Quality / Privacy / GDPR at Creative Security Dynamics

Quality Policy.

The quality policy of Creative Security Dynamics LTD is to determine, agree & conform to our client’s needs & expectations, whilst fulfilling the requirements of ISO 9001: 2015 and statutory law.

All of our security, fire detection, alarm systems, maintenance and installation services and activities are undertaken to current revisions of British Standards and industry codes of practice (Such BS 5839:1 2017 – Code of practice for design, installation, commissioning and maintenance of Fire detection and Alarm systems for non domestic buildings/premises)

Creative Security Dynamics LTD recognises that to be competitive & maintain good economic performance, we must employ management systems that continually improve the quality of our products & services that in turn increases the satisfaction of our clients, employees, shareholders, suppliers & society at large.

Key objectives of Creative Security Dynamics LTD are that the Quality Management System provides: –
  • Confidence of our clients that their requirements for quality and safety are being achieved in the delivered product or service.
  • Confidence of our management & staff that the requirements for quality are being fulfilled & maintained, & that quality improvements take place.
  • A framework for establishing and reviewing quality objectives.
  • A commitment to continual improvement of the quality management system.

We are conscious that the motivation of our employees is dependent on their training and understanding of the tasks they are expected to perform. It is part of our on-going training programme that this policy is communicated and understood at appropriate levels within the Company and to our interested parties.

Quality of workmanship is the responsibility of all employees of the company.

As the Managing Director, I am ultimately responsible for the performance of the company’s quality management system and the quality of its products and services. It is important for the continuing development of Creative security Dynamics LTD that the company ensures this policy is maintained and continues to remain suitable and effective.

This Quality Policy will be communicated to all employees, displayed in the staff office and available to Field Engineers during their induction.

Dave Spedding

Managing Director

Media Policy.

Introduction

Employees of Creative Security Dynamics Ltd may be able to access social media services and social networking websites at work, either through company IT systems or via their own personal equipment.

This social media policy describes the rules governing use of social media at Creative Security Dynamics Ltd.

It sets out how staff must behave when using the company’s social media accounts. It also explains the rules about using personal social media accounts at work and describes what staff may say about the company on their personal accounts.

This policy should be read alongside other key policies. The company’s internet use policy is particularly relevant to staff using social media.

Why this policy exists

Social media can bring significant benefits to Creative Security Dynamics Ltd, particularly for building relationships with current and potential customers.

However, it’s important that employees who use social media within the company do so in a way that enhances the company’s prospects.

A misjudged status update can generate complaints or damage the company’s reputation. There are also security and data protection issues to consider.

This policy explains how employees can use social media safely and effectively.

Policy scope

This policy applies to all staff, contractors and volunteers at Creative Security Dynamics Ltd who use social media while working — no matter whether for business or personal reasons.

It applies no matter whether that social media use takes place on company premises, while travelling for business or while working from home.

Social media sites and services include (but are not limited to):

• Popular social networks like Twitter and Facebook
• Online review websites like Reevoo and Trustpilot
• Sharing and discussion sites like Delicious and Reddit
• Photographic social networks like Flickr and Instagram
• Question and answer social networks like Quora and Yahoo Answers
• Professional social networks like LinkedIn and Sunzu

Responsibilities

Everyone who operates a company social media account or who uses their personal social media accounts at work has some responsibility for implementing this policy. However, these people have key responsibilities:

• The Managing Director is ultimately responsible for ensuring that Creative Security Dynamics Ltd uses social media safely, appropriately and in line with the company’s objectives.

• The Managing Director is responsible for providing apps and tools to manage the company’s social media presence and track any key performance indicators. They are also responsible for proactively monitoring for social media security threats.

• The Managing Director is responsible for working with the Technical Director to roll out marketing ideas and campaigns through our social media channels.

• The Managing Director is responsible for ensuring requests for assistance and support made via social media are followed up.

General social media guidelines

The power of social media

Creative Security Dynamics Ltd recognises that social media offers a platform for the company to perform marketing, stay connected with customers and build its profile online.

