your privacy

Privacy Policy - Introduction

This privacy policy (“Policy”) sets out how Seren Leadership, registered as Seren CMT Ltd in England and Wales, Company No. 08810350, uses and protects any information that you provide when using our website or engaging with our services. Seren CMT Ltd (“Seren CMT”, “Seren Leadership”, “Seren”, “we”, “our” or “us”) are committed to protecting your privacy and we comply with the Data Protection laws applicable to the UK.

Seren CMT Ltd is registered with the Information Commissioner’s Office (ICO) with Dr Soracha Cashman as a Data Controller.

Our approach to privacy

Seren Leadership places a high priority on safeguarding confidential information and processing personal data in an ethical manner, and we take our responsibility for the security of customer and employee data very seriously. To help us continue to achieve this, we have embedded privacy by design and by default within our operating procedures and service delivery. This means that privacy and data protection is taken into consideration and implemented in the design and delivery of our business services, marketing functions, IT systems and overall business practices so that our clients’, employees’, sub-contractors’ and service users’ right to data privacy and data protection is our default position when processing data.

This ensures that no additional actions are required by you to ensure your privacy is honoured and protected. It also means we will not share your data with third parties for marketing purposes and will only do so when necessary to provide a business service you have requested, or if legally obligated to do so.

In order to carry out other business functions and to deliver our services, we rely on the following lawful conditions for processing personal data:

• Consent – the individual has given their Consent to the processing of their Personal Data.

• Contractual – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for Seren Leadership to take pre-contractual steps at the request of the individual.

• Legal Obligation – processing of Personal Data is necessary for compliance with a legal obligation to which Seren Leadership is subject.

• Legitimate Interests – processing is necessary under the Legitimate Interests of the Seren Leadership or an associated third party, unless these interests are overridden by the individual’s interests or fundamental rights.

We will be clear and transparent with you about which lawful basis is used when processing your personal data.

Collecting personal data

In order to deliver our services and to carry out necessary business functions, we may collect certain personal data from you in a variety of ways, such as, through our website, via email, an online portal, or verbally. These details may include (where applicable), names, contact information and basic employment details. Depending on the service we are delivering to you or your company, we may also ask for more detailed information about your employment such as the department or team you work in, your length of employment, career and professional performance goals. When receiving coaching or consultancy input from Seren Leadership, information considered sensitive may emerge during the course of discussions with your Seren Leadership coach or consultant. These relationships are bound by strict confidence, and any notes collated by your Seren CMT coach are treated accordingly.

Personal data we obtain is collected in a few key ways:

• Data disclosed by the individual

• Data disclosed by an authorised third party (i.e. employer) on the individual’s behalf

• Data obtained from linked system or database, such as LinkedIn

• Data generated through user interaction with systems/services

Where your data is provided to us by an authorised third party such as your employer (i.e. in the form of course delegate lists), it is the third party’s responsibility to ensure they have the correct lawful basis in place to share this data with Seren Leadership.

The purposes of processing personal data

Your data may be used for a number of purposes including, but not limited to: providing all the elements of the learning & development or consultancy services we have been contracted to provide by yourself or your employers, contacting you in the event of a workshop time change or cancellation. assessing the quality of our services, administrative activities, crime prevention/detection (i.e. fraud), undertaking legal obligations of the business, statistical and marketing analysis, customer surveys, customer relations communications and offering you services and products we believe may interest you.

You will always be told what we intend to do with any personal data we collect from you, however the principal reasons are to:

• support the delivery of contracted services and products, or

• achieve our marketing and sales strategies.

More specifically, these may take the form of the below likely scenarios;

Individuals engaged with a Seren Leadership service as part of a development programme we are contracted to deliver.

When taking part in a service (e.g. diagnostic, survey, workshop, seminar) as part of a programme we are contracted to deliver, the information you provide will only be used for the stated purposes and/or those you consented to. This may include product research & development, administrative and legal purposes, statistical analysis, systems testing, or service maintenance and development. In this scenario, we would be relying on contractual necessity as the primary legal basis for processing personal data. The personal data you provide here will either be anonymised, or deleted after 2 years.

We may need to provide your personal data to an approved associate or independent practitioner authorised to deliver Seren Leadership services, or a colleague in your organisation authorised to deliver Seren Leadership services if you are enrolled on a programme delivered by either party for learning and development. Either of these scenarios may involve transmitting your data to a different country.

User interactions with online services and resources such as our website, webinar registrations, or downloading white papers.

