This document has been written to provide you with information about how we are handling or intend to handle personal information.
Introduction to data protection
Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) which comes in to effect on 25th May 2018 obliges us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the GDPR.
We aim to process information about you fairly, lawfully, and in a transparent manner. The aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.
Information we hold
The information we hold on our records concerns our relationship with you. For example:
- We hold your contact details so we can communicate with you, and to keep you informed about other services we offer which may be useful to you
- We record information about your needs and requirements to ensure our services are accessible; that we take account of any support needs in our dealings with you; and to improve our communications with you.
- We keep financial records about the amount of money you have paid us; any amount(s) outstanding and associated recovery action. Depending on your chosen method of payment, we may hold your bank account details
- We may carry out insight and satisfaction surveys to help us to monitor our performance and to improve our services to our customers.
This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information, so we can deliver services to you.
Generally, the information we hold will have been provided by you (on application or enquiry forms or when we communicate with you), but we may also hold information provided by third parties where this is relevant to your own circumstances.
We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so.
Lawful basis for processing
Our legal bases for processing your information for all of the above purposes are:
- Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Legitimate interests: the processing is necessary for our legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
- Consent: You have given clear consent for us to process your personal data for a specific purpose.
Sharing personal data
Normally, only our employees will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined in section two, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of the Act and the Regulation.
Sensitive information about health, sexual life, race and religion for example is subject to particularly stringent security and confidentiality measures.
Where necessary or required, we may share your personal information as follows:
- With third party service providers, in connection with services performed on our behalf. For example, if we use a mailing house to distribute our newsletters.
- Our relationships with such providers are governed by our contracts with them which include strict data sharing and confidentiality protocols.
- With local authorities and government departments, as necessary for administering justice, or for exercising statutory, governmental, or other public functions.
- With police and other relevant authorities (e.g. Probation Service, Department of Work and Pensions, HM Revenues and Customs) in relation to the prevention or detection of crime and fraud; the apprehension or prosecution of offenders and the assessment or collection of tax or duty.
- With our regulator, to comply with our regulatory obligations.
This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:
- To meet our legal obligations.
- In connection with legal proceedings (or where we are instructed to do so by Court order).
International transfers of personal data
We do not envisage transferring any information about or relating to you to anyone who is located outside of the European Economic Area other than as indicated above and we have a commitment from our business partners and data processors that they too will honour this commitment.
Right of access
You have the right of access to information we hold about or concerning you. If you would like to exercise this right, please do so in writing. If you are seeking to obtain specific information (e.g. about a particular matter of from a particular time period), it helps if you clarify the details of what you would like to receive in your written request. If someone is requesting information on your behalf, they will need written confirmation from you to evidence your consent for us to release this and proof of ID (both yours and theirs). We have one month to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible). In response to SARs, we will provide you with a copy of the information we hold that relates to you.
Right of rectification or erasure
If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will shall take all reasonable steps to inform those with whom we have shared your data about your request for erasure.
Right to restriction of processing
You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
Right of portability
You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent or contract and is carried out by automated means called a data portability request.
Right to object
You have a right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office (ICO) in the UK at www.ico.org.uk), should you feel that we have not handled your information in line with legislative and regulatory requirements. They can be contacted at:
Information Commissioner’s Office
0303 123 1113 | www.ico.org.uk
How long we keep it for
We keep your data for as long as is required to fulfil the purposes for which it was collected, and in any case, in accordance with our Data Retention Policy. When we are no longer required to keep your data, it will be securely destroyed or deleted.
For further information on how to request your personal information and how and why we process your information, you can contact us using the the contact details on this page.
The Compliance People
193 Bolton Road,
Telephone: 01254 265002
We may change this privacy notice from time to time, but if we change it in a way which significantly alters the terms upon which you have agreed, we will post notice of the change on our website and you will be deemed to have accepted such changes. This privacy notice was last updated in April 2018.