The company also believes its staff should be involved in industry conversations on social networks. Social media is an excellent way for employees to make useful connections, share ideas and shape discussions.

The company therefore encourages employees to use social media to support the company’s goals and objectives.

Basic advice

Regardless of which social networks employees are using, or whether they’re using business or personal accounts on company time, following these simple rules helps avoid the most common pitfalls:

• Know the social network. Employees should spend time becoming familiar with the social network before contributing. It’s important to read any FAQs and understand what is and is not acceptable on a network before posting messages or updates.

• If unsure, don’t post it. Staff should err on the side of caution when posting to social networks. If an employee feels an update or message might cause complaints or offence — or be otherwise unsuitable — they should not post it. Staff members can always consult the Managing Director for advice.

• Be thoughtful and polite. Many social media users have got into trouble simply by failing to observe basic good manners online. Employees should adopt the same level of courtesy used when communicating via email.

• Look out for security threats. Staff members should be on guard for social engineering and phishing attempts. Social networks are also used to distribute spam and malware. Further details below.

• Keep personal use reasonable. Although the company believes that having employees who are active on social media can be valuable both to those employees and to the business, staff should exercise restraint in how much personal use of social media they make during working hours.

• Don’t make promises without checking. Some social networks are very public, so employees should not make any commitments or promises on behalf of Creative Security Dynamics Ltd without checking that the company can deliver on the promises. Direct any enquiries to the [social media manager].

• Handle complex queries via other channels. Social networks are not a good place to resolve complicated enquiries and customer issues. Once a customer has made contact, employees should handle further communications via the most appropriate channel — usually email or telephone.

• Don’t escalate things. It’s easy to post a quick response to a contentious status update and then regret it. Employees should always take the time to think before responding and hold back if they are in any doubt at all.

Use of company social media accounts

This part of the social media policy covers all use of social media accounts owned and run by the company.

Authorised users

Only people who have been authorised to use the company’s social networking accounts may do so.

Authorisation is usually provided by the Managing Director. It is typically granted when social media-related tasks form a core part of an employee’s job.

Allowing only designated people to use the accounts ensures the company’s social media presence is consistent and cohesive.

Creating social media accounts

New social media accounts in the company’s name must not be created unless approved by the Managing Director.

The company operates its social media presence in line with a strategy that focuses on the most-appropriate social networks, given available resources.

If there is a case to be made for opening a new account, employees should raise this with the Managing Director.

Purpose of company social media accounts

Creative Security Dynamics Ltd social media accounts may be used for many different purposes.

In general, employees should only post updates, messages or otherwise use these accounts when that use is clearly in line with the company’s overall objectives.

For instance, employees may use company social media accounts to:

• Respond to customer enquiries and requests for help

• Share blog posts, articles and other content created by the company

• Share insightful articles, videos, media and other content relevant to the business, but created by others • Provide fans or followers with an insight into what goes on at the company

• Promote marketing campaigns and special offers • Support new product launches and other initiatives

Social media is a powerful tool that changes quickly. Employees are encouraged to think of new ways to use it, and to put those ideas to the Managing Director.

These individuals and organisations exclude all warranties and representations, express or implied, in respect of your use of the website and its content.

Inappropriate content and uses

Company social media accounts must not be used to share or spread inappropriate content, or to take part in any activities that could bring the company into disrepute.

When sharing an interesting blog post, article or piece of content, employees should always review the content thoroughly, and should not post a link based solely on a headline.

Further guidelines can be found below.

Use of personal social media accounts at work

The value of social media

Creative Security Dynamics LTd recognises that employees’ personal social media accounts can generate a number of benefits. For instance:

• Staff members can make industry contacts that may be useful in their jobs

• Employees can discover content to help them learn and develop in their role

• By posting about the company, staff members can help to build the business’ profile online
As a result, the company is happy for employees to spend a reasonable amount of time using their personal social media accounts at work.

