Opsis Consulting GDPR Privacy Policy

Effective Date: 1st November 2024
Last Updated: 1st November 2024
Opsis Consulting is committed to protecting the privacy of individuals who engage with us. This GDPR Privacy Policy outlines how we collect, process, store, and protect personal data when conducting training and development activities, including the use of online questionnaires and leadership reports.
1. Purpose of Data Collection
We collect personal data to support the development of our delegates. This includes processing data from individual leadership 360 reports, which allows us to help delegates create personalised development plans, assess outcomes, and tailor recommendations.
2. Personal Data We Collect
In providing training and development services, we may collect the following types of personal data:
• Full name
• Contact information (e.g., email, phone number)
• Job title and employer
• Responses to online questionnaires
• Results from individual leadership reports, including performance feedback, strengths,
development areas, and other relevant leadership metrics
• Photographs of training exercise outputs/attendees
3. Lawful Basis for Processing
We process personal data on the lawful basis of legitimate interest and, where necessary, consent. When you participate in our programs and leadership assessments, this implies consent for us to process your data for the purposes stated in this policy.
4. How We Use Personal Data
We use your data for the following purposes:
• Individual Development: To create personalised feedback and development recommendations based on leadership 360 reports and questionnaire data.
• Customised Recommendations: To tailor our program suggestions to your specific leadership and development needs.
• Internal Research: To refine our service offerings and training materials.
We do not use personal data for purposes other than those outlined in this policy, nor do we sell, trade, or rent your data to third parties.
5. Data Retention Period
We retain personal data, including leadership 360 reports, for five years from the date of collection. After this period, all identifiable personal data will be securely deleted or anonymised, ensuring no residual personal information remains.
6. Your Rights Under GDPR
As an EU data subject, you have the following rights:
• Right to Access: Request access to your data and obtain information on how it is used.
• Right to Rectification: Correct inaccurate personal data.
• Right to Erasure: Request deletion of your data after the retention period or sooner if you withdraw consent.
• Right to Object: Object to the processing of your data.
• Right to Data Portability: Receive your data in a commonly used, machine-readable format.
To exercise any of these rights, please contact david.williams@opsisconsulting.com.
7. Data Security Measures
We take data security seriously. Personal data, including leadership 360 reports, is securely stored with limited access only to those who need it. We regularly review our security protocols to prevent unauthorised access, loss, or misuse of data.
8. Data Breach Protocol
In the event of a data breach, we will promptly assess its impact and notify the relevant supervisory authorities and affected individuals within 72 hours if there is a risk to individual rights and freedoms.

9. Contact Information
If you have questions about this policy or your data, please contact our Data Protection Officer (DPO) at:
Data Protection Officer

David Williams
Opsis Consulting
david.williams@opsisconsulting.com
+447525363961

10. Policy Updates
This policy may be updated periodically to reflect changes in our data processing practices or legal requirements. Please review this page periodically for any updates.

Opsis Consulting is dedicated to GDPR compliance, data protection, and respecting your rights.