Privacy and cookie policy
This Privacy Policy sets out how we, Opal Wave Solutions Limited process your personal data. We take the privacy of your personal data very seriously and all data captured will be used and held in accordance with the requirements of the Data Protection Act 2018.
Opal Wave Solutions Limited is the controller. If you have any requests concerning your personal data or any queries with regard to how we handle your data you can contact us by phone on [020 3078 9389], email us at [email protected] or write to us at Opal Wave Solutions Limited, 20 St Dunstan’s Hill, London EC3R 8HL.

Commitment to privacy
We respect your privacy and are committed to protecting the personal information you provide to us.
When you provide us with your personal data, you consent to us processing all such personal data as set out in the Privacy Statement. Please read this Privacy Statement carefully and revisit this page from time to time to review any changes that we may have made.
Even though we take appropriate technical steps to protect your security, you should remember that data transmission over the internet cannot always be guaranteed as 100% secure so you use the website at your own risk.

Why do we collect your personal information?

We collect information to help manage the services we provide, we’ll contact you about the following:
Important information relevant to your Certification, such as invoices, audit dates, plans and reports
Industry updates that could affect your Certificatio. British Assessment Bureau products, services, offers and promotions

The type of Information we have
The information we have about you is limited to only what we need to provide our services effectively.
This information includes:
• Your name, work e-mail address and work phone number
• Your company’s address
• Your company registration number
• A description of what your company does
• A record of any written or verbal communications

How do we get your information?
We only collect the information you provide us during contact.
For example, when you:
• Enquire about our services
• Enquire about training
• Onsite during sales and consultancy visits

The legal basis on which we rely are:

Consent
For email marketing and for passing data to third parties we will use consent, this will usually be in the form of an opt-in tick box, or when you submit an email address expressly for the reason of sending marketing. We will always make it clear what your data will be used for and provide a link to our privacy policy. You can change your mind at any time.

Contract
Processing of your personal data is necessary for us to administer the pre-contract and contractual relationship between ourselves and our customers in connection with the performance of a contract.

Legitimate interests
We will use legitimate interests to send occasional marketing by post and email and for segmentation and profiling in order to send relevant targeted communications. Our legitimate interests are to communicate with our customers and prospective customers to keep them informed, to grow our business and promote best practice in the EPM marketplace.

Marketing
We conduct basic profiling for our marketing purposes to ensure relevant and targeted communications. This might be in the form of segmentation based on location or stated interests.
We would like to use your personal data to send you details of products or services that we offer that we have identified as likely to be of interest to you. We will only send you information in line with the preferences you indicated when you provided the personal data.

If at any point you would like to opt-out of receiving communications from us or would like to change the channels (such as email or post) that we use to contact you, please contact us by phone on [020 3078 9389], email us at [email protected] or write to us at Opal Wave Solutions Limited, 20 St Dunstan’s Hill, London EC3R 8HL.

Recipients/categories of recipients
In carrying out our business including our obligations to you, we may use sub-contractors. These will be businesses such as mailing houses, email broadcasters, marketing agencies. We will ensure that they respect your privacy and abide by all data protection laws.

Retention periods
We will keep your personal data in connection with the services for which it was collected for an appropriate period of time and in accordance with our data retention policy. A copy of this policy can be obtained by emailing [email protected]
In terms of personal data, we use for marketing, we will keep this data for as long as we are able to market to you and if you withdraw your consent or opt-out of marketing communications, we will keep your contact details only to ensure that we do not contact you again for marketing purposes.

Data subject’s rights
You have rights in respect of your personal data. We will need to confirm your identity before we can consider your request so, if you wish to exercise any of these rights, we will first need to confirm your identity before we can consider your request so please supply two forms of ID, one of which should be a passport or birth certificate, the other could be a driving licence or utility bill.
The right to be informed – you have the right to be told about the collection and use of the personal data you provide. This privacy policy sets out the purpose for which we process your personal data, how long we will keep your data, who we will share your data with. If you have any questions on how and why we process your data, please contact the DPO. If you want to know more about this right, the ICO has more guidance on their website, which you can access by clicking here.

Right of access – you have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website, which you can access by clicking here.
Right to rectification – you have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website, which you can access by clicking here.

Right to erasure – this right, often referred to as the right to be forgotten allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website, which you can access by clicking here.
Right to restrict processing – you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the DP at the contact details above. If you want to know more about this right, the ICO has more guidance on their website, which you can access by clicking here.
Right to object – you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.
Legitimate interests/legal task – your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.
Direct marketing – you have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.
Scientific/historical research and statistics – your objection should be based on your particular situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection.
If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website, which you can access by clicking here.

Processing based on consent
Where we process your personal data based on your consent you have the right to withdraw that consent at any time without reason. You can opt-out by using the unsubscribe/opt-out in any marketing we send you and you can contact us using the contact details above.

The right to lodge a complaint to the supervisory authority
If you are unhappy with any aspect of our handling of your data you can make a complaint to the Information Commissioner’s Office, by clicking here.

Cookies
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies on http://www.allaboutcookies.org/
We use cookies to identify you when you visit this website and to keep track of your browsing patterns and build up a demographic profile.
Our use of cookies also allows registered users to be presented with a personalised version of the site, carry out transactions and have access to information about their account.
Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, or look at the instruction on http://www.allaboutcookies.org/ Please note however that turning off cookies will restrict your use of our website.

What types of cookies do we use and how do we use them?
The specific types of first and third party cookies served through our Websites and the purposes they perform. For a list of the cookies used by Opal Wave, see this page. These cookies include:

Essential website cookies: These cookies are strictly necessary to provide you with services available through our Websites.
Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Website but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
Analytics and customisation cookies: These cookies collect information that is used either in aggregate form to help us understand how our Website is being used or how effective our marketing campaigns are, or to help us customise our Website for you.

Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our Website through third-party social networking and other websites. These cookies may also be used for advertising purposes too.
Third party websites
Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.
Changes to the privacy policy
This privacy policy is regularly reviewed and will be updated when necessary. If we make any significant changes to the policy we will communicate these to you.

Data Retention Policy

Opal Wave (Opal Wave Solutions Limited, 20 St Dunstan’s Hill, London EC3R 8HL.) will maintain and retain data based on the following points as outlined below.
• Customer financial and tax data for the purpose of compliance with tax regulations for the period specified by tax laws (the list of such laws and relevant provisions should be available).
• Newsletter and email marketing subscribers’ information, only until consent is withdrawn by using an “unsubscribe” functionality.
• Employee files and records for as long as required by relevant employment and social security and social protection laws (the list of such laws and relevant provisions should be available).
• Direct-marketing customer data for a period of 5 years, unless the customer objects/opts-out sooner or actively opts-in for the data to be used for a longer, defined period.
• Customers’ contract, service, or delivery data for as long as the contract is in force or services or products are provided, and for a specifically defined additional period if the customer registers for product support or such data are kept by the customer in his or her user profile (even then it is recommended to establish some predefined retention period upon which the data will be automatically deleted).
• Processing data necessary for the establishment, exercise or defense of legal claims, only if such claims can be clearly articulated and defined and until such claims are finally resolved or expire under relevant laws (the general periods under relevant laws, e.g. 10 years, for raising possible claims are by no means sufficient ground to keep all data for such period if there are no specific grounds to identify existing claims. In such cases organisations should conduct legal analysis, considering that some of the information may be retained anyway e.g. for compliance with tax regulations).

X