Personal social media rules

Acceptable use:

• Employees may use their personal social media accounts for work-related purposes during regular hours but must ensure this is for a specific reason (e.g. competitor research). Social media should not affect the ability of employees to perform their regular duties.

• Use of social media accounts for non-work purposes is restricted to nonwork times, such as breaks and during lunch.

Talking about the company:

• Employees should ensure it is clear that their social media account does not represent Creative Security Dynamics Ltd views or opinions. • Staff may wish to include a disclaimer in social media profiles: ‘The views expressed are my own and do not reflect the views of my employer.’

Safe, responsible social media use

The rules in this section apply to:

• Any employees using company social media accounts

• Employees using personal social media accounts during company time

Users must not:

• Create or transmit material that might be defamatory or incur liability for the company.

• Post message, status updates or links to material or content that is inappropriate.

Inappropriate content includes: pornography, racial or religious slurs, gender-specific comments, information encouraging criminal skills or terrorism, or materials relating to cults, gambling and illegal drugs.

This definition of inappropriate content or material also covers any text, images or other media that could reasonably offend someone on the basis of race, age, sex, religious or political beliefs, national origin, disability, sexual orientation, or any other characteristic protected by law. • Use social media for any illegal or criminal activities.

• Send offensive or harassing material to others via social media.

• Broadcast unsolicited views on social, political, religious or other non-business-related matters.

• Send or post messages or material that could damage Creative Security Dynamic Ltds image or reputation.

• Interact with Creative Security Dynamics Ltds competitors in any ways which could be interpreted as being offensive, disrespectful or rude. (Communication with direct competitors should be kept to a minimum.)

• Discuss colleagues, competitors, customers or suppliers without their approval.

• Post, upload, forward or link to spam, junk email or chain emails and messages.

Copyright

Creative Security Dynamics Ltd respects and operates within copyright laws. Users may not use social media to:

• Publish or share any copyrighted software, media or materials owned by third parties, unless permitted by that third party.

If staff wish to share content published on another website, they are free to do so if that website has obvious sharing buttons or functions on it.

• Share links to illegal copies of music, films, games or other software.

Security and data protection

Employees should be aware of the security and data protection issues that can arise from using social networks.

Maintain confidentiality

Users must not:

• Share or link to any content or information owned by the company that could be considered confidential or commercially sensitive.
This might include sales figures, details of key customers, or information about future strategy or marketing campaigns.

• Share or link to any content or information owned by another company or person that could be considered confidential or commercially sensitive.

For example, if a competitor’s marketing strategy was leaked online, employees of Creative Security Dynamics Ltd should not mention it on social media.

• Share or link to data in any way that could breach the company’s data protection policy.

Protect social accounts

• Company social media accounts should be protected by strong passwords that are changed regularly and shared only with authorised users.

• Wherever possible, employees should use two-factor authentication (often called mobile phone verification) to safeguard company accounts.

• Staff must not use a new piece of software, app or service with any of the company’s social media accounts without receiving approval from the Managing Director.

Avoid social scams

• Staff should watch for phishing attempts, where scammers may attempt to use deception to obtain information relating to either the company or its customers.

Employees should never reveal sensitive details through social media channels. Customer identities must always be verified in the usual way before any account information is shared or discussed.

• Employees should avoid clicking links in posts, updates and direct messages that look suspicious. In particular, users should look out for URLs contained in generic or vague-sounding direct messages.

Policy enforcement

Monitoring social media use

Company IT and internet resources — including computers, smart phones and internet connections — are provided for legitimate business use.

The company therefore reserves the right to monitor how social networks are used and accessed through these resources.

Any such examinations or monitoring will only be carried out by authorised staff.

Additionally, all data relating to social networks written, sent or received through the company’s computer systems is part of official Creative Security Dynamics Ltd records.

The company can be legally compelled to show that information to law enforcement agencies or other parties.

Potential sanctions

Knowingly breaching this social media policy is a serious matter. Users who do so will be subject to disciplinary action, up to and including termination of employment.

