This document has been written to provide you with information about how we are handling or intend to handle personal information. It sets out the basis on which any personal data we collect, create or otherwise obtain from or about you will be processed by us. Please read it carefully to understand our views and practices regarding your personal data and how we will treat it.
This document concerns personal data we use relating to visitors to our website and to our actual and prospective customers and suppliers. It does not related to personal data we use relating to employees – privacy information about employees is contained in our employee handbook.
Data Protection Compliance Management Policy Statement
The Board of Directors and management of Data Protection People Ltd are committed to compliance with all relevant Data Protection Legislation and will formally delegate appropriate powers and responsibilities to its personnel to ensure that it is fully able to comply with the Data Protection Legislation and its own defined standards in the field of data protection and information governance.
The organisation will maintain a suite of policy documents and procedures setting out how it intends to implement management controls sufficient to ensure legal compliance and will ensure that these documents are reviewed periodically to a) test their adequacy in meeting the legal standards as they change over time, and b) to test the organisation’s compliance with them. The organisation will ensure that all relevant personnel and/or other persons it commissions to process personal data on its behalf, either directly or indirectly, have received appropriate and sufficient training in the application of the organisation’s policies.
The management will make sure that sufficient and appropriate resources are available to ensure that it meets both its legal obligations in respect of Data Protection Legislation and the standards that it sets through its policies.
The management will ensure that the organisation works within the 7 data protection principles and that it will implement sufficient controls to demonstrate compliance with the Data Protection Legislation including the keeping of sufficient records of data processing activities, risk assessments and decisions relating to data processing activities.
The organisation will uphold the rights and freedoms of people conferred on them by the Data Protection Legislation. It will ensure that those rights and freedoms are appropriately taken into account in the decisions it takes which may affect people and will ensure that it has sufficient controls in place to assist people who wish to exercise their rights.
This policy applies to all of the organisation’s activities or operations which involve the processing of personal data in whatever format.
This policy applies to anyone who is engaged to process personal data for or on behalf of the organisation including: employees, volunteers, casual and temporary staff, directors and officers, and third-parties such as sub-contractors and suppliers, and anyone who the organisation shares or discloses personal data with/to.
Information We Hold
DPP collects and uses information about customers and prospective customers and suppliers including:
- Name, address, telephone number, email address, job title, records of meetings, communication or other contact, products and services you express interest in, instructions you give to us and orders you place with us, comments you might leave on our blogs, interests and hobbies you tell us about or that we note through public information that we think might be useful to help build a commercial relationship with you.
- We might collect audio and video recordings of you: a) if you attend any training or seminars via video conferencing with us; or b) if you leave us voice mail messages on our equipment.
Uses of Personal Data
We use personal data primarily to build and maintain commercial relationships with people including the following:
- managing enquiries, sales opportunities and leads, and proactive business development activities;
- managing relationships with prospective, actual, and former customers and suppliers and others who we think may benefit or be of interest to our business including creating and maintaining customer records and to keep in regular contact with you;
- marketing our products and services, product development and research including the use of direct marketing by email, phone, social media and traditional mail to raise awareness of products and services that we believe may be of interest to you;
- managing projects, client instructions, customer relationships, and the delivery of our services including handling consultations and support requests;
- obtaining feedback;
- financial management including invoicing, chasing debts, making payments etc.;
- audit and regulatory requirements.
- We send out a monthly newsletter by email to inform those who express an interest in our business about our activities about our business and news such as developments in the regulatory framework related to our services such as PCI DSS, cyber security, and information rights law and practice.
Lawful Basis for Processing
The lawful basis for processing the data involved in the above activities are:
- Steps taken to enter into or in order to fulfil the contract for services that we have with our customers;
- Pursuant to the legitimate interests of DPP which are: to promote DPP and our activities; to enable us to administrate and run DPP efficiently and effectively as a commercial business; and to ensure that we remain accountable to our customers and other relevant stakeholders.
We may process personal data for compliance with our legal obligations (e.g. for financial and taxation purposes, or health and safety law). If we process personal data on the basis of consent, we shall ensure that we provide sufficient information for the consent to be specific, informed, and freely given.
Sharing/Disclosing Personal Data
We will share personal data that we hold with the following categories:
- We share the personal data of our customers with data processors we have appointed to process personal data on our behalf including for example (Salesforce.com, Xero.com, Microsoft, Monday, Google, MailChimp, Shredit, Garbutt & Elliot, Hicel Ltd, InfoSec People.com, Basecamp, RapidSpike.com, Adobe, and Cyfor). Note that this is not an exhaustive list.
- We may disclose personal data to other organisations who assist us to deliver our products and services; make a lawful request for disclosure; provide us with professional services or advice; or assist us in our marketing and promotional work.
We may transfer personal data to a country not in Europe where data subjects’ rights may not be adequately protected or enforceable. Whenever we arrange for international transfers of data overseas we will ensure the suitable arrangements are in place to provide suitable safeguards for the people whose information we transfer. When we appoint overseas data processors we check that suitable arrangements are in place such as European Commission Adequacy Decisions, Standard Contractual Clauses, or other permitted mechanism. These transfers include:
- Xero.com [financial management system] may involve the transfer of data to New Zealand which has been deemed by the European Commission to provide a similar level of data protection as we enjoy in the UK.
DPP will hold your personal data for the length of time that we need it to: a) provide you with services; b) send you marketing and promotional materials; c) meet our legal obligations and/or protect or defend our business.
You have certain rights set out in the data protection law including the right to request access to and rectification or erasure of personal data that we hold about you; a right to object to and to a restriction of our processing of your personal data; and the right to data portability. Where we process your personal data on based on consent you have the right to withdraw your consent at any time. You can exercise these rights at any time by contacting us at [email protected]. You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office (ICO) in the UK) about us via www.ico.org.uk, [email protected] or 0303 123 1113
How to Contact Us
For further information regarding your personal data or about DPP’s approach to data protection in general please contact our Privacy Officer (PO) at:
Data Protection People Ltd
Round Foundry Media Centre
(t) 0345 340 5412
Version 2.0. Issued 28th July 2020
V1.0 Issued 24th May 2018 – changes include improvement of wording. Addition of our DP Compliance Statement