Introduction and purpose
ProAct is committed to protecting the privacy and security of personal information. This policy describes how we collect and use personal information about you. ProAct is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information. We are required under data protection laws to notify you of the information contained in this policy. For the purposes of this policy:
- ‘Customers’ includes persons who have engaged us to provide software solutions, tailored made software solutions, customer support and call logging, sales activity
- ‘Subscribers’ includes persons that have signed up to one of our newsletters or bulletins or attended an event and registered an interest in receiving the newsletter or business updates.
This policy applies to the personal information of past and present customers and subscribers. Please note that you may fall in to more than one of these categories so we may hold your personal information in a number of capacities.
If you are a past or present employee or consultant of the firm, we will hold further personal information about you. For further details please contact email@example.com to your line manager or supervisor. This policy does not form part of any contract that you may have with ProAct. It is provided for information purposes only.
Changes to this policy
Data Protection Contact
We have appointed a Compliance Officer for Data Protection (CODP) to oversee compliance with this policy. If you have any questions about this policy or how we handle personal information, please contact the CODP in writing using the details below.
Email address: firstname.lastname@example.org
Proact International Limited
Ffordd Richard Davies
St Asaph Business Park
General Contact via email: email@example.com
Our Limited Company registration number is: 23128910 Our ICO registration number is: Z9181332
Table of content
- The Data Protection Principles
- The kind of information that we hold about customers and subscribers
- If you fail to provide personal information
- Change of purpose
- Data sharing
- Data security
- Data transfer
- Changes to your data
- Your rights
- The Data Protection Principles -We will comply with data protection law. The law says that the personal information that we hold must be: – Used in a lawful, fair and transparent way. – Collected only for valid purposes that we have clearly explained and not used in any way that is incompatible with those purposes. – Relevant to the purposes for which it was collected and limited only to those purposes. – Accurate and kept up to date. – Kept only as long as necessary for the purposes for which it was collected. – Kept securely.
- The kind of information that we hold about customers and subscribers
Personal data, or personal information, means any information about an individual from which that person can be identified.
We collect, store and use some or all of the following categories of personal information about customers:
(A) Customer information: name, title, job title, address, telephone number, email address (B) Marketing information: name, title, job title, address, telephone number, email address, company, engagement details, event attendance history (C) Monitoring: CCTV footage, vehicle details, swipe/fob records, PC login details, use of our IT and communications systems. (D)Employee details: name, Personal email, address, NI number, bank details, date of birth, marital status, personal mobile/telephone, next of kin; their name/work number/personal/home number, Doctor name/address/telephone number, allergies/health issues , training record, Identification, copies of academic certificates, CVs, Contract of employment, References from third parties, confidential agreement, data protection agreement We use your customer information to manage and strengthen our relationship with you, this includes linking the work that we do across different practice areas and offices to ensure that you receive a seamless, streamlined service at all times.
We use your marketing information for marketing purposes, this includes contacting you with relevant newsletters, bulletins and other information about our services and measuring engagement with our communications to ensure that the content that we create is relevant and useful. Our lawful basis for this is your consent. You have the right to withdraw this consent or amend your marketing preferences at any time by contacting firstname.lastname@example.org
We collect personal information either from you directly on Google+, Linkedin. We collect personal information when you visit our premises or use our IT or communications systems including our ProAct application.
- If you fail to provide personal information If you fail to provide certain personal information when we request it, we may not be able to perform our contract with you properly which may cause a delay in our investigation and / or resolution.
- Change of purpose We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so.
- Data sharing We may share your data with third parties. We require all third parties to respect the security of your data and to treat it in accordance with the law. Third-party service providers require access to your personal data in the course of providing their services to us. We engage third parties to provide the following services: (example; payroll/pension provider).
All third parties are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third parties to use your personal data for their own purposes. We only permit them to access your personal data for specific purposes and in accordance with our instructions. We may share your personal information with other third parties, for example with a potential purchaser in the context of a potential sale or restructuring of the business. We may also need to share your personal information with a regulator to comply with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information. A third party service provider is based in the United States of America and host their services on servers based there. This means that your data may be transferred to the US as part of a technical process or for storage.
Transfers will always be subject to adequate safeguards. These safeguards may take the form of an adequacy decision. Adequacy decisions are made by the European Commission in respect of certain countries. An adequacy decision means that the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information. To ensure that your personal information does receive an adequate level of protection in the absence of an adequacy decision, we will put in place binding corporate rules or standard contractual clauses approved by the European Commission or the ICO to ensure that your personal information is treated by those third parties in a way that is consistent with and respects the EU and UK laws on data protection. If you require further information about these protective measures, please contact our CODP by emailing email@example.com
- Data security We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those people who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- Data retention We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for.
We will retain financial documentation for a minimum 6 years. Personal information of ex-employees, including contact details, appraisals and reviews be kept for at least 5 years. Ex-Customers’ employee personal data will be retained for 5 years. After which, personal data will be removed from our database. Current customers’ employee personal data will be retained to fulfil the purpose we collected it for. Where you have chosen to unsubscribe from marketing communications, we will retain your contact details to ensure that you are not sent any further communications. This information will be held indefinitely.
- Changes to your data It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes during your working relationship with us. If your personal information changes, please let us know by emailing firstname.lastname@example.org
- Your rights
Under certain circumstances, by law you have the right to:
Request access to your personal information. This is commonly known as a subject access request. This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer a copy of your personal information to another party or request the reconsideration of an automated decision, please contact our CODP by emailing email@example.com You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please . Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to.
- Complaints If you have any concerns over how we use your data, please contact our CODP in the first instance at firstname.lastname@example.org If you are not satisfied that we have addressed your concerns adequately, you have the right to lodge a complaint with the ICO. Their contact details are below:
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113 Web: www.ico.org.uk