FACT3
Fact3 help businesses run more effectively with co-sourcing

Privacy Policy

 

Privacy Notice

 

We are FACT3 (a trading name of summ.it Assist LLP). Your privacy is protected by law, and it is also protected by our privacy policies. This page gives you an idea of how we use your data and the safeguards we put in place to protect it.

You can contact our voluntarily appointed Data Protection Officer at simon.ghent@fact3.co.uk

If you have any concerns or wish to exercise your rights or you can write to us at Fact3, 2nd Floor, 3 Hardman Square, Spinningfields, Manchester, M3 3EB

 

Our Promises:

To help you on your journey with us we need data about you.  We make the following promises about how we will treat this data:

  • We will only collect data about you that is relevant and necessary;

  • Your data will only be held on systems that meet compliance standards;

  • Your data will only be accessed by those who need it, and we will minimise the amount of data that is processed, wherever possible;

  • We will only share data with third parties that meet our own privacy standards for the purposes of trying to secure you funding unless either you have agreed to share data, we are required to share it by law or we need to fulfil our service commitments to you through a;

  • We will always remember that it is your personal data, not ours. As such we will ensure complete transparency and openness with you wherever possible. 

  • We respect your rights as outlined in the next section and will respond to all requests promptly

 

Your Rights:

You have the certain rights over any data we hold about you:

  • Request a copy of personal information we hold about you.

  • Ask that we update the personal information we hold about you or correct such personal information that you think is incorrect or incomplete.

  • Ask that we delete personal information that we hold about you or restrict the way in which we use such personal information.

  • Object to our processing of your personal information; and/or

  • Withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).

 

You can read more about your rights here.

If you would like to uphold your rights then please contact our Data Protection Officer at simon.ghent@fact3.co.uk

If you are in dissatisfied with our response you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns/

 

Collecting Data:

We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us. Typically, data elements we collect are restricted to:

  • Your personal contact details – email address, IP Address, phone numbers, business related social media page such as LinkedIn and source of your data;

  • Your company details – as above but also address, website and other public held information including credit rating and invoicing details if relevant;

  • Transmitted information – such as emails, texts, messaging, phone call information and recordings, voice mails, email, meeting notes, CVs and document tracking information. We may also track your activity on our “Hub” platform.

 

We may also need the following, depending on your journey with us:

 

  • Current Address

  • Passports or other proof of identity and address

  • Health Information

  • HR related information supplied by your employer if they use our “Hub” platform or through your activity. For example – training activity, holidays booked, employment history and other related material.

 

Some of this data is called “special category data” because it requires sensitive treatment. We handle this type of data particularly carefully.

Calls may also be recorded for information holding, quality and training purposes.

If you want to know what data about you we have and how we obtained your data then please contact us.

Our website and other materials sent to you may contain links to other third party websites. We may also offer buttons to social media that link to third party services. We’re not responsible for the content or the data privacy these sites provide through their tools or sites.

 

Why we process your Data

The primary legal basis that we process your data is for the fulfilment of Contract. Normally this means an IT, HR, Accounting or other Contract with your employer.

The information that we collect is essential for us to be able to carry out the services that you require from us effectively.

Data gained from marketing our services or other business activities are processed for our Legitimate Interests.

How we use your personal data

We process information about you in order to provide you with the services for which you or your employee engages us.

In general terms our marketing activity is exclusively “Business to Business.”

If we believe you will benefit from our services we may use your data to market to you if you have consented us to or if we believe we have a legitimate interest in doing so, fulfil contractual arrangements or for other agreed purposes.  Every email sent from us allows you to opt out of receiving marketing emails from us, except for the purposes of fulfilling any contractual arrangements.

Calls may be recorded for information holding, quality and training purposes. Our email, document management and website analytics are used for information purposes.

All our processes are mapped and are subject to various internal policies, procedures and governance, ensuring your data privacy and security remains central to all we do.

 

Processing your Data

Data is processed/stored locally and on encrypted third party hosted cloud services such as Microsoft 365. We also process data on all our clients on our secure online CRM system, HubSpot. You can view HubSpot’s Privacy Policy here. A full list of these systems can be provided on request.

We have offices Mauritius that are fully owned and operated by us. All people working in this location are employed on a permanent basis and have undergone the relevant background checks to ensure that they are qualified and have passed UK standard employment eligibility and suitability tests to work in such an environment, handling client personal and confidential data

As a result, some data will either be in UK, EEA/EU data centres or on US based servers that have demonstrated strong Data Security. We may also process your data in countries outside the UK or European Union from time to time in other aspects of our business.

Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that European Standard Contractual Clauses are entered.

We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held.

Sharing your Data

We will not sell your data, nor will we share your information with third party organisations except as part of providing a product or service to you and/or when legally obliged to. It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process your personal information only as instructed by us, and to flow those same obligations down to their sub-processors. 

We may also disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation including but not limited to prevention of fraud or minimising credit risk.

 

Retaining your Data

Dependant on the data you provide us and for what purpose it is provided we may need to retain your data for up to 6 years following the end of engagement with you. If you wish to find out more about your specific data retention, please contact us.

 

Legal Compliance

We seek to uphold our legal obligations as covered by the Data Protection Act 2018 and the General Data Protection Regulation 2016. Our Data Protection Authority is designated as the Information Commissioners Office (ICO).

 

This Privacy Policy is reviewed on a regular basis and was last reviewed on the 30/06/2023.