1. Introduction

Glisten is committed to ensuring that the personal data of our clients is protected, and processed in accordance with the applicable laws in force.

This Privacy Policy narrates how we use your personal data, including
• The general categories of personal data that we may process;
• The source of the personal data that we way process, if not directly from you;
• The purposes for which we require to process your personal data;
• The legal basis for the processing;
• The length of time that we will retain your details in our records.

For the avoidance of doubt, Glisten is the Data Controller and the person in charge of Data Protection for the business is Mairi McKay. Mairi can be contacted via email mairi@mckaybusinessconsultancy.co.uk or by telephone on 07706653698

Unless you are prompted by us to do so, please do not communicate the personal data of any other person to us without that person’s explicit and recorded consent.

2. Categories of Personal Data & Legal Basis for Processing

Glisten is committed to only obtaining and retaining the minimum amount of personal data as is required for our business purposes.

Enquiry Data
We may process information contained in any enquiry you submit to us regarding the provision of our services.
The enquiry data may include your name, telephone number, home address and/or email address, and will be processed for the purposes of the negotiation of the provision of our services to you. The legal basis for this processing is legitimate business interests, namely the pursuance of a contractual relationship with you.

Service Data
We may process your personal data that is provided in the course of the use of our services. The service data may include email addresses, telephone numbers, postal or office addresses. The source of the service data is you and may be processed to facilitate the provision of our services and for the purposes of communicating with you. The legal bases for this processing is the performance of a contract, and/or taking steps to enter into such a contract, and our legitimate interests, namely the proper administration of our business.

Transaction Data
We may process information relating to transactions that you enter into with which may include your contact details, your card or other payment method details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and our legitimate interests, namely our interest in the proper administration of our business.

Notification Data
We may process your personal data including your name and email or postal addresses for the purpose of subscribing to our email notifications and/or newsletters. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Correspondence Data
We may process information contained in or relating to any communication that you send to us for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our business and communications with clients.

3. Additional Processing
In addition to the categories of processing noted in section 2 above, we may also process any of your personal data as identified in this policy for the following purposes:

• for compliance with a legal obligation to which we are subject.
• for the establishment, exercise or defence of legal claims and disputes, whether raised in formal court proceedings or in arbitration, mediation or other out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
• for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

4. Providing your personal data to others

Glisten handles all of your personal data on a strictly confidential basis and it is only disclosed to certain third parties on the following bases:

• To our insurers and/or personal advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in arbitration, mediation or other out-of-court procedure.
• To such third parties as are entitled to the information where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
• To such third parties as are entitled to the information where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in arbitration, mediation or other out-of-court procedure.
• To third parties who provide us with CRM or other cloud based software or storage programs for the legitimate interest of the purposes of the proper administration of our business interests. We shall ensure at all times that any such third party processors are in themselves GDPR compliant and reputable.

5. International transfers of your personal data

Glisten operates from an office base in the UK, and it is not envisaged that your personal details will ever require to be transferred outwith the European Economic Area.
In the event that we opt to use third party processors per section 4 above who are situated in countries who are outwith the European Economic Area, we shall ensure that in any transfers to these countries, your data will protected by appropriate safeguards as recommended by the European Commission from time to time.
Personal Data transfers will only be made to such countries outwith the European Union that have been vetted by and received an “adequacy decision” from the European Commission, approving their data protection rules as adequate to protect your personal data.

6. Data Retention
Our data retention policies and procedure are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data, meanwhile providing the best possible customer service to our clients.
The currently enforceable regulations stipulate that the personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
(a) we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
(b) we may retain your personal data for up to ten years following the conclusion of the contract between us for the purposes of maintaining a register of our contractual dealings.
(c) we may retain certain items of your personal data, such as your name and contact details for the purposes of the administration of a mailing list to advise you of any events which may have an effect on the advice given to you during the period of our contract with you. You will have the right to “opt-out” of receiving any such emails at any time.

7. Amendments
This privacy policy should be regarded as a ‘living document” and shall be amended from time to time in accordance with legislative requirements, and any changes that we may make to our business practices. You should therefore check this page occasionally to ensure you are happy with any changes made to this policy.
We may notify you of changes to this policy by email or by the publication of the amended policy on our website.

8. Your rights
The General Data Protection regulations afford you certain rights and protections under the law. Each of these rights are complex legal issues, and for this reason, only a short summary of each of these rights have been summarised below. Should you wish to find out any more about each of these rights and how to exercise them, we would direct you to the Information Commissioner’s Office www.ico.org.uk.

Your principal rights under data protection law can be summarised as follows:
(a) the right to access –
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
The request can be made by email to enquiries@mckaybusinessconsultancy.co.uk or by telephone directly to our Director, Mairi McKay on 07706653698, and the information can, upon request, be delivered in hard copy or by an emailed pdf.

(b) the right to rectification –
You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. The rectification request can be made by email to enquiries@mckaybusinessconsultancy.co.uk or by telephone directly to our Director, Mairi McKay on 07706653698

(c) the right to erasure-
In certain circumstances you have the right to request the erasure of your personal data by a data controller without undue delay. These circumstances are set out by the ICO https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure and are subject to certain exclusions. Requests for erasure of personal data can be made by email to enquiries@mckaybusinessconsultancy.co.uk or by telephone directly to our Director, Mairi McKay on07706653698

(d) the right to restrict processing-
In certain specified circumstances you have the right to restrict the processing that is being carried out to your personal data. This is not an absolute right and further details can be found on the ICO’s website. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing
Requests for the restriction or the processing of personal data can be made by email to enquiries@mckaybusinessconsultancy.co.uk or by telephone directly to our Director, Mairi McKay on 07706653698

(e) the right to object to processing-
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You also have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To notify us of your objection to our processing of your personal data, please contact us by email to enquiries@mckaybusinessconsultancy.co.uk or by telephone directly to our Director, Mairi McKay on07706653698

(f) the right to data portability-
Following a valid request, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

(g) the right to complain to a supervisory authority-
If you feel that our processing of your personal data has infringed your rights, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. If you are resident in the UK, this would be the Information Commissioner’s Office and their contact page can be accessed here – https://ico.org.uk/concerns

(h) the right to withdraw consent.
Where we are reliant upon your consent as our legitimate basis for processing your data, you have the right to withdraw that consent at any time. You may do this by emailing mairi@mckaybusinessconsultancy.co.uk or calling Mairi McKay on 07706653698.

You may exercise any of your rights in relation to your personal data verbally by calling Mairi McKay on 07706653698 or in writing, by emailing Mairi@mckaybusinessconsultancy.co.uk.

9. About cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Glisten do not rely upon the use of cookies in their business practice.

10. General
Glisten is the trading name of Mairi McKay & Paul McKay, a Sole Trader. The website www.glisten.info is owned and operated by Mairi  & Paul McKay trading as Glisten.
Our principal place of business is at 32 Warwick, East Kilbride, G74 3PZ.

You can get in contact with us during usual business hours, as follows:
contact us:
(a) by telephone, on the contact number published on our website from time to time; or
(b) by email, using the email addresses published on our website from time to time.
(c) via public or private messages on any of our social media channels, such as facebook, twitter or LinkedIn.

Our organisation is not required to have a mandatory Data Protection Officer, however, any Data Protection related queries about our use of your personal data should be directed to Mairi McKay on 07706653698 or by email at Mairi@mckaybusinessconsultancy.co.uk.

Glisten do not use any means of automated decision making or profiling in their business practices.