Page last updated on July 6th, 2023

Introduction

Welcome to Team Consulting Limited’s privacy policy. This privacy notice tells you what to expect when Team Consulting Limited (“Team”) collects your personal information.

It is important that you read this privacy policy together with any other privacy policy or information that we may provide to you relating to specific research studies or other uses, so that you are fully aware of how and why we are using your data.

Team is the controller and responsible for your personal data and we have appointed a data protection coordinator who is responsible for overseeing questions in relation to data protection. If
you have any questions about data privacy at Team, including any requests to exercise your legal rights, please contact the data protection co-ordinator at data@team-consulting.com

What is personal data?

Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) nor aggregated data (which is statistical or demographic data derived from your personal data but is no longer considered personal data in law as this data will not directly or indirectly reveal your identity).

Why & how we use your information

Team collects Personal Data from different individuals when we provide services to our clients and undertake research on their behalf. In these circumstances, Team is a data processor and Team’s client is the data controller of the Personal Data collected and processed.

Where Team conducts research on its own behalf (and not for a client), Team is the data controller of the Personal Data collect and processed.

Team also collects Personal Data as a data controller for the purposes of managing its own business, for example in relation to applicants for a job or visitors to the Team website or offices.

This privacy policy applies to the Personal Data we collect about:

We set out how we manage the Personal Data we collect from each of the above categories separately in this policy.

Visitors to our website

When someone visits our website at www.team-consulting.com we use third party services, e.g., Google Analytics and MailerLite, to collect standard internet log information and details of visitor behaviour patterns. In respect of this Personal Data, which is collected on the basis of your consent, Team is the data controller, and the third parties are processing your Personal Data on behalf of Team. The purpose of collecting this Personal Data is to improve our website and monitor the customer journey on our website.

For further information about the collection of Personal Data using cookies, please see our cookie policy.

If you choose to provide us with your postal address or email address and consent to receive marketing material, this information will be stored in our secure contact management system and also added to our third-party provider’s secure database to deliver our communications. We will endeavour to ensure that the content that is sent to you is relevant or interesting to you and/or your business. In this event, we will be the data controller of the Personal Data collected, based on consent for marketing purposes.

You can opt-out of receiving marketing emails at any time, by following the ‘unsubscribe’ link at the bottom of each email. You can also ask to be removed from our database at any time, by contacting us:

FAO Marketing
Team Consulting Ltd
Abbey Barns, Duxford Road
Ickleton, Cambridge
CB10 1SX
UK
Tel: +44 (0)1799 532700
Email: data@team-consulting.com

Visitors to our office

Closed-circuit television (“CCTV”) is used on our premises for personal safety and security reasons and as a result, when you visit our offices, your image may be automatically captured in various locations by our static cameras.

We notify all visitors (and employees or other staff) to our offices of the CCTV using large notices to inform them of the use of CCTV on the premises.

Your image constitutes Personal Data which we collect based on our legitimate business interests in maintaining the security of our premises. Team is the data controller in respect of this collection and processing of Personal Data. The recorded video footage containing Personal Data will stored for 30 days on our premises, usually without any review of the images, before being automatically deleted from our servers.

In certain circumstances where the security of the premises or business confidentiality is suspected of having been breached, the CCTV footage is reviewed, usually for legal reasons as a result of an incident of criminal or suspected criminal behaviour. In those circumstances, the CCTV footage may be shared with third parties such as our security and legal advisors or the police. Access to the video footage and the Personal Data contained therein is kept securely and controlled by Team’s Facilities Manager who may access or give other access to the video footage where a legal basis exists.

People taking part in our user research studies

We may collect Personal Data during the research study, whether deliberately or as an incidental collection during the video and audio recording of our research. The Personal Data is collected from participants in the research studies who give their consent by signing a “Participant Consent Form”.

In the Participant Consent Form, we will inform you if the study is carried out by Team on behalf of our client. In this scenario, Team acts as a data processor on behalf of our client and our client is the data controller.

The information below describes how we manage your personal during and after the research studies:

Findings from a study may be used by us in the design, develop and improvement of medical devices. The Personal Data collected in our research studies will only be used for the research study
and will not be sold to third parties nor used for marketing or other purposes outside the research study.

