Privacy Policy

Protecting the security and confidentiality of your personal data and that of your employees is a strategic issue for the Sampson Consultants.

For this reason, we have put in place this Personal Data Protection Policy to guarantee the security of the information you provide to us. We hope it will help you understand what data the Sampson Consultants may collect, the scope of the data processed, and how the Sampson Consultants uses and protects it.

Scope

The Personal Data Protection Policy applied by the Sampson Consultants protects the information that you entrust to us within the framework of our missions, our commercial/contractual exchanges or via our website (registration / download / contact form).

Fair collection of relevant and strictly necessary data

Only the data necessary for the exercise of our missions are collected, stored and updated. The storage of your personal data in our systems is primarily the result of a decision on your part to entrust this data to us; we do not capture this data without your knowledge and without informing you.

For the sake of transparency when collecting your data, we provide you with as much information as possible about the purpose of this collection and the nature of the rights you have.

Type of data processed

In the context of our commercial approaches, we collect various categories of personal data concerning your employees, whether you are a prospect, customer or supplier, such as identification data (surname, first name, title), professional contact details (addresses, telephone numbers, email, position) and a history of customer relations (appointments, satisfaction marks, complaints, responses to satisfaction surveys, etc.).

Your data is communicated to us when you contact us and in notably from the form available on our website, via partners or directly by you within the framework of our exchanges.

In addition, as a Client, within the framework of the realization of missions, you are led to communicate to us various categories of information necessary for the good realization of the mission. The contract binding us details the data, the purposes of processing, the operations carried out, the storage periods and the security measures implemented by us.

Use of your personal data

When you provide us with personal data, we use it, in accordance with your instructions or the agreed purposes, to process the assignments you have entrusted to us, to answer your questions, or to enable you to access specific information or offers.

Moreover, only in the context of our commercial relations:

we may store and process your professional data (surname, first name, position, …) and share it within the Sampson Consultants in order to better understand your needs and how we can adapt our services;
we (or a third party acting on our behalf) may use your personal data to contact you about an Sampson Consultants offer that may meet your needs, or to invite you to complete online surveys to assess your satisfaction and help us better understand your expectations.

If you do not wish your personal data to be used for direct marketing or market research, we will respect your choice. We do not sell your personal data to third parties.

Data retention period

Your data is not retained beyond what is necessary; retention periods vary according to the nature of the data, the purpose of the processing and legal or regulatory requirements.

The data collected from the forms on our websites are kept for a period of 3 years from the last exchange.

The retention period for data received within the framework of our contractual relationship is specified in the contract.

Reinforced safety features

Sampson Consultants has a CISO (Chief Information Security Officer), who works on guaranteeing the security, availability and integrity of the information system and data.

It is our responsibility to ensure that your data is not inappropriately disclosed. Thus, access to personal data on all our systems is subject to strict conditions of implementation, including :

the implementation of filtering and control systems on our networks (Firewall),
centralized management of rights profiles. All access requests are managed via our ticketing tool integrating validation workflows,
the detection of external and internal intrusions and the implementation of procedures
of regularly tested alerts,
proven backup and disaster recovery features that ensure data can be restored in the shortest possible time.

Transmission of your personal data to third parties

The transmission of data to third parties may be justified:

When the circumstances of the mission require it: transfer to subcontractors who are themselves bound by contractual clauses guaranteeing the security and confidentiality of your data or to independent service providers who are themselves subject to ethical rules of conduct by their profession (lawyers and doctors involved in professional risk management missions). Such transmission is specified in the contract.
Communication to bodies governed by public or private law, where such communication is provided for by the Law.

These transfers are carried out in accordance with the regulations in force.

A demanding control of our subcontractors

Sampson Consultants ensures that your data continues to benefit from an adequate level of protection in terms of security and confidentiality throughout its processing. We therefore pay particular attention to ensuring that our subcontractors are able to guarantee the security and confidentiality of the data we entrust to them.

Rights of access to your data

In accordance with the regulations in place,

you benefit from a right of access, limitation, portability, deletion and correction of your personal data;
you can also, for legitimate reasons, oppose the processing of your personal data;
you can withdraw your consent to the processing of your data for the future. In this case, any processing carried out prior to the withdrawal will be deemed lawful.

These rights can be exercised by sending us a letter accompanied by a copy of an identity document to the following address:

Sampson Consultants – DPO (Data Protection Officer)
46 Houghton Place, Bradford, West Yorkshire, United Kingdom, BD1 3RG
dpo@sampsonconsultants.co.uk

Compliance check

In order to guarantee the correct application of our rules and the compliance of our practices over time, our DPO follows up with each Sampson Consultants data controller and audits are carried out by our team of internal quality auditors, trained in the specific rules of the GDPR.

Document update:

This document is updated to take into account changes in the content of the services offered to you.

Who we are

Our website address is: https://www.sampsonconsultants.co.uk.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.