Privacy Policy

Privacy Policy
Last updated: September 2024
Previous Version: March 2024

This website is owned and operated by Data Compliant Ltd, a private limited company registered in England and Wales under company number 8850647, and our registered office is at 22 Friars Street, Suffolk CO10 2AA. We are registered with the Information Commissioner’s Office as a data controller, registration number: ZA162251

Data Compliant is committed to ensuring that your personal information and privacy are protected. This privacy policy tells you how we collect your personal data, how we store it, how we use it, and how we keep it safe. If we ask you to provide information by which you can be identified, the information will only be used in accordance with this privacy statement, in line with current UK data protection laws, including the UK Data Protection Act (DPA), UK General Data Protection Regulation (UK GDPR) and Privacy and Electronic Communications Regulations (PECR).

We are committed to ensuring that your information is secure. Your information will be held in a secure environment, and access to it will be restricted according to the “need to know” principle. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and protect the information we collect online. We use state of the art technology for processing and storing data, and data transfers, including encryption, and access control. Your personal data is processed with confidentiality and integrity.

How we collect data about you

We process the personal data of customers, prospects, enquirers, suppliers and workers. We may collect, store and use the following personal information about you which you provide to us:

via the telephone, our websites (datacompliant.co.uk and datacompliantblog.com), email, SMS, the post, or face to face
when subscribing to our e-newsletter or to receive our blogs
when providing us with your business card
when entering competitions, surveys or prize draws
when applying to work for us

We may also collect personal data from third parties, for example, social media channels such as LinkedIn or Facebook, or visitor lists from trade shows at which we have exhibited.

Data we may collect about you

The data you provide us includes only what we need to provide the service, product or information you have requested, and includes:

Contact data: name and contact information including email address and telephone number
Product / Service data: information relating to the services we have provided
Supplier service data: information relating to the services you have provided to us
Transaction data: financial details for invoicing
Marketing data: your contact and communication preferences; information relating to offers and promotions
Market research data: information relating to customer surveys or offers
Worker data: work experience and interview notes when you apply to work for us
Training data: where we act as data processor acting under your instructions, we may process employee data you provide to us for training purposes: user name, email address and log-in details to our LMS
Technical data: we collect information from your device about your visits to and use of this website. This includes collecting unique online identifiers such as an IP address, which are numbers that uniquely identify a specific computer or other device on the internet. Please see our Cookies Policy for more details.
Any other personal information that you choose to send us

What we do with your information

We promise that we shall only use your data in the way you wish, and we shall always respect your privacy. We process your data for the following purposes, and under the following legal grounds:

Purpose

To provide you with services, and to deal with enquiries and requests about them.

To contract contract with you to help us provide or administer our services.

To keep you informed and updated on relevant products and services in which you may be interested.

To maintain records of current, past and potential clients, suppliers and workers.

For internal administration purposes, including management of tasks and communication.

To improve our products and services.

For marketing research purposes, conducting customer satisfaction surveys and responding to your website visits to improve our services.

To invite you to be a guest speaker or sponsor one of our events or webinars.

To provide you with useful data news and information by post and email.

To maintain your contact preferences.

To administer our website and keep it secure.

To provide you with Data Compliant e-newsletters and blogs.

For marketing purposes such as prize draws and promotions.

For sending e-newsletters to sole traders, small partnerships, and private individuals.

Legal Basis for Processing

The processing is necessary to meet contractual obligations into which you have entered as a customer, supplier or worker. In other words, we use your personal information to fulfil the services you have asked us to provide, or which we have asked you to provide.

For our legitimate business interests. We have conducted legitimate interest assessments in which our interests and those of our clients, suppliers, workers, business contacts and prospects are balanced.

We only send e-newsletters to sole traders, small partnerships and private individuals who have requested them on the legal basis of Consent.

Disclosing your personal data

We shall keep your personal data within Data Compliant and our trusted third parties except where disclosure is required by law, for example to government bodies and law enforcement agencies.

We do not sell your data to any other company. We may transfer your data to the following data processors and vendors who act under our instructions, and with whom we have appropriate service and data processor agreements in place, in compliance with relevant data protection laws:

Workers and associate consultants who deliver our services
Third parties who provide a service to us:
- Microsoft who provides our office and email systems
- Sharefile who provides our file storage platform
- Google who provides our website tracking and statistical services
- Click-up, who provides us with a project management platform
- TalentLMS, who hosts our online training LMS
- WordPress, who distributes our emails

Data Transfers

Your personal data may be stored, processed, and transferred outside the United Kingdom (UK) or European Economic Areas (EEA) so that we can use your personal data as described in this policy. Where this is the case, we will make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. When transferring personal information outside the UK and EEA, we will:

include standard data protection clauses approved by the EU and ICO into our contracts with those third parties.
ensure that the country in which your personal information will be handled has been deemed "adequate" by the UK and/or European Commission

How long do we keep your personal information

All personal data will be held in accordance with our company retention and deletion policy. We only keep your personal information for as long as we need to, so that we can use it for the reasons described above. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of securely.

To make sure that you do not receive marketing from us after you have told us to stop sending it, we need to keep a record of that instruction with your contact details. We shall hold that information until you tell us otherwise.
CVs and interview notes from unsuccessful applicants will be held for 6 months after notifying you that you have not been successful.
Where necessary, we shall keep your personal data for as long as required to do so by law; and where required to establish, exercise or defend our legal rights.

Your rights and control over your personal data

Under the DPA 2018 and the UK GDPR, you have the right to:

Access your personal data by making a subject access request: You have the right at any time to ask us what personal information we hold about you, and to ask us to update, amend or delete any data that is incorrect or out of date. To protect your privacy and security we may need to verify your identity before disclosing or deleting your data.
Rectification, erasure or restriction of your information where this is justified: The accuracy of your personal data is important to us. You can rectify/update your personal data, including your address and contact details at any time. If you find any inaccuracy in your data at any time, we will delete or correct it promptly at your request. Proof of identity may be required in some circumstances.
Object to the processing of your information where this is justified: You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future. You have the right to opt out of marketing promotions at any time. Every email we send you contains a link which you may click to unsubscribe.
Withdraw consent: Where our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.

If you wish to exercise any of these rights, or to request details of personal information which we hold about you, please write to Data Compliant Ltd, 22 Friars Street, Sudbury, Suffolk, CO10 2AA. or email privacy@datacompliant.co.uk

Right to lodge a complaint

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you have the right to make a compliant to the data protection regulator. If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold your rights to data privacy, and can be contacted at The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: +44 (0) 01625 545 745 Website: www.ico.org.uk

Privacy & Cookies

We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website. You can choose to accept or decline cookies. In addition, you can modify your browser setting to decline cookies if you prefer. For more information about how to control cookie settings through your browser:

View "Private Browsing" settings and managing cookie settings in Firefox.
View "Incognito" and managing cookie settings in Chrome.
View "InPrivate" and managing cookie settings in Internet Explorer.
View "Private Browsing" and managing cookie settings in Safari.

For more information about how we use Cookies, please see our Cookie Policy.

Links to other websites

Our website may contain links to and details of other websites that are outside our control and are not covered by this Privacy Policy. If you visit other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. It will be helpful for you to read their Privacy Policy and Cookie Policy before providing them with your personal data.

Data Compliant International

International data protection consultants and DPOs.

22 Friars Street, Sudbury, Suffolk, CO10 2AA

Email: dc@datacompliant.co.uk

Tel No.: +44 (0) 1787 277 742