Employees, contractors and other users may also be held personally liable for violating this policy.

Where appropriate, the company will involve the police or other law enforcement agencies in relation to breaches of this policy.

Job Applicant Privacy Notice.

Job Applicant Privacy Notice (compliant with GDPR)

As part of any recruitment process, Creative Security Dynamics Ltd collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information do we collect?

Creative Security Dynamics Ltd collects a range of information about you. This includes:

• your name, address and contact details, including email address and telephone number;
• details of your qualifications, skills, experience and employment history;
• information about your current level of remuneration, including benefit entitlements;
• whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
• information about your entitlement to work in the UK.

Creative Security Dynamics Ltd may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

Why does Creative Security Dynamics Ltd process personal data?

We need to process data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.

In some cases, we need to process data to ensure that we are complying with its legal obligations. For example, it is mandatory to check a successful applicant’s eligibility to work in the UK before employment starts.

Creative Security Dynamics Ltd has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
Creative Security Dynamics Ltd may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out its obligations and exercise specific rights in relation to employment.

If your application is unsuccessful, Creative Security Dynamics Ltd may keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.

Who has access to data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

How does Creative Security Dynamics Ltd protect data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long does Creative Security Dynamics Ltd keep data?

If your application for employment is unsuccessful, the organisation will hold your data on file for 3 (three) months after the end of the relevant recruitment process. If you agree to allow us to keep your personal data on file, we will hold your data on file for a further 3 (three) months for consideration for future employment opportunities. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed. You will be asked when you submit your CV whether you give us consent to hold your details for the full 6 months in order to be considered for other positions or not.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

Your rights

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• object to the processing of your data where Creative Security Dynamics Ltd is relying on its legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact Dave Spedding at info@csdynamics.co.uk

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to Creative Security Dynamics Ltd during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

Employee Privacy Notice.

Employee Privacy Notice (compliant with GDPR)

As part of your employment with Creative Security Dynamics Ltd the company holds your personal data. The organisation is committed to being transparent about how it stores and uses this data to ensure we are meeting our data protection obligations.

What information do we hold?

Creative Security Dynamics Ltd holds a range of information about you. This includes:

• your name, address and contact details, including email address and telephone number;
• details of your qualifications, skills, experience and employment history;
• information about your current level of remuneration, including benefit entitlements;
• whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
• information about your entitlement to work in the UK.

Creative Security Dynamics Ltd may have collected this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may have also collected personal data about you from third parties, such as references supplied by former employers.
Data is stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

Why does Creative Security Dynamics Ltd process personal data?

We processed data to take steps at your request prior to entering into a contract with you.

In some cases, we needed to process data to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant’s eligibility to work in the UK before employment starts.

Creative Security Dynamics Ltd has a legitimate interest in processing personal data during your employment such as, to ensure we have your up to date contact information, bank details for payroll etc. We may also need to process data to respond to and defend against legal claims.
Creative Security Dynamics Ltd may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for employees who have a disability. We process such information to carry out its obligations and exercise specific rights in relation to employment.

Who has access to data?
Your information may be shared internally for the purposes or recruitment and advancement opportunities, and payroll requirements.
We will not share your data with third parties, unless your legally required to do so.

How does Creative Security Dynamics Ltd protect data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long does Creative Security Dynamics Ltd keep data?

Your contract and employment information will be retained on file once you leave the company, in line with legal requirements, adhering to data protection legislation.

Your rights

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• object to the processing of your data where Creative Security Dynamics Ltd is relying on its legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact Dave Spedding at info@csdynamics.co.uk

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.

Policy to be signed by the employee once read:

Signed:

Print Name:

Privacy Policy.

