We respect your privacy. All data we collect is used for internal purposes only and we will never sell your personal information to 3rd parties.
PRIVACY & DATA PROTECTION POLICY
Compliance Marque is a part of the Compliance Standard Group. For more information see http://compliancestandardgroup.co.uk/.
Our office address is: Compliance Marque, C/O Compliance Standard Group, Harley House, 29 Cambray Place, Cheltenham, Glos, GL50 1JN. Our office contact number is 01242 323864.
Our registered office address is: Compliance Marque, C/O Compliance Standard Group, Harley House, 29 Cambray Place, Cheltenham, Glos, GL50 1JN. Our registered office contact number is 01242 323864.
WHAT DATA WE COLLECT
We only collect data that you provide to us by completing a form on our website, sending us an email, calling via the telephone, or making an enquiry to us via a third party resource online or offline. In some cases, we may also collect data that is available within the public domain where it has a legitimate business use. We only store data that we have a specific and legitimate business purpose for.
As standard, this may include, but is not limited to:
- Email address
- Phone number
- First name
- Last name
- Organisation name
- Details of your enquiry
Where personal data is collected, its purpose will be made explicitly clear to you at the time of collection.
HOW WE USE DATA
We may use the data we collect for a range of reasons, including:
- Responding to your enquiry.
- To enter into a contract with you.
- To communicate with you about your account and provide support.
- To bill and collect money owed to us by you.
- To send you important system alert messages.
- To provide information to representatives and advisors, including accountants, to help us comply with legal, accounting, or security requirements.
- To meet legal requirements, including complying with appropriate legal mechanisms.
- To prosecute and defend a court, arbitration, or similar legal proceeding.
- To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- To carry out other legitimate and lawful business activities, about which we will notify you.
- Analysing your use of www.heritagemarque.co.uk (our website) to enable us to continually improve your user experience on our website.
- Only with your express permission and where permitted by law, we may also use your personal data to contact you with information and news about services.
We do not share your personal data with any third parties, subject to three exceptions:
- If in the course of managing your account and delivering our services to you, it became necessary to share your data with a third party supplier – such as an advertiser/publisher who is running an advertising campaign for your business – this would only be done so with your express written consent.
- To help us comply with legal and accounting requirements, we may need to provide information access to our advisors. For example: our accountants will require limited access to certain data to provide accounting services to us. In such cases, data access is limited and we will have obtained a statement of GDPR compliance from the third party in question prior to any transaction taking place.
- Under limited circumstances, we may be legally required to share certain personal data, to facilitate legal proceedings or comply with legal obligations, a court order, or the instructions of a government authority.
HOW WE STORE AND PROCESS DATA
The Company shall ensure that all personal data collected, held, and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage. All data we hold is encrypted and access is limited by password protection.
Any data you submit to us is stored on an encrypted and password protected UK-based server.
The Company shall not keep personal data for any longer than is reasonably necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
OTHER STEPS WE TAKE TO PROTECT YOUR DATA DURING STORAGE AND PROCESSING
The Company shall ensure that the following measures are taken with respect to the storage and use of personal data:
- Internally, only team members with a specific and vital need as part of their role within the company will have access to the data we hold. In such cases, employees are trained in privacy and data protection policy and data access is only granted by consent of a company director.
- All hard copies of personal data, along with any electronic copies stored on physical, removable media is stored securely in a locked box, drawer, cabinet, or similar.
- All personal data stored electronically is encrypted and password protected.
- No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or otherwise without the formal written approval of a Company Director and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary; and
- No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken).
IF YOU WANT COPIES OF YOUR DATA – SUBJECT ACCESS REQUEST (SAR)
Under data protection law, you are entitled to make a subject access request (SAR) at any time to find out more about the personal data we hold on you (if any), how we are using it and why.
The response time for a SAR request is one month. However, this may be extended by up to two additional months for complex requests.
There is no fee for the handling of a single SAR request by a data subject (you). However, we do reserve the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
YOUR RIGHT TO BE FORGOTTEN
You have the right to ask us to delete or otherwise dispose of any of your personal data that we have. Should you wish to do so, please contact us using the details at the bottom of this policy.
OUR DATA BREACH PROCEDURES
In the event of a data breach, such as a hack of our systems, or loss of physical documents, our Data Protection Officer (DPO) Dave Middlemiss, will be immediately notified. The DPO will then make a detailed record of the event and, where applicable and appropriate, notify the data subjects and Information Commissioners Office (ICO) within 72 hours.
