new experience privacy statement, last updated May 2018
Data security and protection
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
new experience limited is registered at 26 Flanchford Road, London W12 9ND and we are registered with the ICO with registration number Z1725686.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Clients and prospects
When you have contact with us by email, phone, website or face-to-face meeting to discuss actual or potential projects we collect information about you so that we can provide you with a proposal or other details that you request, or suggest other research services to you. The personal data we collect may include your name, job title, phone number, email address, and company name and address.
We will not supply your personal information to anyone outside of new experience without your express permission and we will not use your data for any purpose other than to offer you research services or send out periodic updates.
We will retain your personal data until we no longer have any legitimate reason to contact you or until you ask for it to be removed.
When you agree to take part in research you will provide us with your consent which will form the lawful basis under General Data Protection Regulation for capturing, storing and processing your personal data in text, photo, audio and video format.
We will store this data in raw format, identified by your first name but not surname, only for as long as is required to process and analyse the data for the purposes of the research, and in any case for no longer than 3 years. Subsequent to capture and processing we will store your data only on secure servers hosted in the EEA or on encrypted hard-drives locked in a secure location. We may also share this raw data with our client who has provided their assurances that they will treat it in the same secure manner and who will also delete it within the same 3 year period. This does not preclude your right at any subsequent time to request that your data be deleted under the right to be forgotten. We will not share the data with any third parties, except with your explicit permission.
In processing the data we will create a findings report where we may wish to reproduce verbatim comments you have made, as well as photos, audio or video clips, with the sole purpose of illustrating and explaining our findings. We will identify you by your first name only. The report will only be shared only with our client and will not be shared with any third parties, except with your explicit permission. We and our client will retain the completed report for as long as it provides valuable business information to the organisation, which means any of your personal data included within the completed report may be retained for an indeterminable period. This does not preclude your right at any subsequent time to request that your data be deleted under the right to be forgotten.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here
• the right to be informed
• the right of access
• the right to rectification
• the right to erasure
• the right to restrict processing
• the right to data portability
• the right to object and
• the right not to be subject to automated decision-making including profiling.
To access your data, request amendments or to withdraw your consent. please contact firstname.lastname@example.org. We will respond to your request as soon as is reasonably possible, within 4 weeks. There is no charge for dealing with a reasonable request. You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data. We handle subject access requests in accordance with the GDPR.