Privacy Policy

This privacy policy describes why and how Ortus Economic Research Ltd (referred to as “Ortus”, “we”, “us” or “our” in this policy) collects and uses personal data in connection with our services, including how and why we collect personal information about individuals, how we use it, how long we keep it for, and other relevant information.

 

About Ortus

Ortus is a specialist analysis and insight consultancy, based in Newcastle upon Tyne, which delivers research, evaluation and consultancy projects to clients in the public, private and third (charity) sectors. We are an employee-owned private limited company with no external shareholders. Most of our work is carried out in England, and we conduct some work in other parts of the UK, and overseas.

Ortus is a data controller, which means that we determine the processes for holding and using the personal data we collect about you. This data may be collected directly from you (e.g. through an interaction with our website), or shared with us by a third party (e.g. a client, such as a list of consultees).

Ortus is fully aware of our obligations under the General Data Protection Regulation (GDPR). We are committed to using your personal data securely and transparently. Whatever the reason is for holding information about you, it will be kept in accordance with this privacy policy. Where we collect information about you ourselves, we will always seek your explicit consent. Where personal data is shared with us by a third party, we will ensure that they have sought your explicit consent to share your data with us.

 

Data protection principles

In relation to your personal data, we will:

  • process it fairly, lawfully and in a clear, transparent way;
  • collect your data only for specified and specific purposes;
  • collect only the minimum information we need to meet the purpose;
  • use it only in the way that we have told you about;
  • ensure it is correct and up to date;
  • keep it for only as long as we need it; and
  • process it securely, reducing the risk of it being lost or stolen.

 

The personal data we collect

There are three main reasons we might collect and hold personal information about you:

  • Our current clients: if you are one of our current clients (in other words, if we are currently delivering a project for you), we will hold information you provide to us which is necessary to delivering that project, including your contact details and correspondence about the work we are undertaking.
  • Individuals we need to contact to undertake a project: if you are not a client but we need to contact you in order to carry out a project (e.g. if you are a consultee, or survey respondent) we may collect and hold information required to make contact with you, and we may collect and hold information you give us verbally, in writing, or through a survey. Sometimes we are given individuals’ contact information by a client (e.g. names are provided of those who should be interviewed) in which case we will ensure our client only gives us information about people who have consented.
  • News about our work: if you are a current or past client of ours and/or have asked us to keep you in touch with our work, we will use your contact information to keep in touch with you by email with news about our work.

Whatever the reason, the information we hold about you will be kept in accordance with this privacy policy, and where we collect information about you ourselves we will always seek your explicit consent.

 

Data we hold about our current clients

We collect contact information about our clients at the start of each project including personal information. We keep this, as well as details of correspondence such as tender documents, project initiation documents, invoices, project reports, etc. which may also contain personal information. We may keep such information for a minimum of 6 years to meet our company reporting obligations. Such information is securely destroyed when no longer necessary.

 

Data we need to deliver a project

As well as data we hold about current clients, other personal data we need in order to deliver a project may include details about individuals we need to invite to meetings, or whom we need to contact, or ask to complete a survey or questionnaire.

Sometimes we will approach individuals to request their participation in our project and collect their data, in which case we will seek your explicit consent to process your data. Often, we are given contact information by a client (e.g. a list of suggested consultees) in which case we always ensure our client only gives us information for which they have consent.

When we undertake online surveys we use a third-party online survey platform, SurveyMonkey. The personal data we collect and store through SurveyMonkey is governed by their own privacy terms [https://www.surveymonkey.com/mp/legal/privacy-policy/]. If we need to make a copy of the data collected by SurveyMonkey to keep on our own systems, we will anonymise such data, encrypt it, and/or protect it in some other way proportionate to the risks we perceive.

In some projects, we may also work with a third party survey provider (e.g. to deliver a large-scale telephone survey on our behalf) who may collect personal data about you. In such cases, a sub-contractor agreement would be in place to confirm that they are dealing with your personal data legally.

We use your personal data for genuine research, evaluation and consultancy purposes, including analysing data and writing reports for our clients. As soon as possible, we will anonymise your data by removing anything that could identify you. We usually report research findings in an anonymised (it will not be possible to identify you) and aggregated (which means mixed in with the views of many other people) format.

