Privacy Policy

This privacy notice for Digitopia Global Consulting Limited (doing business as Digitopia)

(“Digitopia,” “we,” “us,” or “our”), describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services.

(“Services”), such as when you:

  • Visit our website at https://digitopia.co/, or our Impact Platform at impact.digitopia.co or any website of ours that links to this privacy notice
  • Engage with us in other related ways, including any sales, marketing.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

Purpose

Digitopia gathers and processes personal information in accordance with this privacy policy and in compliance with the relevant data protection laws and regulations. This notice summarises what personal information we may collect and how we may use your information. Digitopia’s commitment to data privacy reflects the value we place on earning and retaining the trust of our clients, partners, suppliers and others who share their personal data with us.

Definitions

A “Data Subject” is a living individual who can be identified from the personal data or from additional information held or obtained. This can include a potential or existing client, supplier or partner.

Personal Data” (“PD”) or “Personally identifiable information (PII) is any information that relates to an identifiable person (or “Data Subject”) and that can be used to identify the person directly, or indirectly when used with other information. It includes, but is not limited to:

  • A person’s name
  • Job title
  • Age
  • Postal or email address
  • IP address, e.g. online identifier
  • Vehicle registration number
  • Bank details

There are “Special Categories” of personal data and these include but are not limited to data revealing:

  • Race or ethnicity
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual orientation
  • Genetic or biometric data

Processing” relates to all actions or handling of personal data by manual or automated means, e.g. data collection, erasure and destruction plus everything in between including recording, use, disclosure, sharing and storage.

A “Data Controller” is an individual or organisation who:

  • decides to collect or process personal data;
  • decides what the purpose or outcome of processing is to be;
  • decides what personal data should be collected;
  • decides which individuals to collect personal data about;
  • whose data subjects are potential and existing clients, suppliers and partners of Digitopia; and
  • has a direct relationship with the data subjects.

Digitopia is considered a Data Controller when it processes client, supplier and partner personal data.

Data Protection Principles

Digitopia is committed to comply with the principles of data protection enumerated in the GDPR and other data protection regulations. Digitopia will make every effort possible to comply with these principles. Personal data must:

  1. be processed lawfully, fairly and in a transparent manner (Lawful, fair and transparent);
  2. be obtained only for a specific, lawful purpose (Purpose limitation);
  3. be adequate, relevant and limited to what is necessary (Data minimisation);
  4. be accurate and, where necessary, kept up to date (Accuracy);
  5. not be held for any longer than necessary (Storage limitation); and

be protected and safeguarded in appropriate ways (Integrity, confidentiality and security).

Client, Supplier and Partner Personal Data

As a Data Controller, Digitopia collects personal data for the sole purpose of contacting and maintaining relationships with its clients, suppliers and partners. The personal data mainly consists of contact details for prospective and existing clients. The type of personal data that is retained includes the following:

  • Contact information such as your name, company name, job title, and address
  • Email address
  • Contact or phone number
  • CCTV (any visitors who have entered Digitopia offices)

Legal Basis for Processing Client, Supplier and Partner Personal Data

Digitopia processes personal data fairly and lawfully, the data that is processed is done transparently and with consent when applicable, this generally means that Digitopia will not process personal data without consent. In the event a lawful basis cannot be determined for data collection, the data should not be collected or processed.

How Digitopia collects client, supplier, and partner personal data:

  1. The data provided to Digitopia by clients, suppliers and partners – Digitopia will collect this data in a number of ways for example contact through the website, post, telephone, email and any other means.
  2. The data is collected automatically – this can be done when Digitopia engages with clients via electronic means.
  3. For the purposes of marketing, Digitopia also buys contact details. The personal data obtained is under lawful basis as it is in the interest of third parties to know about Digitopia’s product offerings and services.

How We Use Client, Supplier and Partner Personal Data

Digitopia may use client, supplier and partner personal data to:

  • Develop and manage our relationship with potential and existing clients, suppliers and partners. This may include (i) delivering services or carrying out work that a client, supplier or partner has requested or that we are contractually obligated to do so and (ii) providing information about Digitopia product offerings and services that may be of interest to them
  • Communicate with potential and existing clients, suppliers and partners. This may include (i) informing our clients or partners of Digitopia product offerings and services that may be of interest to them; (ii) providing information about relevant Digitopia products or services, including, for example, pricing information, invoices, shipping or production information; and (iii) responding to questions or inquiries from our clients, suppliers or partners.

Digitopia may also use client, supplier and partner personal data for other uses consistent with the context in which the information was collected or with your consent.

Digitopia may anonymize or aggregate any of the information we collect and use it for any purpose, including for research and product development purposes. Such information will not individually identify any of our clients, suppliers or partners.

Sharing and Transferring Personal Data

Digitopia will only disclose information about its clients, suppliers and partners to third parties if we are legally obliged to do so or where we need to comply with our contractual agreements to our clients. Where we have the requirement to use an intermediary, Digitopia will ensure that they are fully compliant with GDPR (or equivalent based on jurisdiction) before engaging with them.

Digitopia may also share any personal data with third parties or service providers that we use or hire to support our business. These third parties are required to use the personal data we share with them only to perform services on our behalf and to treat client, supplier and partner personal data in compliance with all applicable privacy and data protection laws.

The information Digitopia has on its clients, suppliers and partners will not be kept longer than it is needed and Digitopia will take all reasonable steps to delete information when it is no longer required.

Data Retention

Digitopia will store client, supplier and partner personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Safeguarding Measures

Digitopia takes privacy seriously and takes every reasonable measure and precaution to protect and secure client, supplier and partner personal data from unauthorised access, alteration, disclosure or destruction.

Data Subject Rights

Data Subjects have a number of rights in relation to the personal data that we hold. These rights include:

  1. The right to be informed – to know what information is being processed about the data subject.
  2. The right of access – to check what data is being held about the data subject.
  3. The right to rectification – gives the data subject the right to correct errors in the information that is held.
  4. The right to erasure – under certain circumstances the employee can ask for their personal data to be permanently erased. This is ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or the data subject’s consent for the processing of that data has been withdrawn.
  5. The right to restrict processing – the data subject can stop or halt the processing of their information if they deem it’s being used illegally or the data is not correct.
  6. The right to object – the data subject can object to information being used if it is not being used in the manner for which it was collected, e,g.: profiting, automation, marketing.
  7. Rights in relation to automated decision making and profiling – Digitopia must respect the rights of individuals in relation to automated decision making and profiling.
  8. Right to data portability – Digitopia must provide individuals with their data so that they can reuse it for their own purposes or across different services. Digitopia must provide it in a commonly used, machine-readable format.

If a data subject has provided consent for the processing of PII, they have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before their consent was withdrawn. For any complaints, requests or queries, data subjects should contact [email protected].