Nature of work - General business
Reasons/purposes for processing informationWe process personal information to enable us to promote our goods and services, to maintain our accounts and records and to support and manage our staff.
Type/classes of information processedWe process information relevant to the above reasons/purposes. This may include:
Who the information is processed about
We process personal information about our:
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where necessary or required we share information with:
Information is processed for consultancy and advisory services that are offered. For this reason the information processed may include name, contact details, family details, financial details, and the goods and services provided. This information may be about customers and clients. Where Necessary this information is shared with the data subject themselves, business associated and other professional advisors, current, past or prospective employers and service providers.
What can happen to the data
All individuals have the ‘Right to be Forgotten (Right to Erasure) and upon request we will delete any personal data we have on file. We will delete personal data if the continuing processing of the data is no longer necessary. All individuals have the right to obtain confirmation as to whether or not their personal data is being processed, where and for what purpose. We will provide this information in electronic format, free of charge upon request.
Data breach notification process
If there is a breach of the server and it is deemed that the breach is likely to ‘result in a risk for the rights and freedoms of individuals’ whose data we have processed we will notify individuals within 72 hours of the breach. We will also notify the Supervisory Authority and the ICO of the data breach. We will fully comply with their requirements and work with their assistance where needed.
Who is responsible
The hiring of a Data Protection Officer is required for all organisations who process data. They are responsible for informing and advising the controller or processor with regards to their data protection obligations. If you wish to speak with our Data Protection Officer please contact Alexandra Thorne (firstname.lastname@example.org)