We always explain how your data will be used at the time we invite you to take part in the research, including confirming that the research is anonymous or confidential. In most cases our client will not know who took part in the research. On some occasions, we may ask for your permission to identify you to our client, but we will explain why we want to do this and we will only identify you with your permission.

If we want to re-contact you for a specific purpose at a later date, we always ask your permission at the time you take part in the research, and will only contact you for that purpose.

Access to your personal data is strictly controlled and limited to Ortus employees on a need to know basis.

The legal basis for processing this information is our legitimate interest where the use of personal data is necessary to fulfil a legitimate research or consultancy project. We are committed to request only the minimum personal information required for the task we are undertaking. This type of data is held no longer than necessary or is destroyed as soon as a subject asks for it to be removed.

 

Data we hold to provide news emails about our work

We collect and hold personal information in order to send news emails about our work to our clients, former clients, individuals who have opted in to receive our news emails and other individuals we have met personally. Our news emails are sent via a third-party provider, Mailchimp.  The personal information we require to send news emails is stored by Mailchimp under their own privacy terms [https://mailchimp.com/legal/privacy/].

Every news email we send includes clear instructions on how to unsubscribe.  Alternatively you can send a request to be removed from the news email list to info@ortuser.co.uk or to Ortus Economic Research Ltd, 10 Heathfield Place, Newcastle upon Tyne, NE3 5QT.

 

Protecting your personal data

We have a number of data security safeguards to ensure the data we hold is secure. Where appropriate, data is encrypted or protected by other means.  In particular, data files with large volumes of personal data and/or sensitive data are encrypted or otherwise protected against access except by those explicitly authorised.

 

Sharing your personal data

As your personal data is stored on our IT infrastructure, it is shared with our suppliers who provide email and document management and storage services to us. As such, it may be transferred and stored securely outside the European Economic Area. Where that is the case, the suppliers are signatories to the US-EU Privacy Shield.

We do not share personal information about you with other third party organisations without your explicit consent. For example if we collect data from you as part of a project for a local authority, we will not pass your information to that local authority without your permission. If we are working with a subcontractor or partner, we will not pass your information to them without your consent.

The only exception to this is where we are under a duty to disclose or share your personal data in order to comply with any legal obligation.

We never share your information with third parties for marketing purposes.

Our website includes links to websites owned by other organisations.  If you follow these links, those other organisations may collect information in accordance with their own privacy policies which are beyond our control and not covered by our privacy policy.

 

Your rights in relation to your data

The law on data protection gives you certain rights in relation to the data we hold on you:

  • The right to access the personal data we hold on you.
  • The right to correct and update the personal data we hold on you.
  • The right to have your personal data erased.
  • The right to object to processing of your personal data.
  • The right to data portability (the right to obtain the data we hold on you and use it for your own purposes).
  • The right to object to the processing of personal data where applicable.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases we may continue to use the data where so permitted by having a legitimate reason for doing so.

Further information on your rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk/

If you wish to exercise any of the rights explained above, please contact us at info@ortuser.co.uk or at Ortus Economic Research Ltd, 10 Heathfield Place, Newcastle upon Tyne, NE3 5QT. We will respond to your request within legal time limits and in line with current data protection legislation. Normally, we will not charge for the fulfilment of your rights and would only do so when legally entitled to.

 

How to contact us

You can contact us to fulfil any of your rights under GDPR either via email, by phone or in writing as follows.

Any questions regarding this privacy policy and our privacy practices, and any request to exercise your rights in relation to the personal data we hold on you, should be sent by email to info@ortuser.co.uk or in writing to Ortus Economic Research Ltd, 10 Heathfield Place, Newcastle upon Tyne, NE3 5QT.

 

How to complain

We strive to meet the highest standards when collecting and using personal information. Complaints are taken very seriously, and data subjects are encouraged to bring any issues to our attention. If you want to complain about our use of personal data, please send the details of your complaint by email to to info@ortuser.co.uk or in writing to Ortus Economic Research Ltd, 10 Heathfield Place, Newcastle upon Tyne, NE3 5QT.  We will investigate and respond to any complaints we receive.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with the way Ortus processes your personal data.  You can contact the Information Commissioner’s Office through their website (https://ico.org.uk/), by telephone (0303 123 1113), or by writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

 

 

This privacy statement was last updated on 25 May 2018.