All Personal Data we collect and process during a research study (e.g. full name, email address) will be kept securely and confidentially on our own systems.

All projects are different, therefore the information we collect in a research study will vary from project to project. However, we will only collect information that is necessary for the purposes of that specific project. We will always tell you about the information we wish to collect from you and how we will use it – this will be detailed in the Participant Consent Form. Before your participation in a study commences, we will seek your consent in writing.

The data we collect during a study (including video recordings of a study) will be reviewed by Team’s engineers and designers who are involved in that study. Video recordings of participants in studies include sound and images that constitute Personal Data, and all recordings are stored securely and confidentially on our own systems (which include suitable security mechanisms including password and encryption) and have strictly restricted access. Alongside these technical measures, Team has comprehensive and effective policies and processes in place to ensure that Team employees are aware of their obligations and responsibilities for the data they have access to. Where required and usually under exceptional circumstances, regulatory agencies may request access to the video/audio recordings from this study and in that event, Team will share the Personal Data as required for compliance.

You may withdraw from our research study at any time. Simply notify the researcher and you will be removed immediately from the study. Any Personal Data/video already recorded will be deleted/ put beyond use and not be used in the project.

With your consent, we may transfer some personal data (e.g., video recordings of interviews) to the client who commissioned the research.

If you are a UK or EU study participants and we are to transfer your Personal Data out of the UK or EU, we ensure it is protected by implementing the following safeguards:

• We will only transfer your Personal Data to countries that have been deemed by the European Commission to provide an adequate level of protection for Personal Data; or
• We will use specific contracts with our clients which ensures that your Personal Data is given the same protection it has in the UK or EU.

Non-UK/EU study participants: If we transfer Personal Data from non-UK or non-EU study participants to the UK or EU, we will ensure that we comply with the data protection regulations in the country where the study was conducted. In all cases, we will ensure we have sufficient safeguards in place to protect your Personal Data during data transfer.

If you would like specific information on how we safely transfer Personal Data, please contact us – refer to the Contact Us section below.

The duration which we hold your data for will be detailed on the consent form. Usually, data collected in user research studies will be retained for ten (10) years, and then deleted or put beyond use. We will not keep your data for longer than is necessary.

Job applicants

This notice guides our processing of any Personal Data that is provided by job applicants to Team and you should read it before submitting any of your Personal Data to us either via our applicant tracking system, recruitment email address (recruit@team-consulting.com), other Team email addresses, via third party portals (e.g. Cambridge Network) or via post.

Any Personal Data that you submit to Team for the purpose of applying for employment will be used for the purpose of matching you to current or future job vacancies at Team, keeping you informed of relevant future job vacancies at Team, for compiling recruitment statistics or trends information, and for managing our third-party agreements with recruitment suppliers. The Personal Data would typically include but not be limited to your name, home address, e-mail address, contact mobile/telephone numbers, CV and covering letter, and any other information relevant to your application.

Team will be the data controller in respect of the Personal Data provided by you and collects and processes your Personal Data on the basis of contract (pre-contractual dealings in the event of a job applicant or interviewee) and consent. Any third parties processing your Personal Data on behalf of Team (for example software or cloud storage providers) will be acting under obligations of confidence and Team will have put in place a data processing agreement, having previously conducted due diligence checks on the security measures taken within the software packages to protect Personal Data.

Team will store your Personal Data securely in our UK GDPR compliant, cloud-based, recruitment system called Workable, and only share it within the organisation with those individuals involved in the recruitment process and for the purposes of assessing your suitability for a position with Team. Team will only disclose your Personal Data outside of the organisation if we reasonably believe we are obliged to do so for legal reasons e.g., to HMRC for the purpose of tax collection or in connection with a criminal investigation.

If your application to Team is successful and you accept employment, your Personal Data will be transferred into our personnel system and files and will continue to be stored there on the basis of contract.

In the event that your application is unsuccessful Team will keep your Personal Data for 12 months after which time it will be destroyed unless we assess it is in our legitimate interest that you may be suitable for potential future vacancies that become available within Team. The only exception to this rule is where an application made to a specific recruitment campaign that results in an individual becoming a sponsored employee. In this case we defer to the retention period the UK Border Agency advises for keeping candidate information to support a Resident Labour Market Test.

