We take our obligations in respect of the privacy of personal data very seriously and we will only process personal information as detailed in this policy, unless we inform you otherwise. In order to ensure that the personal data we hold is accurate and up to date, we request that you inform us of any relevant changes to the personal information we hold about you.
The person responsible for data protection matters within our organisation is Ravi Murphy and can be contacted
The Sir Standard Limited
Unit 6-7 Dubarry House
Hove Park Villas
01273 236 236
If you do not wish us to process personal data in accordance with this policy, then please do not provide it to us, Please refer to Section’Your rights‘ below, in respect of data that we already hold, or which we receive from third parties.
We may collect your personal data in the course of our dealings and this may include the following:
- Your contact information, which may include your full name, job role, contact telephone number and email
- Your statements and opinions e.g. opinions that you may express during an audit
- Information relating to our relationship with you or the party for whom you work including records of any meetings or discussions
- Your marketing preferences
We may obtain your personal data from the following sources (please note that this list is not exhaustive):
- You, including where you have provided us with your contact details or other information for the purposes of using Our Services
- Staff or other representatives of the organisation you represent
- Marketing databases
- Social media
- The public domain
- Conversations, with you or others, on the telephone or video conferencing (which may be recorded) or in meetings
- Notes following a conversation, with you or others, or meetings you attend
- Third party referrals
How we will use your personal data
We will process your personal data in the context of our dealings with the third party for whom you work and as part of Our Services. Processing may include:
- Collecting and storing your personal data, whether in manual or electronic files
- Using the data to communicate with you
- Sending information to third parties with whom we have or intend to enter into arrangements which are related to Our Services
- Actions necessary to further any obligation on us pursuant to a contract between ourselves and the third party you work for
- Collating market or sector specific information and providing the same to our Clients
- Providing information to regulatory authorities or statutory bodies and our legal or other professional advisers including insurers
- Retaining records of our dealings with you and the organisation whom you represent
- Establishing quality, training and compliance with our obligations and best practice
Why we process your personal data
- Compliance with legal obligations (regulatory and statutory obligations)
We must comply with a number of statutory and regulatory obligations relating to business generally, for example tax, bribery and fraud/crime prevention legislation, and co-operating with regulatory authorities such as HMRC. In order to comply with these obligations we may be required to process personal data.
- Our legitimate interests (carrying on the activity relating to the provision of Our Services):
In providing our Our Services, we will carry out some processing of personal data which is necessary for the purpose of our legitimate interests, which include:
- Using your personal data:
- to contact you regarding Our Services
- to collate market information or trends including providing analysis to potential or actual Clients
- as otherwise necessary to provide Our Services and/or to meet our obligations towards either the party whom you represent, or other Clients or suppliers
- to personalise your experience and our offering, whether via our website or otherwise
- Retaining records of our dealings and transactions and where applicable, use such records for the purposes of:
- establishing compliance with contractual obligations with Clients or suppliers
- addressing any query or dispute that may arise including establishing, exercising or defending any legal claims
- protecting our reputation
- maintaining a back up of our system, solely for the purpose of being able to restore the system to a particular point in the event of a system failure or security breach
- determining staff training and system requirements
For our commercial viability and to pursue these legitimate interests, we may continue to process your personal information for as long as we consider reasonably appropriate for these purposes.
We may process your personal data on the basis that you have consented to us doing so for a specific purpose, for example, if you have provided your contact details in order that we may use these to provide you with details of our services you may have consented to our processing of the data for that purpose. In other cases you may have provided your written or verbal consent to the use of your data for a specific reason, for example references.
You may withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.
What if we obtain your personal data from a third party?
As part of our business activity we may obtain your data friom third party sources, some information being publicly available but others being from third parties with whom we have business dealings or connections. From time to time we may also receive personal data about you from, colleagues, from persons for whom you have provided services or been otherwise engaged.
Sensitive Personal Data (SPD)
Sensitive personal data is information which is intensely personal to you and is usually irrelevant to our dealings with you in respect of Our Services. Examples of SPD include information which reveals your political, religious or philosophical beliefs, sexual orientation, race or ethnic origin, or information relating to your health.
Regardless of the basis for your dealings with us, we request that you do not provide us with any sensitive personal data unless absolutely necessary. However, to the extent that you do provide us with any sensitive personal data, such as data which you choose to share with us in conversation, we shall only use that personal data for the purposes of our relationship with you or for the provision of our Services. This will be for one or more of the following reasons:
- You have explicitly consented to the processing
- Where processing is necessary for the purpose of obligations or rights under employment, social security or social protection law
- To maintain records of our dealings to address any later dispute, including but not limited to the establishment, exercise or defence of any legal claims
Who we share personal data with
We shall not share your personal data unless we are entitled to do so. The categories of persons with whom we may share your personal information include:
- Third parties necessary for the provision of Our Services
- Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us
- Parties who process data on our behalf, which may include
- IT support
- Storage service providers including cloud providers
- Legal and professional advisers
Transfer of data to other jurisdictions
In the course of the provision of Our Services we may transfer data to countries or international organisations outside of the EEA. This may, for example, be to third parties who provide support services to us. Where information is to be so transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable, ensure that appropriate safeguards are in place. Details relating to specific countries or organisations are available on request.
If you do not wish to provide us with necessary data
There may be circumstances where we require you to provide data which is necessary in order for us to meet statutory or contractual obligations, or perform Our Services. If you do not wish to provide us with information we request then please notify us. However, please be aware that as a result we may be unable to provide you or the party who you represent with a Service, and in some cases may result in a breach of the contract we have with you or a third party you represent.
Group companies & transfer
Data Security and Confidentiality
It is our policy to ensure, in so far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice.
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website, which enables the website to tailor its offerings to your preferences when you visit it. They tell us when you have visited our site and where you have been. They do not identify you personally, just the presence of your browser. Cookies make it easier for you to log on and use the site during future visits. They also enable us to provide you with a more personalised service. Should you wish to do so, your browser’s help section should be able to warn you before accepting cookies and how to filter or disable them, although in the latter case, you may not be able to use certain features on our site.
Retaining your data
In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you and it is our policy to only store your personal data for as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests. However, we may retain data for longer than a 6 year period where we have a legal or contractual obligation to do so, or we form the view that there is otherwise a continued basis to do so, for example where we are subject to a legal obligation which applies for a longer period.
If however you believe that we should delete your personal data at an earlier date, please inform us in writing of your reasons. Please see Section ‘Your Rights’ below.
We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:
- Request a copy of the personal data that we hold
- Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data
- Request that we restrict processing of your data in certain circumstances
- Request that data is erased where the continued use of that data cannot be justified
- Object to any decision, which significantly affects you, being taken solely by a computer or via another automated process
- Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations
- Request that inaccurate or incomplete data is rectified
- Request that data provided directly by you and processed by automated means is transferred to you or another controller; this right only being applicable where our processing of your data is based either on your consent or in performance of a contract
- Make a complaint to the Information Commissioner’s Office Request that direct marketing by us to you is stopped
Please note that should you exercise your right to request that we erase data or cease any processing activity, we may retain a record of this request and the action taken in order to both evidence our compliance, and to take steps to minimise the prospect of any data being processed in the future should it be received again from a third party source.
If you have any questions concerning your rights or should you wish to exercise any of these rights please contact Ravi Murphy
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to Ravi Murphy. This does not affect your right to make a complaint to the Information Commissioner’s Office.
Copyright © Lawspeed Ltd 2018. All rights reserved.