GDPR (General Data Protection Regulation) came into effect from May 2018. We will update this policy after the completion of the UK’s exit from the European Union (as required). Note – the GDPR has been incorporated into UK legislation as the Data Protection Act 2018.
We will hold your details on our internal systems. We do our best to ensure the security of your details by using up to date industry practices to guard against unauthorised access, use, disclosure or loss.
Note -Your personal details will not be used in ways to which you have not consented, either via implied or explicit consent. All personal data provided by our prospective clients through this web site is provided under explicit consent (via our web forms) or implied consent via our web chat facility.
It is possible to view our site without providing any personal details. However, without providing your details you will not be able to contact us using our web form or when contacting us by telephone.
We will only ask for personal information from you where it is necessary for us to provide services to you. We will only collect information where it is specifically and knowingly provided by you. For example, we will ask for your name, email and telephone number and when you contact us. We will ask you for your card payment information when using our online payment solution (Paypal).
We will use this information to process your inquiry and for any subsequent contact relating to any services that we provide to you under any terms and conditions of engagement.
We keep a record of your emails to assist in our management of your interaction with us. Your telephone calls to us may be recorded and monitored for quality control, training and service delivery purposes. Note – you will be notified in advance if that is the case.
We might also pass your personal information, but never your credit card or payment details, to selected third parties for the provision of services that we are engaged for as the primary supplier of those services.
The only other circumstances when we may provide details, from which you are identifiable, to third parties, are where we are required to do so by law, in order to administer your GDPR Toolkit order (see section on Payment Details below), to our suppliers who process data on our behalf in the UK or abroad, inside or outside the EEA, and where required for business succession reasons.
We may occasionally need to contact you to enable us to fulfil your inquiry or services correctly. You may opt out of future communications should you no longer wish to communicate with us.
Typical communication methods include:
We may also contact you via our monthly newsletter that contains information and updates regarding data protection and information security. Note – We generally restrict this communication to past and current customers however from time to time we may send this communication to those individuals that we consider may derive some benefit from having received it e.g. those individuals who have made enquiries with us regarding matters of data protection or information security.
Subscription to our newsletter is based upon your implied consent and this consent may be withdrawn at any point. We use standard technology for this newsletter (e.g. https://mailchimp.com )
As a company that does business over the Internet, we understand the importance of security. We have highly secure facilities to give you confidence when using your payment card, and when you give us personal information, such as your address or telephone number. Please note, however, that although we use technology and systems designed to ensure security, we cannot guarantee the security of your information.
Your payment details, credit card numbers etc. are not processed or stored on any of our systems. We use Paypal for the payment processing of GDPR Toolkit payments and Go Cardless for our DPO Services subscriptions. In both of these cases your payment information is not given directly to us or stored by us.
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites, similar to; , the BBC News Homepage or http://www.bbc.co.uk/news).
Shortened URL’s; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: http://bit.ly/zyVUBo). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms, users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
We are registered under GDPR and comply with the Regulation in our dealings with your personal data. The Regulation protects your personal data by providing, amongst other things, that the data we hold about you should be processed lawfully and fairly. It should be accurate, relevant and not excessive. The information should, where necessary, be kept up to date and not retained for longer than is necessary. It should be kept securely to prevent unauthorised access by other people. You have the right to see what is held about you and correct any inaccuracies, including the right to ‘erasure’.
We have a dedicated Data Subject Access Request Policy that is available upon request. For more information please contact firstname.lastname@example.org
If for whatever reason you are not happy with how we are adhering to the requirements of GDPR (Data Protection Act 2018) you can seek advice and guidance from the Information Commissioners Office (ICO) which is the appointed UK government regulator. We are registered with the ICO, the registration number is ZA366044
Last updated – 10th August 2020.