We have structured our website so that you can visit without identifying yourself or revealing any personal information, other than an IP address. Once you choose to provide us with any information by which you can be personally identified, it will be used only to process enquiries or requests. Any information that we hold will not be disclosed to anyone, except for the purposes stated below. For your protection, we are registered with the Information Commissioners Office (ICO), and you may make a complaint to the ICO should you find that we are not complying with our obligations.
We are compliant with the General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679] which is intended to strengthen and unify data protection for all individuals within the European Union when it becomes Law from 25th May 2018. This Regulation will remain in UK Law after the UK leaves the European Union in March 2019.
We will not sell, distribute or lease your personal information to third parties unless we have your permission, or are required to do so by legal requirement or request from HMRC, the Police or any Law Enforcement Agency.
Under the GDPR Regulations, you may request a copy of any personal information which we hold about you. You may also ask us to update your information if anything is inaccurate, as well as request that we restrict the processing of, or delete your data. If you would like to exercise your rights as a data subject, please email us at firstname.lastname@example.org. Any request will be acknowledged immediately and notification will be forwarded to you to confirm such alteration has been made (normally within 30 days). Please note; personal data cannot be deleted if it is subject to a claim, or any legal proceedings.
Data collection and sharing
The following table details who we share data with by category, what data we collect and/or share, how long the data is kept for and why, and the legal basis that allows us to process that data.
- Customer data includes name, address, office and mobile telephone number, email address.
- Employee data includes name, address, home telephone number, email address, taxation/payroll information, Next of Kin and employment records.
|Category of Data Processor||What data we collect/share||How long the data is kept for, and why||Legal basis||Notes|
|Business support services (such as our accountants, insurance providers and legal advisers)||Customer data
|Minimum 7 years, to comply with HMRC. In the case of our staff pension provider, for the lifetime of the employee.||Legal requirement|
Occasionally, Customer data (we seek permission from the customer first)
|In most cases, only for as long as is required to provide the quotation/service requested from a partner.||Contract||We sometimes use trusted partners and suppliers to deliver specialist assistance or services.|
|Google Analytics||IP Address of visitors to our website||26 months, to allow statistical reporting||Legitimate interests||IP address data is collected to monitor visitor numbers to our website, and is pseudonimised to prevent identifying an individual.|
Automated decision making/profiling
We do not use or employ any systems which perform automated decision making or profiling of personal data.
Transfers to third countries or international organisations
We do use two ‘Software-as-a-Service’ providers, but the data we control and they process on our behalf is held in data centres within the EU, and complies fully with the GDPR. All data on these systems is encrypted to military standards, and is only readable by us unless we explicitly allow access for support purposes, and in that circumstance access is restricted and monitored to ensure only the minimum data necessary is exposed. It is further protected by being encrypted in transit using SSL technology. We do not pass any data to international organisations.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect.