for Data Protection Audits Limited
Data Protection Audits Limited treats the privacy of its clients, customers and website (“Site”) users very seriously and we take appropriate security measures to safeguard your privacy. This Privacy Notice explains how we protect and manage your Personal Data you share with us and that we hold about you, including how we collect, process, protect and share that data.
Personal Data means any information that may be used to identify an individual, including but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
Who we are
Data Protection Audits Limited (“we”). We are registered in England and Wales under company number 10117616 and have our registered office situated at 71-75 Shelton Street, London, England, WC2H 9JQ
We provide consultancy services to UK based entities and individuals. As part of conducting these services you or the UK institutions and entities that we act on behalf of, provide us with information about you to enable us to conduct services either for them or on their behalf.
In instances where you are not our client, for example where we are instructed by a UK institution or entity, they will be the ‘Controller’ of this information and we will be a ‘Processor’. In such cases this Privacy Notice is therefore supplemental to the Privacy Notice provided by the UK institution or entity.
In instances where you are our client (non-exclusive examples include where we are instructed by yourself to be your data protection officer), we will be the ‘Controller’ of the personal data.
How we obtain your Personal Data
Information provided by you
When you decide to use our services you may provide us with your Personal Data via our Site, through a written letter, email or text message, over the telephone or similar mediums. This Personal Data includes name, address, email address and bank account details. We use this information in order to fulfil the agreed services that we provide to you.
We may also keep information contained in any correspondence you may have with us by post or by email and we also record telephone conversations.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR). You will already have submitted your Personal Data to the companies and specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.
How we use your Personal Data
We use your Personal Data to fulfil the agreed services on your behalf and to keep a record of the services we provide you for example for accounting, payment and legal requirements. We endeavour, at all times to protect your Personal Data in a manner which is consistent with our requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your Personal Data in storage.
Do we use your Personal Data for marketing purposes?
Any information that you choose to give us for the provision of services will be used by us for that purpose only or to comply with associated legitimate interests (as described in the paragraph above) and will not be used for marketing purposes by us or third parties.
If you use our Site we may use this information to conduct marketing activities but only with your consent.
What is our Legal Basis for processing your information
The main legal basis for processing your information will be to perform the services as agreed between us and yourself. Therefore the main reason for us processing your Personal Data will be for the performance of a contract between us or, for us to take steps at your request prior to entering into a contract with you
We will also need to process your Personal Data for our own internal record keeping activities: in this instance your Personal Data will be processed for keeping a record of what services we have provided to you, what payments we have requested from you and what payments you have made. In this instance we will be processing your Personal Data on a legitimate interest basis.
Additionally, we may be required to obtain Personal Data from you in order to comply with our regulatory and legal obligations, for example to comply with anti-money laundering legislation, accounting practices or legal requirements, court orders or conduct fraud prevention. In these instances, our legal basis for processing information will be to fulfil a legal obligation.
We will keep information about you confidential. In order to fulfil the performance of the contract, to carry out our legitimate interest or to satisfy a legal obligation we may be required to disclose your information to third parties. Examples of the types of third parties used include:
In the event that Data Protection Audits Limited is sold or integrated with another business, your anonymised details may be disclosed to our advisers and any prospective purchasers’ advisers and your personal details will be passed on to the new owners of the business.
Transfer of your Personal Data outside of the European Economic Area (EEA)
We do not currently transfer your Personal Data outside the EEA. If in the future we transfer your Personal Data outside the EEA, in accordance with the terms of this Policy, we will make sure that the receiver agrees to provide the same or similar protection as we do and the they only use your Personal Data in accordance with our instructions.
How long do we keep this information about you
We retain your personal data as follows: we will keep your Personal Data for a period of six years after the last piece of work or service we have provided to you e.g. if we provided a service in 2018 to you then we would only retain your Personal Data until 2024. This retention period is in line with the length of time we need to keep your Personal Data in order to meet or take any legal action (e.g. debt collection, claim for breach of contract) for financial statutory or legal requirements and the handling of any insurance claims.. In all cases our need to use your Personal Data will be reassessed on a regular basis and information which is no longer required will be disposed of.
What if I choose not to give you my personal information
If you do not wish us to process your Personal Data we will not be able to provide you with any services.
Will you process my information for purposes I may not be aware of
If you use our Site, we may also use aggregate information and statistics for the purposes of monitoring Site usage and to help us develop our Site and our services, and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
We may use sign up form data to assist with providing downloads, newsletters and enrolling on events. Such use does not result in any personally identifiable data, other than contact details, being collected, stored or transferred to such agencies. We, or our agents and sub-contractors, may contact you by post, e-mail or telephone to ask you for your feedback and comments on our services. We will only do this with your consent that you can give on our Site
Data Subject Rights
Right to be informed
You, the Data Subject, shall have the right to be informed of how your Personal Data is used. This Privacy Notice provides you with this explanation in relation to the information processed by us when providing services to you.
Subject access requests
The General Data Protection Regulation (GDPR) grants you (the Data Subject) the right to access particular Personal Data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the Personal Data we hold about you.
You may also request the following:
Right to rectification
You, the Data Subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data we hold concerning you. Taking into account the purposes of the processing, you, the Data Subject, shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to erasure
You, the Data Subject, shall have the right to obtain from us the erasure of Personal Data concerning you without undue delay.
This right does not apply if processing is necessary:
Right to restriction of processing
You, the data subject, shall have the right to obtain from us a restriction of processing where one of the following applies:
The right will not apply where the processing is necessary for:
iii) reasons of important public interest
Notification obligation regarding rectification or erasure of Personal Data or restriction of processing
We shall communicate any rectification or erasure of Personal Data or restriction of processing as described above to each recipient to whom the Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the processing, which overrides the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Right to not be subject to decisions based solely on automated processing.
We do not carry out any automated processing, which may lead to an automated decision based on your Personal Data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please submit a written request to firstname.lastname@example.org
Accuracy of information
In order to provide the highest level of customer service possible, we need to keep accurate Personal Data about you. We take reasonable steps to ensure the accuracy of any Personal Data we obtain. We ensure that the source of any Personal Data is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
If you have any questions or queries which are not answered by this Privacy Notice, or have any potential concerns about how we may use the Personal Data we hold, please write to Data Protection Audits Limited, 71-75 Shelton Street, London, England, WC2H 9JQ or email email@example.com
If you have a complaint
If you have a complaint regarding the use of your Personal Data then please contact us writing to Data Protection Audits Limited, 71-75 Shelton Street, London, England, WC2H 9JQ or email firstname.lastname@example.org and we will do our best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your Personal Data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.
or call us on 0207 477 2045