We may collect information to better understand how visitors use our website and interact with our marketing content so we can offer timely and relevant information. When using our website to register for a webinar, or download a white paper, your data may be used for the following:

• For our own internal records.

• To improve the products and services we provide.

• To contact you in response to a specific enquiry.

• To customise our website for user needs and preferences.

• To send you promotional emails about products, services, offers and other things we think might be relevant to you.

• To send you promotional mailings or to call you about products, services, offers and other things we think might be relevant to you.

• To contact you via email, telephone or mail for market research reasons.

In this scenario, we would be relying on legitimate interests and where required, consent, as the primary legal bases for processing personal data. Seren Leadership will only keep data for as long as is necessary to meet these purposes. We will never share, sell, or rent individual personal information to an external party without your advance permission, or unless ordered by a court of law. The personal data you provide to us is only available to relevant employees and contracted service providers. If required by law, Seren Leadership may disclose data to government and/or enforcement agencies.

If we intend to use your data for a new purpose outside of those detailed in the Policy, this policy will be updated to keep you informed of the same; should consent be required from affected individuals, then it will be sought. Seren Leadership will never supply your data to third parties for marketing purposes.

Cross-border transfers of personal data

Due to the global reach of our business and services we provide, Seren Leadership works with approved associates and practitioners in different countries and it is sometimes necessary to transmit your data internationally in delivery of these services to meet our contractual requirements. If it is necessary to do so, we will ensure an adequate level of protection is in place to safeguard your data.

Data collected by Seren Leadership will be stored and processed primarily within the UK, but may be stored and processed in another country, including a country that is not in the European Economic Area (EEA). Some countries may not have data privacy laws as strong as those in force in others. We will ensure that the data protection standards employed within the UK are observed by our partners with whom we need to share information in all of the countries they operate.

We will carry out a Data Protection Impact Assessment (DPIA) prior to the transfer of data to a new territory or international recipient located outside of the EEA to identify risks and adequate safeguards to implement. Such international recipients will be required to demonstrate compliance and adhere to defined protocols via a Data Processor Agreement, Code of Conduct, and/or a relevant recognised data protection or security certification. These safeguards are intended to ensure that, post-transfer, your data is subject to security measures no less rigorous than those required by data protection legislation in force in the UK.

In some instances, we may seek authorisation from the Information Commissioner’s Office (ICO) prior to a cross-border data transfer.

Keeping personal data secure

Seren Leadership takes reasonable steps to protect personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. If you are submitting personal information over the internet that you wish to remain private, please note that while attempts are made to secure information transmitted to this site, there are inherent risks in transmitting information across the internet. If you prefer, you can contact us by phone or mail.

Seren Leadership have taken every reasonable step to ensure that your personal data is held securely at all times, and that access to these are closely monitored. Direct access to our databases are restricted to authorised personnel and their appointed agents only. Our website and online services are protected by firewalls and we have implemented security policies, rules and technical measures to protect the data in our control and to protect against the loss, misuse and alteration of data within our systems. These security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. 

Seren Leadership will take reasonable steps to destroy or permanently de-indentify your personal information when it is no longer needed. We will hold your information on our systems for as long as is necessary for the relevant service, or as long as is set out in any relevant contract you hold with us. If you change your registration profile to opt-out of receiving communications from us, your record will stay on the system so we can ensure that we do not contact you in the future

Protecting personal information is a priority for Seren Leadership. We consider security and confidentiality when handling personal information. It is important to us that the information we maintain and use is accurate, complete and up to date. If at any time your personal details change, please let us know so we can update our records.

Controlling your personal data

Any personal data we collect from you or we generate as a result of your interaction with our systems and services belongs to you. Under the data protection laws in the UK you therefore have the right to know if your data is being processed, why and for how long. This will include details of what categories of data we process (e.g. storing your name and contact details in a CRM system), whether your data has been disclosed to third parties and their identities, and how to raise a complaint with the Information Commissioner’s Office (ICO).

In addition to your right of access to data we process Seren Leadership will uphold other rights afforded to you under the applicable data protection laws in the UK, namely:

• the right to request that errors in your personal data processed by (or on behalf of) Seren Leadership is amended or corrected;

• the right to erasure of your personal data if those data are no longer needed for their original purpose, or where the processing is based on consent and you withdraw that consent (and no other lawful basis for the processing exists);

• the right to restrict processing where the relevant personal data either cannot be deleted (e.g. because the data are required for the purposes of exercising or defending legal claims) or where you do not wish to have the data deleted;

• the right to object to processing carried out for the purposes of direct marketing, where processing is likely to cause or is causing damage or distress, or where you may be evaluated or subject to decisions on the basis of automated processing;

• the right to request a copy of the personal data you have provided to us for yourself, or for it to be transferred to another organisation, if the processing was based on consent, the provision of business services under a contract, or processing carried out by automated means.

