Introduction

This Privacy Policy highlights how Overland Odyssey uses and safeguards the personal data of our clients, in accordance with the General Data Protection Regulation (GDPR) which we are obliged to store and process in order to operate our business effectively for clients and contractors.

GDPR Definitions

The GDPR applies to ‘controllers’ and ‘processors’. A controller determines the purposes and means of processing personal data.

Personal Data – any information relating to an  identified or identifiable natural person (‘data  subject’) who can be directly or indirectly identified  by reference to an identifier. Overland Odyssey processes data including names, email and postal addresses, business contact details, telephone/mobile numbers and (where applicable) financial data for payments such as VAT registration and bank details. 

Sensitive Personal Data & Special Categories of  Personal Data – including information relating to an individual’s race, ethnic origin, politics, religion,  trade union membership, genetics, biometrics (where used for ID purposes), health, or sexual  orientation. Overland Odyssey does not hold this information of staff, clients or contractors.

Processing – any operation or set of operations which is performed on personal data whether or not by automated means, including: collecting,  recording, storing, organising, disclosing, erasing  and destroying.  

Data Controller – determines the purposes and means of processing personal data. Overland Odyssey is a data controller. We control how personal data is processed and for what purpose(s).

Data Processor – is responsible for processing personal data on behalf of a controller (excluding the data controller’s own employees).

Why we process personal data 

In order for us to carry out our surveying,  project management, principal designer and equipment sourcing duties effectively and to the advantage of our clients, we are required to maintain records of client personal data and processing activities.

We hold personal data in order to: 

• Maintain contact and communication with our clients and contractors during the course of a project 

• Maintain our own records and accounts

• Notify you of applicable news and events related to our business 

• To purchase goods, materials and services from our suppliers/sub-contractors for the purposes of client projects and/or contracts

In some instances and only if required, we may request and process sensitive personal data. In this case, we are required to obtain the data subject’s written consent and describe the reasons why we need this sensitive personal data and how we will use the data.

Lawful basis for processing personal data 

Our lawful basis for processing your personal data  is where: 

Processing is required to carry out a contract where the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

This includes where we have a contract with the individual/client and we need to process their personal data to comply with our obligations under the contract and; Where we haven’t yet got a contract with the individual, but they have asked us to do something  prior to that (e.g. provide a quote) and we need to process their personal data to fulfil that request. 

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

This includes contact details of clients, consultants and suppliers for projects and marketing purposes, and; Data used for the purposes of purchasing goods and services for the legitimate running of the business.

Sharing of personal data 

Personal data will be treated as strictly confidential and will be shared only with our staff and project consultants as required to perform our project duties and for the legitimate running of the business. We will not share personal information with third parties  unless we have the data subject’s permission to do so. Overland Odyssey does not generally transfer personal data outside the European Economic Area. Where a specific project may require us to do this, prior consent will be sought from the data subject and  provision of adequate safeguards will need to be verified by the receiving organisation.

Data Storage & Retention 

Overland Odyssey stores both paper and electronic data and has procedures in place to ensure it is maintained in a safe and secure manner. Sensitive electronic data is 

password protected and backed up by our IT server every day. Additionally, the  company’s IT system is firewall and password protected. Staff only have access to the folders they require for each project. Personal data relating to a project will be retained for as long as necessary.

Data Subject Rights 

Unless subject to an exemption under GDPR, individuals have the following rights: 

• To be informed about the personal data being held about them

• Access to their data

• To rectify data - If any personal data is found to be inaccurate, we request that you contact us at hello@overland-odyssey.co.uk  immediately so we can update your personal data

• To request data deletion - if personal data is no longer required

• To restrict processing and withdraw consent at any time (where consent was required)

• To data portability 

• To object to personal data use 

• Rights in relation to automated decision making and profiling.

Our website uses cookies 

For most modern websites to work correctly, they need to store specific  basic information about its users. To do this, a site will create files known as cookies. ‘Cookies’ are tiny text files that are collected and stored by the browser (e.g. Internet Explorer, Chrome or Safari) on your computer or mobile device.

Anonymous analytics cookies

We only use one type of cookie - We use Google Analytics to gather information about how visitors use our site, such as which pages are most popular, how frequently users visit and how long they spend on the website. In essence Google Analytics tells us about our site’s performance. These cookies cannot be used to identify individuals. Essentially ‘anonymous analytics cookies’  enable us to better understand our users’ preferences, how individuals navigate our website and whether or not you have visited the site before but nothing about you as an individual is collected.

Third party cookies 

There are specific areas of our website that also contain third-party cookies (e.g. embedded YouTube content) Additionally, when an individual reshares any content on our website such as a blog post from our blog section for example and uses a social media sharing button the specific social network (e.g. Facebook or Instagram) will record that you have done this. Overland Odyssey is not responsible for third-party cookies.

Disabling cookies 

When you visit the Overland Odyssey website you will be prompted by a small pop-up (Unless disabled in your browser settings) to ‘accept’ or ‘decline’ cookies or; if your browser is set to use standard settings to accept cookies, you are granting consent for our website cookies to be stored on your computer. However, if you’d rather this did not happen you can disable them in the settings menu of your chosen browser.