GDPR is here !
Can you demonstrate that you comply?
We believe it is very important to respect the privacy of individuals. This Privacy Notice explains how South Coast Data Protection Consultants Ltd (SCDPC) process and protect your personal data.
This Privacy Notice covers:
· Who we are
· What Personal Information We Collect
· How We Use Your Personal Information
· Who Will Have Access to Your Personal Information
· How Long We Keep Your Personal Information
· Security of Your Personal Information
· International Transfers
· Your Rights
· How to Contact Us
Who We Are
SCDPC are the ‘Controller’ of any personal information we collect. We are a limited company registered in England and Wales under registration number 09922651 and we have our registered office at Unit 50 Basepoint Business Centre, Enterprise Way, Aviation Park West, Christchurch, Dorset BH23 6NX.
We will process your personal information in accordance with all applicable laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).
What Personal Information We Collect
Visitors to Our Website
We do not collect any personal information using cookies, as we do not have cookies on our website.
If you instruct us to work for you we will ask you for your name, company address, company telephone number, company email address and any other information which is necessary for us to have in order to provide our service to you.
Potential Clients and Information Collected via Contact Us Web Forms
If you invite us to provide a quotation for a product or service or you contact us by submitting the ‘Contact Us Form’ on our website, we will ask you for your name, company address, company telephone number, company email address, details of your enquiry and your preferred method of contact. We only ask for the information we need in order to provide you with the quotation and answer your enquiry.
If you are a business connection, for example, we meet you at a networking event or link with you via social media, we will only collect the information you choose to provide to us, which typically includes your name, company address, company telephone number and company email address.
If you attend one of our training courses, we may request your name and contact information for the purpose of processing the booking. If you undertake a data protection test, you will be asked to submit your application and answer sheets to us via email.
How We Use Your Personal Information
We will only use your personal information for the purpose for which we collected it and will not use it for anything else without your prior consent, subject to certain legal exceptions.
As the Controller, we collect personal information about you and use it for the following purposes:
Purpose of Processing Legal Basis for Processing
To process your order and provide the Performance of a contract with you
product and/or service you require
To provide a quotation for a product or service Steps taken at your request prior to entering into a contract
To answer your query Legitimate interests
To deal with enquiries, complaints, feedback etc Legitimate interests
To connect with you to offer our services Legitimate interests
To provide training, data protection tests Contract and/or legitimate interests
To respond to Subject Access Requests (SAR) Legal obligation
If you do not provide the information we ask for, we may not be able to provide the product, service or quotation you require or answer your query or request.
Who Will Have Access to Your Personal Information
Clients, Potential Clients, Business Connections and Information Collected via Contact Us Web Forms
SCDPC will have access to your personal information and will use it for the purposes described above.
As above, except that in the case of internal staff training an employer may require that we provide them with proof of your attendance, data protection test results and certificate.
We use third party processors to provide services such as IT support and cloud services and these processors will also have access to the personal data we hold about you. However, we ensure that we enter into Data Processing Agreements with all processors we instruct. These Agreements place obligations on the processors to comply with the GDPR and all relevant data protection legislation and to act only under our strict instructions.
How Long We keep Your Personal Information
We will keep your personal information for as long as you are a client and for 7 years thereafter, for tax, legal and insurance purposes.
Potential Clients and Information Collected via Contact Us Web Forms
We will keep your personal information for as long as we are dealing with your enquiry and for 12 months thereafter.
We will keep your personal information for as long as we have meaningful contact with you and for 12 months thereafter.
We will keep your personal information for 12 months.
Security of Your Personal Information
In accordance with the requirements of the GDPR and the DPA 2018, we take appropriate technical and organisational measures to safeguard your personal information.
We may use third party processors who process information in countries outside the EU. However, in doing so we take appropriate technical and organisational measures to safeguard your personal information as we:
· only allow personal data to be processed in countries which the European Commission have confirmed have adequate protection for personal data (see European Commission: Adequacy of the protection of personal data in non-EU countries) and/or;
· we enter into appropriate contracts which the European Commission have confirmed provide adequate protection for personal data (see European Commission: Model contracts for the transfer of personal data to third countries) and/or;
· we ensure that our processors who process personal data in America are signed up to the Privacy Shield (see European Commission: EU-US Privacy Shield).
You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. For example, you have the right to request a copy of the personal information we hold about you. This is known as a Subject Access Request and there is no charge for this, providing the requests are not manifestly unfounded or excessive. Your request needs to be made in writing and sent to either Simon Humphreys or Sandy May at the address given under ‘How to Contact Us’. We may ask you to provide ID before processing the request. Once in receipt of this, we will process the request without undue delay and within one month.
You also have rights in relation to rectification, erasure, restriction, data portability, objections and automated decision making. If you would like to exercise these rights, please contact Simon Humphreys or Sandy May using our contact details below.
You have the right to complain to SCDPC about the way your personal information is processed. Please contact Simon Humphreys or Sandy May using our contact details below. If you remain dissatisfied, you may also complain to the Information Commissioner’s Office. They can be contacted at:
Information Commissioner’s Office
How to Contact Us
If you have any questions or concerns about this Privacy Notice or about how your personal information is being processed or if you wish to make a Subject Access Request, please contact:
Either Simon Humphreys or Sandy May
South Coast Data Protection Consultants Ltd
Unit 50 Basepoint Business Centre
Aviation Park West