top of page

Privacy Policy

Privacy Policy

Privacy Policy

At RM Sustainability Consulting, we care about your privacy. That’s why we only collect personal data if we have a good reason to do so. That’s also why we want to communicate transparently what we do with your personal data.

This Privacy Policy explains the types of information we may collect from you or that you may provide when using our Services. This Privacy Policy also describes RM Sustainability Consulting’s practices for collecting, using, maintaining and processing information.

For the purposes of European Economic Area data protection law (the “Data Protection Law“), the data controller of the data processed through the Services is the Customer who makes available and grants access and use of the Services to anyone on its behalf. For data retained through the website or data processed not through the Services (i.e. contact details of potential customers or resumes sent to us from potential employees for the purpose of engagement with RM Sustainability Consulting), we are the controller (the “Controller”).

 

If you are an employee of a Customer that uses the Services, this privacy policy does not apply to you or your use of the Services. Please refer to your employer’s privacy policy, which applies to the collection, use, processing and retention of your personal information. Individual employees of our Customers who seek access to their data, or who seek to correct, amend, or delete inaccurate data should direct their requests to their employers who are using the Services. Our customers are able to remove and update personal information and data without our involvement.
 

RM Sustainability Consulting is a sustainability consulting service.

The company behind RM Sustainability Consulting is a Legal company.

 

Our registered company number is 14897391, and our registered office is in Warrington, Cheshire. 

 

Our VAT number is 443 3279 96.

For ease of reference, we will further refer to ourselves using “we'', “us”, “our” or “RM Sustainability Consulting ”. “You”, “your” or “yours” means the organisation/individual using the Services. 

 

You can reach us at admin@rodicamurphy.com

 

Which personal data do we collect and why?

If you just visit our website, we will collect personal data. We will only collect personal data in the following instances:

  • If you ask us a question using a contact form or email;

  • If you request access to our Services;

  • If you sign up to use our Services;

  • If you subscribe to our newsletter;

  • If you apply for a job with us.


Below you can find what type of personal data we collect, what we use it for and how long we will keep it: 

  1. Your first and last name, Your address & Your company details if B2B


We cannot be sure to address you correctly if we don’t know who you are, and if you enter into a contract with us we will need to make sure we know who we are dealing with. We will keep this information in our customer database for as long as you do not object to us keeping it. You can always let us know if you no longer want us to keep this information.

Please do note that for as long as we have an ongoing contract we cannot remove this information from our databases as we will need it to execute the contract. And even after our contract has ended, we may be under a legal obligation to hold on to some of this information for a bit longer. For example: under accounting legislation, we must keep copies of our invoices which may mention your name or address.

 

  2. Phone number and email address

This is so we can easily contact you. In principle, we will never contact you unless it is to answer a question, if we are working on an assignment for you or if you have applied for a job with us.

We may also use your email address to send you our newsletter. We do not want to spam you and we understand if you would rather not receive newsletters. If that is the case, you can always let us know, or you can unsubscribe from our mailing list using the link you can find at the bottom of each newsletter.

As is the case for your name and address, we will keep your email address and phone number in our customer or candidate database for as long as you do not object to us keeping it. If you no longer want us to keep this information, you can also always let us know.

Please do note that for as long as we have an ongoing contract, we are not able to remove this information from our databases as we will need it to execute the contract. And even after our contract has ended, we may be under a legal obligation to hold on to some of this information for a bit longer. For example: under accounting legislation, we must keep copies of our invoices which may mention your email address.


  3. Information provided during job applications

 

If you apply for a position with us, you will provide us with personal data in your CV (such as: your grades, which schools you went to, previous jobs, etc.).

We will save the contact details and CV of every job applicant in our candidate database and may contact you in the future regarding job openings that may be of interest to you. Of course, we will delete all this information from our candidate database if you don’t like us holding on to it. Just let us know at admin@rodicamurphy.com

  4. Payment Information
 

Information related to your credit card, debit card, and/or other payment information to process payments in connection with your orders.

 

  5. Inferences

 

We may create inferences drawn from the categories of personal information described above in order to create a profile about you to reflect your preferences, characteristics, behaviour and attitudes. We use this information to personalise and improve our services to better understand the interests, to preferences of our key customer audiences, and to provide advertisements about goods and services likely to be of interest to you.

 

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. 

IF YOU FAIL TO PROVIDE PERSONAL DATA 

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time. 