This website is operated by Creative Security Dynamics Ltd
We want to provide you with the service and information you need, whilst remaining committed to protecting and respecting your privacy and data.
Any information collected about you is used in accordance with the General Data Protection Regulations (GDPR) 2016 and the Data Protection Act 2018.
This policy sets out the basis on which any personal data we collect from you (our clients or users/visitors to the website), or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1. Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
2. Information we may collect from you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
• Identity Data includes first name, last name, username or similar identifier, title, date of birth and sex.
• Contact Data includes billing and home address, email address and telephone numbers.
• Financial Data including bank account details.
• Transaction Data includes details about payments to and from you and other details of services you have engaged with.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Usage Data includes information about how you use our website and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not routinely collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. However, our wealth management team may be required to collect special category personal data and this will be communicated to you at the time.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. How is your personal data collected?
To ensure data is accurate we prefer to collect the information we need directly from you. We will usually do this:
• If you visit our website.
• If you complete an online form.
• When you contact us for any reason via email or telephone.
• When you start to do business/trade with the Port.
• If you provide us with your business card.
• If you enter a competition.
• When you apply for job opportunities on our website.
• If you visit our premises.

4. Purposes for which we will use your personal data
The information we collect may vary based on what services and information we provide to you. Typically we need:
• Your name, job title, email, address and contact number so we know who you are and what services you require from us.
• For enquiries we may require your contact details (telephone number and/or email address) in order to respond to your enquiry.
• We may gather information when you visit our website, such as which pages you visit or how long you spend reading a particular page.
• We collect personal information on job application forms such as your name, address, work history, qualifications and references; along with any other information which you choose to supply us with on your CV.
• We adhere to all of the principles of the GDPR including data minimisation.
• In order to keep everyone safe we use CCTV which will monitor your activities and movements in certain clearly marked areas.
We keep a record of the events you attended and emails we send you, and may even track whether you receive or open them so we can make sure we are sending you the most relevant information.
You may refuse to provide us with some or all of your personal information however this might restrict how we interact with you.
The data and information held within a job application or CV will be used to make a job offer to the applicant.
5. Disclosure of your personal data
We will also pass your data on when required to do so by law. We will never sell your data or share data for reasons other than as stated unless authorised to do so by you.
Our IT and web-hosting suppliers have access to data held to that to the extent needed to provide our website and IT systems. They are governed by contracts and will adhere to this policy.
Data held will not be transferred abroad.
We do not us any automated data processing.
6. Cookies
A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website.
We use cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer and/or device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer and/or device.
Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience.
This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
You can read Google’s privacy policy here for further information http://www.google.com/privacy.html.
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.allaboutcookies.org
7. International Transfers
We do not routinely transfer data outside the European Economic Area (EEA), however whenever we do, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8. Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. However, the transmission of information via the internet is not completely secure. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data Retention
We will only retain your personal data for as long as it’s necessary. We will keep the different types of information we collect from you from 25 May 2018 onwards in accordance with the timescales below. We are working to retrospectively apply these data retention rules to all of our records.
Subject to our obligation to retain data under our separate legislative, insurance or regulatory requirements, from 25 May 2018 onwards we will:
• keep records relating to active client matters (for whom we are receiving continued instructions) for up to 14 years; and
• when a client terminates their arrangement with us, delete any information which is over 7 years old. Data obtained in the 7 years prior to termination, will be retained for a further 7 years.
In some circumstances you can ask us to delete your data: see Right to be forgotten below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10. Your rights
You have the following rights related to your personal data:
• The right to request a copy of personal information held about you.
• The right to request that inaccuracies be corrected.
• The right to request us to stop processing your personal data.
• The right to lodge a complaint with the Information Commissioner’s Office.
• The right to withdraw consent.
• The right to delete the data we hold on you.
• The right to restrict processing.
• The right to request transfer of your data to another controller.
• The right not to be subject to automated decisions.
We must also notify you if;
• We suffer a data breach and your data is affected in a way that it poses a risk to your rights and freedoms.
• We carry out your request to correct/update, erase or not use your data.
• To exercise your right to access your data, please contact us as per the details held within the Contact Us section.
12. Contact
Any questions, queries or comments with regards to this policy or how we handle your personal data are welcomed, even if you wish to be removed from any communications. Please contact us as follows: