Privacy Policy

Introduction

This document has been written to provide you with information about how we are handling or intend to handle personal information. We will only collect the personal data we need to deliver our services, and we hold and process it securely.

Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) and the Data Protection Act 2018 (referred to as Data Protection law) oblige us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the Data Protection Law.

About Us

Data Protection People (“DPP”) is committed to protecting and respecting your privacy and complying with the principles of the GDPR. This policy sets out the basis on which any personal data we collect, create or otherwise obtain from or about you will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Data Protection People Limited of The Round Foundry Media Centre, Foundry Street, Leeds LS11 5QP; company number 09706626 is the controller of the personal data you have provided to us.

We aim to process information about you fairly, lawfully, and in a transparent manner and the aim of this document is to provide you with sufficient information so you are able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.

Data Processing Purposes

Your information will be processed by Data Protection People for the following requirements; client management, client relationship, contract performance, sales opportunities, marketing, service delivery, product development and feedback, finance and invoices, help desk support, consultation and compliance services and for audit and regulatory requirements.

Information We Hold

In operating DPP, we may collect, create or otherwise obtain and process the following information:

  • Name, address, telephone number, email address, job title. We use this information to create and maintain customer records and to keep in regular contact with you.
  • We may also use this information for direct marketing purposes and to raise awareness of new products and services that may be of interest to you.
  • We collect personal data on our website through a ‘contact us’ form, the details are then added to our CRM system for follow up and processing as required via telephone and email.
  • Our website uses sessional cookies to enable the website to function correctly. Any information contained within these cookies are deleted when your browser is closed.
  • We store personal information clients add into the DataWise system which may include, names, addresses, contact details and contracts relating to their unique business operations.
  • We use social media to promote DPP and its events, and manage twitter, Linked-in and Facebook accounts in such a capacity. We do not collect, store or process any personal data contained on these platforms.
  • We send out a monthly newsletter by email to inform our subscribers about our activities and to provide news and information about DPP and/or the latest news surrounding data protection.

Employees

All employees and contractors working on behalf of DPP are under a duty of confidentiality to DPP and our clients. Furthermore, DPP contracts with clients under a Master Service Agreement which contains a non-disclosure provision to protect you and any data that you may share with us.

Lawful Basis for Processing

The lawful basis for the data processing involved in the above activities is indicated adjacent to each data processing purpose and is as follows:

  1. Steps taken to enter into or in order to fulfil the contract for services that we have with our customers;
  2. Pursuant to the legitimate interests of DPP which are: to promote DPP and our activities; to enable us to administrate and run DPP efficiently and effectively as a commercial business; and to ensure that we remain accountable to our customer and other relevant stakeholders;
  3. On the basis of the consent of the data subject;
  4. On the basis of employment and health and safety law.

Required Information

The provision of some items of personal data is a condition of working with DPP. Mandatory information will be highlighted where necessary and is kept to a minimum. It includes personal data required for identifying customers, legal obligations and other similar purposes. Failure to provide mandatory information will mean that you will be unable to work with DPP.

Sharing/Disclosing Personal Data

We will share personal data that we hold with the following categories of our data processors:

  • We share the personal data of some of our customers with internal departments to help scope opportunities and hand over for delivery. This is necessary in the provision of our services.
  • We share the personal details of some of our clients and prospects with partners to deliver joint marketing events and data protection compliance solutions. Partners of DPP include: resellers, technology partners and approved associates who deliver services on behalf of DPP.

Data Retention

DPP will hold your personal data for the length that it is required to provide you with our services in accordance with our Data Retention Policy. We may be required to retain some of your data after this time, for a set period, for us to meet our legal obligations including resolving any follow up issues.

Your Rights

You have certain rights set out in the data protection law including:

 
    Your Rights
    Description of Rights
    Rights in Practice
  • Right of access
  • You have the right to obtain confirmation from DPP as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data.
  • DPP will provide a copy of all personal data belonging to you, or specific personal data if you so require it. This will not include the personal data of any other individuals, or information regarding DPP’s operations. We will redact where necessary for the purposes of confidentiality
  • Right to rectification
  • You have the right to oblige DPP to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.
  • This will only apply to inaccurate personal data; information contained on your application form or any “flags” placed on your record. This will not lead to any other information which you disagree with being rectified, merely personal data which is inaccurate.
  • Right to erasure (right to be forgotten)
  • You have the right (under certain circumstances, but not all) to oblige DPP to erase personal data concerning you.

The right only applies:

  • Where the personal data is no longer necessary;
  • If you withdraw consent;
  • If we unlawfully held your personal data;
  • If you successfully object to our processing;
  • If we have to follow a legal obligation to delete the personal data.
  • Right to restriction of processing
  • You have the right (under certain circumstances, but not all) to oblige DPP to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.

The right only applies:

  • Where you contend the accuracy of any personal data until it has been made accurate;
  • Where you have objected to any processing whilst we present our evidence;
  • If we are processing anything unlawfully and you do not wish for it to be erased;
  • If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
  • Right to data portability
  • You have the right (under certain circumstances, but not all) to oblige DPP to provide you with the personal data about you which you have provided to in a structured, commonly used and machine-readable format.
  • You also have the right to oblige DPP to transfer your personal data to another controller.
  • This right only applies to data collected by automated means (i.e. excluding paper files) and where the legal basis for us processing this data is consent or for the performance of a contract. If you wish to obtain your data for the purposes of data portability then please contact our Privacy Officer.
  • Right to withdraw consent
  • If the lawful basis for processing is consent, you have the right to withdraw that consent. If you wish to withdraw your consent, contact us immediately.
  • DPP uses consent as the lawful basis for sending direct marketing material.
  • Right to object to direct marketing
  • Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.
  • DPP sends out a monthly newsletter to a positive opt-in mailing list via email. We offer an unsubscribe function for recipients to opt-out from receiving marketing communications.
  • Rights in relation to automated decision making and profiling
  • DPP does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.
  • DPP does not carry out any automated decision making based on profiling. Where profiling is carried out without automated decision making, we will inform you if it crosses a certain threshold.

For more information about any of your rights, please visit here.

You also have a right to lodge a complaint with the Supervisory Authority should you feel that we have not handled your information in line with legislative and regulatory requirements. This is the Information Commissioner’s Office (ICO) in the UK:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

(e) [email protected]

(t) 0303 123 1113

How to Contact Us

For further information regarding your personal data or about DPP’s approach to data protection in general please contact our Privacy Officer (PO) at:

Data Protection People Ltd

Round Foundry Media Centre

Foundry Street

Leeds

LS11 5QP

(e) [email protected]

(t) 0845 519 8705

Version Control

Version 1.0. Issued 24th May 2018