This document has been written to provide you with information about how we are handling or intend to handle personal information. We will only collect the personal data we need to deliver our services, and we hold and process it securely.
Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) and the Data Protection Act 2018 (referred to as Data Protection law) oblige us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the Data Protection Law.
Data Security People (“DSP”) is committed to protecting and respecting your privacy and complying with the principles of the GDPR. This policy sets out the basis on which any personal data we collect, create or otherwise obtain from or about you will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Data Security People is a trading style of Data Protection People Limited, a company registered in England and Wales with number 9706626 and offices at Round Foundry Media Centre, Foundry Street, Leeds, LS11 5QP and is the controller of the personal data you have provided to us.
We aim to process information about you fairly, lawfully, and in a transparent manner and the aim of this document is to provide you with sufficient information so you are able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.
Data Processing Purposes
Your information will be processed by Data Security People for the following requirements; client management, client relationship, contract performance, sales opportunities, marketing, service delivery, product development and feedback, finance and invoices, help desk support, consultation and compliance services and for audit and regulatory requirements.
Information We Hold
In operating DSP, we may collect, create or otherwise obtain and process the following information:
- Name, address, telephone number, email address, job title. We use this information to create and maintain customer records and to keep in regular contact with you.
- We may also use this information for direct marketing purposes and to raise awareness of new products and services that may be of interest to you.
- We collect personal data on our website through a ‘contact us’ form, the details are then added to our CRM system for follow up and processing as required via telephone and email.
- Our website uses sessional cookies to enable the website to function correctly. Any information contained within these cookies are deleted when your browser is closed.
- We store personal information clients add into the DataWise system which may include, names, addresses, contact details and contracts relating to their unique business operations.
- We use social media to promote DSP and its events, and manage twitter, LinkedIn and Facebook accounts in such a capacity. We do not collect, store or process any personal data contained on these platforms.
- We send out a monthly newsletter by email to inform our subscribers about our activities and to provide news and information about DSP and/or the latest news surrounding data protection.
All employees and contractors working on behalf of DSP are under a duty of confidentiality to DSP and our clients. Furthermore, DSP contracts with clients under a Master Service Agreement which contains a non-disclosure provision to protect you and any data that you may share with us.
Lawful Basis for Processing
The lawful basis for the data processing involved in the above activities is indicated adjacent to each data processing purpose and is as follows:
- Steps taken to enter into or in order to fulfil the contract for services that we have with our customers;
- Pursuant to the legitimate interests of DSP which are: to promote DSP and our activities; to enable us to administrate and run DSP efficiently and effectively as a commercial business; and to ensure that we remain accountable to our customer and other relevant stakeholders;
- On the basis of the consent of the data subject;
- On the basis of employment and health and safety law.
The provision of some items of personal data is a condition of working with DSP. Mandatory information will be highlighted where necessary and is kept to a minimum. It includes personal data required for identifying customers, legal obligations and other similar purposes. Failure to provide mandatory information will mean that you will be unable to work with DSP.
Sharing/Disclosing Personal Data
We will share personal data that we hold with the following categories of our data processors:
- We share the personal data of some of our customers with internal departments to help scope opportunities and hand over for delivery. This is necessary in the provision of our services.
- We share the personal details of some of our clients and prospects with partners to deliver joint marketing events and data protection compliance solutions. Partners of DSP include: resellers, technology partners and approved associates who deliver services on behalf of DSP.
DSP will hold your personal data for the length that it is required to provide you with our services in accordance with our Data Retention Policy. We may be required to retain some of your data after this time, for a set period, for us to meet our legal obligations including resolving any follow up issues.
You have certain rights set out in the data protection law including:
|Your Rights||Description of Rights||Rights in Practice|
|Right of access||You have the right to obtain confirmation from DSP as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data.||DSP will provide a copy of all personal data belonging to you, or specific personal data if you so require it. This will not include the personal data of any other individuals, or information regarding DSP’s operations. We will redact where necessary for the purposes of confidentiality|
|Right to rectification||You have the right to oblige DSP to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.||This will only apply to inaccurate personal data; information contained on your application form or any “flags” placed on your record. This will not lead to any other information which you disagree with being rectified, merely personal data which is inaccurate.|
|Right to erasure (right to be forgotten)||You have the right (under certain circumstances, but not all) to oblige DSP to erase personal data concerning you.||The right only applies: Where the personal data is no longer necessary; If you withdraw consent; If we unlawfully held your personal data; If you successfully object to our processing; If we have to follow a legal obligation to delete the personal data.|
|Right to restriction of processing||You have the right (under certain circumstances, but not all) to oblige DSP to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.||The right only applies: Where you contend the accuracy of any personal data until it has been made accurate; Where you have objected to any processing whilst we present our evidence;If we are processing anything unlawfully and you do not wish for it to be erased; If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.|
|Right to data portability||You have the right (under certain circumstances, but not all) to oblige DSP to provide you with the personal data about you which you have provided to in a structured, commonly used and machine-readable format. You also have the right to oblige DSP to transfer your personal data to another controller.||This right only applies to data collected by automated means (i.e. excluding paper files) and where the legal basis for us processing this data is consent or for the performance of a contract. If you wish to obtain your data for the purposes of data portability then please contact our Privacy Officer.|
|Right to withdraw consent||If the lawful basis for processing is consent, you have the right to withdraw that consent. If you wish to withdraw your consent, contact us immediately.||DSP uses consent as the lawful basis for sending direct marketing material.|
|Right to object to direct marketing||Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.||DSP sends out a monthly newsletter to a positive opt-in mailing list via email. We offer an unsubscribe function for recipients to opt-out from receiving marketing communications.|
|Rights in relation to automated decision making and profiling||DSP does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.||DSP does not carry out any automated decision making based on profiling. Where profiling is carried out without automated decision making, we will inform you if it crosses a certain threshold.|
For more information about any of your rights, please visit here.
You also have a right to lodge a complaint with the Supervisory Authority should you feel that we have not handled your information in line with legislative and regulatory requirements. This is the Information Commissioner’s Office (ICO) in the UK:
Information Commissioner’s Office
Email: [email protected]
Telephone: 0303 123 1113
How to Contact Us
For further information regarding your personal data or about DSP’s approach to data protection in general please contact our Privacy Officer (PO) at:
Data Protection People Ltd (dba Data Security People)
Round Foundry Media Centre
Email: [email protected]
Telephone: 0345 340 5412
Version 1.0. Issued 24th May 2018