GDPR POLICY
Designing Transformation. Driven By Vision.
At NeXT STATE, we facilitate meaningful business transformation by seamlessly integrating people, processes, and technology. Our approach helps organizations leverage technology effectively to unlock human potential, encourage innovation, and succeed in a constantly changing environment. We concentrate on enabling businesses to be agile, resilient, and prepared for the future through the right blend of strategy and technology.
What does this Policy cover?
NeXT STATE takes the processing and security of your personal data seriously.
This policy, therefore:
Sets out the types of personal data that we collect about you and your organization;
Explains how and why we collect and use your personal data;
Explains how long we keep your personal data for;
Explains when, why and with who we will share your personal data;
Sets out the legal basis we have for using your personal data;
Explains the effect of refusing to provide the personal data requested;
Explains the different rights and choices you have when it comes to your personal data; and
Explains how we may contact you and how you can contact us.
What personal data do we collect about you?
We collect the information necessary and needed to deliver the NeXT STATE transformation services, which typically involve helping NeXT STATE to understand your organizations business context and strategic intent so we understand your past journey of change, your current state and understand your aspired future state.
This information typically includes:
Contact details, such as name, email address, postal address and telephone numbers, strategy and business planning documents, technology and functional specifications; and strategic messaging and other associated communications transmitted via email and marketing collateral.
We may also collect sensitive private data about your organization if you have explicitly shared it with us. We only collect sensitive private data from you, and further process this data, where you have given your explicit consent.
If you do not wish to disclose your organizations’ private information, we will be unable to provide you with the services we offer since strategic and business planning and other similar private information is necessary to provide the NeXT STATE transformation services.
Where do we collect personal data about you from?
We typically obtain your data from the following different sources (although this is not an exhaustive list):
Directly from you (such as a website registration form or meeting interview).
Social Media – such as LinkedIn.
Public domain – such as trade/business press, company websites.
From an agent/third party acting on your behalf.
Notes following a conversation, meeting, call or video conference.
Our website.
By reference or word of mouth – you may be recommended by a friend, a former colleague or former current/former vendor.
Where you are a client and we have obtained your personal data from a third party, it is our policy to advise you of the source when we first communicate with you or within 30 days.
How and why we use your personal data?
The processing of your personal data may include:
Collecting and storing your private organization and personal data in a physical and electronic format.
Notifying you of new services, product solutions or relevant client case studies.
Assessing you and your organization and reviewing your suitability for the NeXT STATE value proposition.
Engaging you for a client reference.
Sending information to third parties with whom we have entered into a contractual arrangement which is related to our strategic change service.
Providing information to regulatory authorities or statutory bodies and our legal or other professional advisors including insurers.
To market our strategic change service and send you information on research, promotions, events and other relevant information or market trends.
To retain a record of our dealings.
Establish quality, training and compliance and best practice.
We will initially collect basic information on you and your organization such as contact details, job role, experience and summary desktop organization information under a legitimate business interest policy and will only then process and share more detailed information to third parties (our contracted associates) with your consent. Please be assured that we do not sell your information to third parties or use the information for purposes that are incompatible with any of those described in this notice.
How long do we keep your personal data for?
We will retain information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the strategic change services or to comply with applicable legal, tax, or accounting requirements).
When we have no on-going legitimate business need to process your personal information, we will delete it.
Typically we will keep personal and private organization data for 5 years with no client contact.
Who do we share your personal data with?
Your personal and private organization data is shared with our contracted associate community or strategic partners who might be directly involved in providing the strategic change services.
What legal basis do we have for using your information?
We will normally collect personal and private organization information from you where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, in connection with the strategic change service, we typically rely on our legitimate interests to process personal information for our research and advisory activities and where permitted by law, certain marketing activities).
When required by law, we will collect personal information only where we have your consent to do so (for example, if we need to collect and process any sensitive personal information about you and your organization). In some limited cases, it may be necessary for us to process personal and private organization information and, where appropriate and in accordance with local laws and requirements, sensitive information, in connection with exercising or defending legal claims (for example, where we are required by law to preserve or disclose certain information as part of the legal process).
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal and private organization data necessary or withdraw your consent for the processing of your personal and private organization data, this will limit our ability to consider you in connection with the services we offer.
Do we make automated decisions concerning you?
No, we do not carry out automated profiling.
Do we use Cookies to collect personal data on you?
To provide better service to you on our websites, we use cookies to collect your personal data when you browse.
Use of Cookies
Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website. We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever. You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information, please read the advice at AboutCookies.org.
Do we transfer your data outside the EEA?
No. We do not transfer personal data outside the EEA.
Your Data Protection Rights
You have the following data protection rights:
If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the contact us section of our website. When asked to remove a record from our database, we will retain minimal personal and private organisation information in order to prevent future contact, to keep a record of the information disclosed to our clients, associated and partners, and to preserve NeXT STATE’s interests in accordance with any applicable legal requirements.
In addition, if you are a resident of the European Economic Area, you can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided.
Similarly, if we have collected and processed your personal or private organization information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal or private organization information conducted in reliance on lawful processing grounds other than consent. If you withdraw your consent, you will not be able to be able to receive NeXT STATE strategic change service.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area are available here. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
How will we contact you?
We may contact you by phone, email or social media. If you prefer a particular contact means to another please just let us know.
How can you contact us?