PMcG Consulting has responsibility under data protection law (European General Data Protection Regulation (GDPR, May 2018)) to provide individuals with information about how we process their personal data. In this policy we will provide you with information that is common to all our processing activities, as well as explaining what rights you have to control how we use your information and how to inform us about your wishes.
By using our services on or after the effective date above, you will be accepting this policy.
When we need to let you know about additional privacy information not contained in this policy we will let you know at the point that we collect the relevant personal data from you, or within a reasonable period of obtaining your personal data if we get it from someone other than you.
Data Protection Principles
PMcG Consulting takes your privacy very seriously and has therefore adopted the following principles to govern our use, collection and disclosure of your personal data.
Your personal data will:
- be processed fairly and lawfully and to the extent required under local law with valid and informed consent;
- be obtained for specific and lawful purposes;
- be kept accurate and up to date;
- be adequate, relevant and not excessive in relation to the purposes for which it is used;
- not be kept for longer than is necessary for the purposes for which it is used;
- be processed in accordance with the rights of individuals;
- be kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
- not be transferred to, or accessed from, another jurisdiction where these core principles cannot be met unless it is adequately protected.
What we collect:
We may collect the following information:
- Name and job title
- Contact information including email address
- Demographic information such as postal code, preferences and interests
- Company names and job titles.
- Credit card information (we do not keep this data)
Links To Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling Your Personal Information
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us.
Lawful Basis For Processing Your Personal Data
We are only allowed to use your personal data if we have a proper reason to do so.
We will collect your data for the following reasons:
- You have given us permission to do so: In specific situations, we can collect and process your data with your consent – e.g. when you sign up to receive email or postal communication from us. When collecting your personal data, we’ll always make clear to you which data is necessary.
- We need to perform a contract for you: In some instances, we need to process your personal data to comply with our contractual obligations with you. For example, if you ask to attend an event and let us know about special dietary requirements, we need your contact details to update you about the event arrangements and to let you know of any changes, and we will also need to pass some of your personal data on to our caterer.
- We need to comply with a legal obligation: We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting us, we need to pass details, which could include personal data, to law enforcement.
- It is in our legitimate interest: We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your event attendance history to offer more personalised event offers. We can only use this lawful basis if our legitimate interests do not override your individual interests, rights and freedoms.
- Internal record keeping purposes.
- To improve our products and services.
- Periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for our own market research purposes. We may contact you by email, phone or e-mail.
- To customise the website and our events according to your interests.
You have rights over your personal data. Under data protection law:
We have to inform you about the collection and use of your personal data, including our purposes for processing your personal data, how long we will keep your data and who we will share your data with (known as the right to be informed);
- You can ask whether we are processing your personal data and if so, ask for a copy of your information (known as the right of access);
- You can ask for information to be corrected (known as the right to rectification);
- You can ask for information to be erased or deleted (known as the right of erasure);
- You can ask for us to limit or restrict processing (known as the right to restrict processing);
- You can ask us to send you a copy in a structured digital format or ask for us to send it to another party (known as the right to data portability);
- You can object to us processing your data, in particular where we use the data for our own direct marketing, including profiling for direct marketing purposes. The right to object does not apply if we must process the data to meet a contractual or legal requirement (known as the right to object);
- You have the right not to be subject to a potentially damaging decision being taken without human intervention (known as rights related to automated decision making and profiling).
Some rights, however, may be limited. We may be obliged by law or regulation to keep information. We must respect other people’s privacy as well, which means we may need to redact or remove information where it includes personal data about someone else, even if it is connected to your data. On occasion there may be a compelling legitimate interest to keep processing data.
If you want a copy of your data, to object to how we use your data, or ask us to delete it or restrict how we use it or, please see ‘Getting in touch’ below.
You also have a right to complain to a data protection authority. This can be where you live, work or where the matter occurred. In the UK, the authority is the Information Commissioner’s Office.
How Long Do We Keep Your Personal Data?
We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised. We may also aggregate your personal data with other data to use for our own business planning and analysis.
Who Will We Share Your Data With?
At times we need to share your personal data with trusted third parties e.g. delivery couriers, IT companies, credit card processing services and so on. We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for. Your data is deleted or rendered anonymous if we stop working with the third party.
Sharing your data with third parties for their own purposes
We will never sell or trade your contact details with any third parties without you giving us your express consent to do so e.g. if you ask to attend an event which is being run explicitly as a joint event with a third-party.
There are some instances where we may have to share your information based on our legal obligations, for instance:
- Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
- When you exercise your rights under data protection legislation, including when you ask to subscribe or unsubscribe from our marketing communications.
Where Do We Store Yojur Personal Data?
Your personal data will be stored in Canada in accordance with the European General Data Protection Regulation (GDPR, May 2018) This data includes data stored in physical format at our sites and in digital format in our own and our service providers systems.
Cookies and Similar Technology
We may use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Getting In Touch
Pauline McGregor is responsible for overseeing and monitoring our compliance with data protection laws and this policy.
If you want to make a request in line with your rights, you have any concerns regarding the way in which we are processing your personal data, or you just have a question relating to our processing of your personal data, please contact us by email at or write to us at: PMcGConsulting, 221 Ross Lane, Oakville, Ontario, Canada
Effective date: May 27th, 2018