Privacy notice

We are committed to protecting your personal data, whether you are a visitor to our website, a subscriber to our newsletters and other communications, or an enquirer or purchaser of our products and services.

This privacy notice explains how we collect and use your personal data, and how we look after it. It also tells you about your rights and how to contact us.

Who are we and how can you contact us?

The Data Controller is Zorva Consulting Limited, a company incorporated in England & Wales (registration number 8200969) whose registered office and trading address is at 15 Chieveley Drive, Tunbridge wells, Kent, TN2 5HG.

We are registered with the Data Commissioner’s Office (ICO) as a data controller, registration number ZA215494 and you can find out more about our registration here.

We are subject to the UK GDPR.

Whether you want to ask a question, exercise your data rights or for any other reason you can contact us in a number of ways:

  • Email us at hello@zorva.info
  • Write to our Data Protection team at Zorva Consulting Limited, 15 Chieveley Drive, Tunbridge Wells, Kent, TN2 5HG
  • Call us on 020 3286 7044 during normal office hours

What personal data does Zorva Consulting Limited collect?

We collect the following personal data about you.

  • Full name
  • Contact address
  • Work and mobile phone numbers
  • Email addresses
  • Contact preferences
  • Dietary requirements for events
  • Information that you choose to share with us during our conversations or communications

We do not knowingly collect data about anyone under 16 years of age, and if we are made aware of it we will erase it.

We collect your personal data when you provide it to us, or when it is provided by a third party such as MailChimp newsletter signup or Eventbrite event booking. When you visit our website, we use cookies to track usage and help the website run smoothly; for more information, please see our cookie policy at www.zorva.info/cookies where you can also change your privacy settings.

How does Zorva Consulting Limited use my data?

We may use the personal data that you provide in the following ways to:

  • Help us respond to an enquiry about our services
  • Administer your request to sign up to receive a newsletter
  • Process your purchase for products and services
  • Process event bookings
  • Provide the best experience as a customer or member of the TinoPai membership programme
  • Generally, to record the contact that we have with you
  • Manage internal record keeping, such as the management of feedback or complaints
  • Analyse and improve the services we offer

You can choose at any time which marketing materials you want to receive from Zorva Consulting Limited and in which format. If there is something you would prefer not to receive, please contact us in any of the ways mentioned above.

What is the lawful basis for processing my personal data?

We rely on a variety of lawful bases for processing data depending on the purpose of processing.

  • We rely on contractual basis for processing data relating to purchases of goods and services and events you have booked, and concerning the TinoPai membership programme.
  • We rely on legitimate interests for a variety of purposes. Legitimate interest is about balancing the interests of Zorva Consulting Limited against your rights and freedoms and having due regard to your reasonable expectations about the use of your data. These purposes include mailing information and calling you about related resources and events that you might be interested in, given your previous engagement with us, and administering a service agreement.
  • We rely on consent for all insight newsletters and related email marketing. Every email marketing communication you receive provides a clear opportunity for you to opt out (unsubscribe) from future email communications.
  • We rely on legal obligation as the basis for processing any legally required activities, and for any information we are obliged to share relating to employment of our staff with HMRC and other government or similar bodies.
  • We rely on the ‘soft opt-in‘ principle when we send marketing messages, using data gathered when you bought or expressed interest in one of our products or services.

Is my data shared with anyone else?

We never share your personal data with other organisations to use for their own purposes, without your specific consent, unless legally obliged to do so. This would only be in the case of requests by government bodies and law enforcement agencies, or to protect Zorva Consulting Limited (for example in cases of suspected fraud or defamation).

If we run an event in collaboration with another named organisation, your details may need to be shared with them and those who provide services to help us deliver the event. We will make it clear what will happen to your data when you register.

Our website may contain links to other websites. This privacy notice applies only to our sites, so you should always be aware when you are moving to another site and read the privacy statement of any site which collects personal data. We do not pass on any personal data about you to any other site when you link to another site.

Our ‘Contact Us’ form uses Captcha v3 to block spam and so any details you enter may be passed to Google as part of the verification process – here is their privacy notice.

The TinoPai membership programme uses the MemberPress plugin for WordPress and so any details you provide, may be shared with WordPress.

How long is my data retained?

  • As a purchase of our products or services (including events), we retain your personal data for 7 years from the date of last purchase but may be able to anonymise parts of it upon request.
  • As a newsletter subscriber, we retain your personal data for 4 months after the date that you unsubscribe.
  • As a business contact, we retain your personal data until we are made aware that they information is no longer accurate.
  • As a TinoPai member, we retain your personal data for 7 years from the date that your membership expires.

How is my data stored and protected?

We maintain a high level of security in relation to the collection, storage and disclosure of your data. This is very important to us and we take steps to ensure that any data we hold about you is safe.

  • Information is stored digitally on computer systems with multiple levels of passwords and disk encryption, accessible only to the Data Controller.
  • Full information is accessible only to Zorva Consulting Limited personnel, for the purposes above.
  • Information is collected from you both verbally and in writing. Documents relating to you are scanned to your individual client record and shredded.
  • Our computers are maintained, protected and backed up either to encrypted storage medium which is then physical secured, or to cloud backup and storage providers using ‘zero knowledge’ techniques.

Who can access and/or use my personal data, on behalf of the Data Controller?

Use of your data is limited to the Data Processors specified below:

  • For the purposes of office productivity, personal data may be stored in Microsoft Exchange which is hosted by Rackspace.

Zorva Consulting Limited use a number of other cloud backup and storage providers but they all follow the ‘zero knowledge’ protocol and so no personal data, as defined by UK GDPR, is processed.

What are my personal privacy rights?

The Data Protection Act and the General Data Protection Regulation give you certain rights over your data and how we use it. You have the right to:

  •  request a copy of the data we hold about you and details of what we do with that data (known as a subject access request)
  • update or amend the data we hold about you if it is wrong
  • change your communication preferences at any time
  • withdraw your consent to use of your personal data where we are relying on consent as the lawful basis for processing it
  • ask us to remove your personal data from our records
  • ask us to restrict the processing of your personal data
  • obtain a portable copy of certain personal data where this is processed automatically
  • object to the processing of your data for marketing purposes
  • raise a concern or complaint about the way in which your data is being used
  • ask us to explain any automated processing we carry out and the impact of this on you

We may ask for reasonable proof of your identity before providing you with data or carrying out any of the above actions.

 

How can I exercise my rights, complain or comment?

If you wish to exercise your rights, complain or make a comment, please contact us in any of the ways shown above.

If you are not satisfied with our response, or you are unhappy with how we have used your data, you can complain to the Information Commissioner’s Office. Their contact details are:

  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline number: 0303 123 1113
  • ICO website: https://www.ico.org.uk

This privacy notice was last updated: 19th January 2022.