the company registration number and registered office address;
• For the purposes of making payments or any other transactions bank details;
• For employment purposes National Insurance Number.

​

Sources of personal data

​ We may obtain personal data from you when you contact us or get in touch with us via our website or when you or your organisation correspond with us through any means of communication. This includes personal data you provide to us when you:

• Contact us with a question or query;
• Ask us to provide our services to you;
• Ask us to collaborate with you on any assignment;
• Contact us or authorise anyone to contact us about employment or apprenticeships at Intent Communications;
• Contact us to provide us your services or goods;
• Correspond with us to submit any complaints that you may have;
• Correspond with us to address any complaints we may have raised;
• Register for a seminar, event where information is shared between fellow members;
• Register to receive updates and newsletters;
• Attend events and provide our staff with business cards or contact details;
• Deal with us when we are providing services to our client/customers (which may be you, your organisation or a third party);
• Submit identity documents directly to us or to third party agencies commissioned by us to collect your data for the purposes of carrying out identity checks;
• Connect with us on social media platforms. ​ ​

We may also collect and retain personal data

• Obtained from public sources about you or your organisation, which includes all information available on your website, the Companies House or other online sources accessible through Search Engine Optimisation searches;

• Obtained from third parties, that may include our clients, fellow-professionals and their firms, professional regulators, public bodies, and other entities, including providers of analysis, screening and database services who have a right to disclose this information to us; and

• Relating to whether our contacts read electronic correspondence from us or click on links we send them.

What are the purposes for gathering and processing your personal data?

We may gather and use your personal data for a number of purposes as set out below.

Providing our Services

We will collect and use all relevant information, including your personal data for the purposes of addressing your queries about the services offered by us and for providing our services to you, as requested by you or in accordance with a contract to perform services entered into between you and us. (We will retain your personal data for so long as is necessary for the contract or for us to be able to provide services and then as required for legal and compliance purposes, the period of retention not being less than 5 (five) years from the date on which such data was first gathered).

Contacting our clients or users of our website

If you have opted in to receive our newsletters, offers and updates, we will use relevant personal data to send such communications to you. (We will retain your personal data for these purposes until you opt-out of receiving our newsletters and/or other forms of marketing related communication).

Due Diligence

We may collect your personal data for the purposes of compliance and due diligence such as carrying out ‘Know your Customer’ checks, credit-worthiness checks and/or any other background checks we may be required to undertake by a regulatory body or otherwise for the purposes of our business. We may also gather and use your personal data to fulfil any professional, regulatory or legal obligations we may have towards you, other clients, regulatory authorities or to any other person under statute or otherwise. (We will retain your data for these purposes for so long as is necessary to document our compliance with the law or regulatory requirements (if applicable), the period of retention not being less than 5 (five) years from the date on which such data was first gathered).

Analytics

We use cookies and analytics tools (described in further detail below) to monitor and analyse user website activities, including but not limited to page views, location of access and sources and time spent on the website. This information is depersonalised and is displayed as numbers. This information cannot be traced back to individuals. This therefore ensures your privacy.

Events

We may gather and use your information for the purposes of inviting you to organised events including networking events, seminars and webinars. (We will retain and use this information until such time you expressly opt-out of being contacted for receiving invitations and updates about organised events).

Social Media

​ We may gather certain personal data in relation to you as a result of being connected with you on social media platforms such as LinkedIn, Instagram, Facebook, Twitter and other similar platforms. You may at any given point in time discontinue your connection with us on social media platforms.

Internal data analysis

Where we have obtained personal data for any of the purposes set out in this Policy, we may use it in connection with internal data analysis and also for any of the other purposes set out in this Policy. This does not affect your legal right to object to the use of your data for direct marketing purposes.

Personal data we may obtain from our website about our web visitors

We may automatically collect the following information, which may or may not be personal data, in relation to anyone visiting our website:

• IP addresses (static or dynamic) and other technical information relating to the virtual or physical location of a visitor and their means of access, including browser information, time zone settings and hardware information;
• How visitors use the website, including dates and times and any details of how and for what duration particular resources are viewed or used; and
• Clickstream data, including where users navigate to our site to and from and any searches users make on or relating to our website.

We will use this data to:

• run our website and ensure it works properly;

• improve how we present the information on it and make browsing easier and more productive;

• maintain the site’s security and that of our visitors

Cookies

​ Cookies are small text files that are downloaded to your device by websites you visit. Currently our website only uses Google Analytics. Using Google Analytics enables us to see what content is popular on our website so that we can continue providing content and information that our users enjoy reading and improve the website experience for our users. The details relating to the Google Analytics tool are as follows:

Personal Data collected: Cookies and Usage Data Place of processing: United States of America Privacy Policy Opt-Out

However, we may use a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, may be aggregated and will therefore be anonymous.

We don’t use cookies in a way that allows us to identify site users.

You may refuse the use of cookies or withdraw your consent at any time by selecting the appropriate settings on your browser. This may prevent you from accessing all of our website.

Lawful basis for processing your personal data

The following is the lawful basis for processing your personal data:

Consent

In order to avail of our services, you consent to us obtaining and processing your personal data. While dealing with you we may issue Terms of Business or execute a contract outlining the terms and conditions of our engagement with you. The Terms of Business/contract along with this Policy set out the purposes for which your personal data may be obtained and processed by us. By accepting the Terms of Business or by using our website or by executing a contract with us and by continuing to deal with us you confirm that you have consented to us processing your personal data.

Contractual necessity

One of the grounds for obtaining and processing your personal data is so that we can perform our services in line with the scope of work and Terms of Business mutually agreed to by us.

