The type of personal information we collect?
InfoSec Governance collect and process the following types of information:
- Personal identifiers, such as contact information (for example, name, email address and contact details)
- Financial information (for payment of services)
How do we obtain the personal information and why we have it?
Most of the personal information we process will be provided directly by you for one of the following reasons:
- Initiating communication with us via website forms, email or telephone
- Using any of our professional services
We will use the information that you have provided to answer any queries you may have and provide the necessary services involved. With your permission, we may also advise you of additional services and any important industry news that may affect you.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You are able to remove your consent at any time. You can do this by contacting [email protected]. We may use consent as a legal basis where you initiate contact via the website.
- We have a contractual obligation. Where a contract exists to provide professional services, we use contractual obligation as a legal basis.
- We have a legal obligation. We are obliged to retain transactional information by the HMRC. This could include your personal details.
How we store your personal information?
Your information is securely stored within the Microsoft 365 environment as well as our CRM and finance application. Where data is stored on local devices, your data is protected by appropriate security controls including encryption, user authentication and two-factor authentication where available.
We keep records of any contact for 2 years in case of any follow up or repeat work.
We keep records of provided services for the minimum permitted duration of “current tax year plus 6 years” as required by the HMRC. We will then dispose your information by secure methods including deletion of files / records. We may also retain the file / record but use anonymisation to remove your data and so protect your privacy.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us via the DPO contact details above.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Privacy notice 3.0 June 2021