All Personal Data relating to any individual that has been employed by Team but whose employment has terminated, will be destroyed after seven (7) years beyond their termination date unless the Personal Data is of historical value e.g. that of a Founder.

At all stages Team will store Personal Data securely and review records regularly to maintain and update them. You can contact Team at any time to update your Personal Data or related information.

Team Consulting events

When you sign up to Team online events you will register with one of our event partners, who will be appointed as Data Processors on our behalf (Team will be the data controller in respect of the Personal Data).

Zoom:

Where we use Zoom (https://zoom.us/), all Personal Data is captured by Zoom in accordance with their privacy and security settings. Zoom is a widely used video conferencing platform, and a service that Team pays for. By registering for our events, you acknowledge that Team will have access to your registration details and any Personal Data that applies, including your full name, email address and telephone number. Team may also send follow up emails with relevant content following the event, which you are free to unsubscribe from at any time via the link provided in each email.

If you participate in a Recorded Meeting or you subscribe to Zoom cloud recording services, they collect information from you in connection with and through such Recordings. This information may include Personal Data. Meeting hosts (in this case Team) are responsible for notifying you if they are recording a meeting, and you will generally hear a notice or see an on-screen notification when recording is in progress.

Much of the Personal Data collected by Zoom are collected on behalf of their customers (e.g., Team). Under data protection legislation (such as the UK GDPR, EU GDPR or CCPA in California), Zoom are the “processor” of that Personal Data (i.e. Zoom acts as a service provider on behalf and at the direction of the customer), and the customer is the “controller” of that Personal Data (i.e. decisionmaker on how the data is used). For example, Team, as the customer, may determine when meetings can be recorded and how long they are kept. At the customer’s direction, Zoom may provide reports containing Personal Data relating to the customer’s account.

Zoom does not exchange your Personal Data with third parties for payment, even if you do not opt-out of the “sale” of information. If you opt-out, they will adjust your preferences accordingly.

For more information on how Zoom collects or process your personal data, please click here.

Eventbrite:

Please note that Eventbrite will securely store any Personal Data you submit upon registering in its United States servers. By registering for our events, you acknowledge that Team will have access to your registration details through Eventbrite and all of your Personal Data that Eventbrite stores, including your full name and email address. Following the event, Team may also send follow up emails with content it deems relevant to you, which you can unsubscribe from at any time via the link provided in each email.

Clients who use our services and those who subscribe to our marketing information which could include newsletters and our magazine, Insight

Client contact details and those people who subscribe to our marketing activities are stored in our secure CRM system and Team are the data controllers in respect of this Personal Data which is collected to maintain our relationship with existing clients and provide information about our services to potential new clients. We use a third party (who is a Data Processor on our behalf) to manage our marketing communications and marketing lists are copied into their system for this purpose. Only people who have given explicit consent are included on these lists. At any time people can change their consent preference either by unsubscribing from emails or by contacting data@team-consulting.com.

Your legal rights over your Personal Data

YOUR LEGAL RIGHTS
You have the right to:

(a) Request access to your Personal Data (commonly known as a ‘data subject access request‘). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

Subject access requests and right to amendment / erasure

Individuals can find out if we hold any of their personal information by making a ‘subject access request’, in writing to ‘Team Consulting Limited – FAO Data Protection Co-ordinator’. If we do hold information about you we will:
· Give you a description of it
· Tell you why we are holding it
· Tell you who it has been/could be disclosed to
· Let you have a copy of the information if practicable. In certain circumstances, we may not be able to provide copies of video or audio recording collected during user research studies.

Proof of identification will be required.

(b) Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

(c) Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

(d) Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

(e) Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:

· If you want us to establish the data’s accuracy.
· Where our use of the data is unlawful but you do not want us to erase it.
· Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
· You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

(f) Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

(g) You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Contact us

If you would like further information on our security or data protection, please contact our Data Protection Co-ordinator at:

Team Consulting Ltd
Abbey Barns, Duxford Road
Ickleton, Cambridge
CB10 1SX
UK

Tel: +44 (0)1799 532700
Email: data@team-consulting.com