​

Compliance with legal obligations-

We may have to collect personal data in order to comply with certain legislative and regulatory requirements relating to client due diligence. Consequently, we may process your data to carry out identity checks and maintain records of customer due diligence.

Legitimate interests

In circumstances where you or your organisation are a client/customer of Intent Communications or are an employee we will process your personal data to promote and pursue the legitimate interests of our organisation, or yours as our clients or employees.

​

Who will receive your personal data?

​ Your personal data may be received by: ​

• Intent Communications and its staff who need to receive your personal data in order to provide services to you or to carry out the administration of business.
• Our chartered accountants when they are processing our invoices, financial statements, payrolls and filing our tax returns at Her Majesty’s Revenue and Customs (the HMRC).
• Any authorities or government bodies such as the HMRC to whom the information may need to be submitted;
• Any regulatory authorities regulating us;
• Any external auditors to whom we may have to provide personal data of our clients and employees for the purposes of carrying out the audit.
• Marketing, sales and legal professionals who provide their expertise to us during the course of and for the purposes of our business.
• Third party agencies that specialise in undertaking client identity checks, money-laundering checks and credit checks.
• External agencies such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies), appointed, if necessary, as data processors by us as data controllers. An updated list of these parties may be requested from us at any time.
• Any other party you may instruct us to share your personal data with.
• Any other organisation who may take over the business of Intent Communications either by purchasing it or by way of a merger or in the event of any catastrophic circumstances by reason of which new management has to continue Intent Communications’ business.

​

Transfer of personal data to international organisations or countries outside the EEA

​ While providing services to our clients we may have to liaise with and provide information including personal data to third parties located in territories outside of the European Economic Area (“EEA”). ​ Where we transfer personal data to third parties outside of the EEA, we will ensure that the recipients are aware of the provisions of the GDPR and provide an adequate level of protection for the rights of persons whose personal data has been shared with them.

In addition, all our inbound and outbound email communications are TSL (Transport Security Layer) encrypted.

Retention of personal data

For data relating to our clients Intent Communications Ltd. uses (name the system the company uses to retain information, if any), a system maintained and backed up on our hard-drive. We chose _______ (name the data storage system) as our data retention system because _________(state the reason for choosing the data storage method. For example it stores all data on high-security servers with 256-bit SSL encryption and storage redundancies to prevent loss due to catastrophic events. Advanced permissions and password features ensure only authorised staff get access).

Your personal data will be retained by us for the duration as will be deemed necessary by us for the purposes of providing further services, marketing or growing our business, such duration not being less than (5) five years from the date on which data was first gathered.

Hosting and back-end infrastructure

We use third-party hosting services for the purposes of hosting data and files that enable our website to run and be distributed as well as to enable us to run specific features and functions within our website. Some of these functions work through geographically distributed servers, thereby making it difficult to identify the exact location where the personal data is stored.

The Intent Communications website is hosted by Netlify.

The details relating to Netlify are as below:

Personal Data collected: Various types of data as specified in this privacy policy Place of processing: United States Privacy Policy for Netlify

​

What are your rights with respect to your personal data?

Under the DPA, you have the following rights in relation to your own personal data:

• to prevent us using your data for direct marketing;
• to have (in certain circumstances) inaccurate personal data corrected, blocked or destroyed;
• to access a copy of the information comprised in your personal data that is undergoing processing (“subject access rights”);
• to object to automated decisions. Intent Communications Ltd. do not, however, use automated decision making;
• to obtain compensation through legal proceedings for damage caused by a breach of the DPA;
• the right to withdraw consent from us continuing to process your personal data; and
• a right to object to processing that is likely to cause or is causing damage or distress.

If you want to (1) tell us to stop using your data for direct marketing or withdraw consent from us processing your personal data for any of the purposes mentioned in this Policy; (2) exercise your subject access rights; (3) tell us about inaccurate personal data you think we hold on you; or (4) object to a use you believe we’re making of your data which is causing, or is likely to cause, damage or distress, please contact our Data Protection Manager or write to us at this address:

Namrata Nadkarni Intent Communications, 40 Haig Road West, Plaistow, London E13 9LH

Unless the law permits us to do so, we will not charge you to exercise your subject access rights but may charge a reasonable fee reflecting our administrative costs should you request further copies of the personal data. When you contact us to exercise any of the above rights, we will first ensure that the person requesting the data is the person whose data is being sought (or that it is being requested on that person’s behalf). This may involve providing us with proof of your identity or your authority to act for the data subject. We may also ask you for any information we need to help us find the personal data you’re enquiring about.

We will also provide you with the following information relating to your personal data:

• the purpose for which we’re processing it;
• what categories of data about you we process;
• the recipients of your data, if any, including specifically international or foreign organisations;
• our expected retention period or how we’ll calculate this, if we don’t know yet;
• your rights in relation to the data; and
• the source of the data, if we didn’t get it from you.

Should you contact us in relation to us holding incorrect, incomplete or inaccurate data about you, we will make the required corrections promptly.

Right to lodge a complaint

​ If you are unhappy with the way, we are processing your personal data you can lodge a complaint by writing to our Data Protection Manager at namrata@intentcommunications.co.uk or by sending your complaint to:

Namrata Nadkarni Intent Communications 40 Haig Road West, Plaistow, London E13 9LH​

You are also entitled to make a complaint at the Information Commissioner’s Office (ICO).

Variations to this Policy

We may update this Policy from time to time. We reserve the right to alter and make changes to this Policy at our sole discretion and we therefore request all users to regularly refer to our Privacy Policy for updates and variations.

Policy last updated on 13 February 2021.