We use different methods to collect data from and about you including through: 

  • Direct interactions. You may give us your [Identity, Contact and Financial Data] by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

  • apply for our products or services; 

  • create an account on our website; 

  • subscribe to our service or publications; 

  • request marketing to be sent to you; 

  • enter a competition, promotion or survey; or 

  • give us feedback or contact us. 

  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies[, server logs] and other similar technologies. [We may also receive Technical Data about you if you visit other websites employing our cookies.] Please see our cookie policy for further details. 

Your Enquiries

If you contact us about our services, the emails you send may include information about you, such as your name, address, age, gender, email address and your enquiry. We use this information to carry out the following:

  • In line with the legitimate interest we have in promoting our business, we will process your enquiries to provide you with information about the services we offer.

  • This might include replying to your enquiry, or sending you invites to our events.

  • We use HubSpot CRM to process your email address and information supplied by you in the course of an enquiry through the website, and to send you invitations and marketing materials. You can find out more about how they process personal data here: https://legal.hubspot.com/privacy-policy

  • We may also process enquiries to take steps you ask of us with a view to entering into an agreement to provide you with our services.

  • You are under no obligation to provide us with any details, but if you don’t provide all relevant information, we may not be able to help.

Marketing

We might use your information to send you marketing emails, in accordance with our legitimate interests, about our services or events which are similar or related to those which you have previously received (or attended, in the case of events).


We may also disclose your name and contact information to our relevant affiliates who provide the same services, to enable them to market their services and/or events to you.


If you would like to be removed from this mailing list, please contact us at rodica@esgmarketing.co.uk or click unsubscribe at the bottom of each marketing email.

All Content You Submit To Us

If you send us objectionable content or otherwise behave in a disruptive manner when using our website, we may process personal data included in your messages to respond to and stop such behaviour.

Our website uses cookies and other mechanisms to collect log and analytical information, such as your internet protocol (IP) address, to help analyse how visitors use the site and to compile statistical reports on website activity.

We process this information to understand how visitors use our website and to compile statistical reports regarding that activity (for example your IP address is used to approximate the country from which you access our website, and we aggregate this information together, so we know that, for example, most of the visitors to our website come from a certain country/area).


This processing is necessary for us to pursue our legitimate interests in improving our website, by enhancing the user experience and making the website as personal and relevant as possible. Cookie preferences can be changed via our website, however, disabling certain cookies may prevent you from taking full advantage of our services, and the functionality of the website may be limited. Please review our cookie policy for more information.


This information is not used to develop a personal profile of you. All such information is aggregated and stored anonymously.

Your personal data on our website is used and shared by our office in the UK. We keep your information confidential but may share it with our shareholders, affiliates and business partners. Whenever we transfer your personal data outside of the European Economic Area (EEA) we ensure that we have standard contractual clauses in place as a safeguard for this transaction.


We may also disclose it to our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this privacy policy, provided that they do not make independent use of the information and have agreed to adhere to the rules set out in this privacy statement.


In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).


If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the information we hold may be included as part of that sale, in which case you may be notified, as appropriate, via email and/or a notice on the website of any changes in ownership or use of your information, as any choices you may have regarding that information.


Except as provided above, we will not provide your information to third parties.

You have the right to: 

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. 

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 

    • If you want us to establish the data's accuracy. 

    • Where our use of the data is unlawful but you do not want us to erase it. 

    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. 

    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. 

  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

We will never sell your personal data to another party!

We do use the services of the following external data processors:

 

 

We have entered into a data processing agreement with each of these external data processors which obliges them to only process your personal data based on our instructions and in compliance with this Privacy Policy. 

These data processors will also have to take sufficient precautions to prevent the loss of your data. Some of these external data processors may be based in the United States and have certified their compliance with the EU-US Privacy Shield Framework, which means they will respect comparable data protection standards as those that apply in Europe.

 

You should know that in the following exceptional circumstances, your data could also be shared with others:

 

  • If we are under a legal obligation to share data with the authorities or if we have to share data to comply with an enforceable government request, we don’t have much of a choice and we will share the data the authorities ask for, which may include yours.

  • If another company decides to buy the shares of our company or decides to buy RM Sustainability Consulting from us, we will of course have to transfer your data to that company. That company will then take over all obligations under this Privacy Policy.

 

We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy policy and the General Data Protection Regulation (GDPR), and we have the necessary legal contract in place to fulfil these services.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We may change this Privacy Policy from time to time. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

International Transfers

Where we transfer your data outside of the EEA, we have agreements in place with those parties which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission to ensure that appropriate safeguards are in place to protect your personal data. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK. 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

In general, we store your data for 5 years as of the most recent update in our systems.

bottom of page