Data breach notifications will include the following information:
- The categories and approximate number of data subjects concerned;
- The categories and approximate number of personal data records concerned;
- The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);
- The likely consequences of the breach;
- Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites as such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
HOW WE CONDUCT DATA PROTECTION ASSESSMENTS FOR NEW PROJECTS OR ENDEAVOURS
Compliance Standard Group shall carry out Data Protection Impact Assessments for any and all new projects and/or new uses of personal data.
Data Protection Impact Assessments shall be overseen by the Data Protection Officer and shall address the following:
- The type(s) of personal data that will be collected, held, and processed.
- The purpose(s) for which personal data is to be used.
- The Company’s objectives.
- How personal data is to be used.
- The parties (internal and/or external) who are to be consulted.
- The necessity and proportionality of the data processing with respect to the purpose(s) for which it is being processed.
- Risks posed to data subjects.
- Risks posed both within and to the Company; and
- Proposed measures to minimise and handle identified risks.
FAIR PROCESSING NOTICE
In the event that the Compliance Standards Group is sold, the new owners shall own all company data lawfully collected and stored, and they shall continue to use the data for the same purposes only, in accordance with this policy and the law.
IMPLEMENTATION OF THIS POLICY
This Policy shall be deemed effective as of 20TH May 2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
CHANGES TO THIS POLICY
HOW TO CONTACT US
To contact us about data protection, please use the following details:
Contact: Dave Middlemiss
Phone: 01452 835805
Postal address: Compliance Marque C/O Compliance Standards Group, North Warehouse, Gloucester Docks, Gloucester, GL1 2EP
MORE INFORMATION ABOUT DATA PROTECTION PRINCIPLES
The above policy aims to be compliant with the General Data Protection Regulation (GDPR). The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
- Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
TERMS OF USING THIS WEBSITE
Unless otherwise stated, the contents of this site, including but not limited to the text and images contained herein and their arrangement, are the property of Compliance Standards Group (CSG), all rights reserved.
USE OF SITE CONTENT
CSG allows visitors to our website to read, print, or download one copy of information (web pages, articles, PDF downloads) provided on our site for your personal, non-commercial use. You may not reprint, modify, or reproduce any content without prior written permission.
Articles authored by CSG and published by third party publications, are subject to the terms and use of CSG and/or the publisher. Users must obtain written permission prior to using, reprinting, or republishing any such information.
LINKS FROM OUR SITE
This site may provide links to third party web sites, however we do not explicitly endorse the content and/or have control over the information supplied. Any use you make of the content provided by such third party sites is at your own risk.
Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them.
LINKING TO OUR SITE
You may link to our website, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.
You must not establish a link from any website that is not owned by you.
We reserve the right to withdraw linking permission without notice.
VIRUSES, HACKING AND OTHER OFFENCES
You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our site or to your downloading of any material posted on it, or on any website linked to it.
JURISDICTION AND APPLICABLE LAW
The English and Welsh courts will have exclusive jurisdiction over any claim arising from, or related to, a visit to our site.
The information provided on this site is free of charge and for informational purposes only and does not create a business or professional services relationship between you and icet solutions. The information contained in this web site is provided only as general information which may or may not reflect the most current developments; accordingly, information on this web site is not promised or guaranteed to be correct or complete. icet solutions expressly disclaims all liability in respect to actions taken or not taken based on any or all the contents of this web site.
If you have any concerns or comments about material which appears on our site, please contact firstname.lastname@example.org.
Thank you for visiting our site.
WHAT ARE COOKIES?
Cookies are very small text files that are stored on your computer when you visit some websites.
WHAT COOKIES DO WE USE AND WHY?
On our website, we use Google Analytics cookies to keep track of which pages are being visited and what content is popular, but none of our cookies collect any personally identifiable information about you. We just want to make sure we keep producing content that you want to read, and that it’s presented in the clearest way.
For more information about what data is collected using Google Analytics, please visit http://www.google.com/analytics/learn/privacy.html
HOW CAN YOU CONTROL COOKIES?
If you want to restrict or block the cookies from any website, you can adjust the settings in your browser to limit which cookies are stored.
To find out more about how to do this, visit www.aboutcookies.org
MAKING COMMENTS ON THIS WEBSITE
Visitor comments may also be checked through an automated spam detection service.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
EMBEDDED CONTENT FROM OTHER WEBSITES
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.