If you believe that any information we are holding about you is incorrect or incomplete or wish to exercise any of your rights in relation to your personal data, please email soracha@serenleadership.com requesting a Subject Access Request Form and we will respond promptly to any requests. However, please note that depending on the complexity and scope of your request, it may take up to 30 days for us to provide you with an adequate response.

You can also contact soracha@serenleadership.com to query any aspect of our data processing activities if you have completed (or are about to complete) a diagnostic or psychometric survey with us.

Who has access to your personal data?

The data we collect about you is generally accessed only by authorised Seren Leadership employees for legitimate business purposes and providing services as part of a contract. However, if we work with partners or contractors, they may have limited access to your personal data but as much as is needed to do their job.

The following outlines who has access to your personal data, and under what circumstances:

• Seren Leadership employees, consultants and other staff who are involved in arranging and delivering the services you request (where privacy is legally covered under their contract of employment);

• An Associate/Approved Practitioner who is contracted by Seren Leadership to provide services to you on our behalf, and therefore bound under terms within their contract relating to confidentiality and privacy that is to the same standard and level as Seren Leadership employees.

How long we hold data

It is Seren Leadership’s practice that personal data is retained only for the appropriate period of time. We have internal guidelines in place for employees on how long data should be retained detailed in a Data Retention policy. This specifies that we will need to keep certain information about employees, clients, suppliers and other individuals or organisations we interact with over the course of business to carry out certain business functions for up to 6 years to monitor and improve the quality of our service, for our records and to meet certain legal and compliance requirements.

In summary, client personal data will be held for as long as the individual or their employer is in receipt of services from Seren Leadership, plus up to a maximum of 6 years. Where a client makes a specific request for their data to be deleted sooner and it does not conflict with any legal or compliance requirement to hold data for longer, we will honour the request. Employee personal data will be held for the duration of employment and then for 6 years after the last day of contractual employment. Employee contracts will be held for 6 years after last day of contractual employment.

Where data is held by third parties in support of the services we provide to you, the third parties are contractually bound to either delete data upon our request, delete data at the end of our supplier contract with them, or to anonymise data after 2 years of receipt.

While this section of the Privacy Policy summarises and clarifies parts of our Data Retention Policy, it does not supersede it. The time limits for certain items subject to legislation specified in detail in the Data Retention Policy remain in force, and we are happy to provide further information to you about this at your request.

Cookies

Cookies are used to identify you when you visit a particular site, analyse web traffic, and can help us facilitate a more personal web experience. Seren Leadership uses cookies to identify the pages that are being used and help us tailor our website to our customer’s needs, thus allowing our website to respond to you as an individual.

Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us. Cookies can also be controlled by the functions within your browser, so do consider changing as you see fit.

Links from our website

Our website may contain links to other websites. However, once you have used these links to leave our site, you should note that we do not have any control over the other websites and are not responsible for the privacy practices of such other websites.

If you submit personal data and other information to a website to which we link, we are not responsible for its protection and privacy. Always exercise caution when submitting data to websites. Read the site’s data protection and privacy policies fully.

Changes to the Privacy Policy

We keep our Privacy Policy under regular review and reserve the right to amend or modify this Policy from time to time. Such modification shall be effective immediately upon posting of the modified Policy on this website. Please ensure you regularly review the information posted on our website to obtain timely notice of such changes.

Your continued use and access of Seren Leadership services, including our website, will constitute your acceptance of any changes or revisions to this Privacy Policy.

If we make substantive changes to this Policy, we will announce it on our website to ensure that you are aware of the information we collect and how we use it at all times.

Contacting us

Seren Leadership has a designated Data Protection Officer and designated personnel with data protection responsibilities in all service areas. If you have any questions regarding this Policy, or wish to contact our Data Protection Officer, please get in touch by using the details below.

The Data Protection Officer – Dr Soracha Cashman
Seren CMT Ltd
Company Address: Gerafon, Deiniolen, Caernarfon, Gwynedd, LL55 3HN

Seren CMT Ltd. is registered in England and Wales. Company No. 08810350