Protecting your Privacy

RGDP provides Data Protection Officer (DPO) services to businesses and organisations that wish to outsource all or some of their DPO and data protection functions. RGDP helps customers meet the requirements of UK and EU data protection legislation including the UK Data Protection Act and EU General Data Protection Regulation (GDPR).

Our contact details are:
One Edinburgh Quay
133 Fountainbridge
Edinburgh
EH3 9QG
Tel: 0131 222 3239
E-mail: info@rgdp.co.uk

RGDP collects, stores and uses information about

• the employees of potential and current customers
• the employees of our suppliers
• the personal data being processed by our customers to the extent that it is necessary for us to provide our services; and
• our own employees and prospective employees.

We are fully committed to dealing with all personal data in a fair and transparent way and ensure that we have the appropriate security measures in place. This notice sets out what we do with your personal data, why we do it, who we pass it on to and what we do to keep it secure. A separate notice is made available to our employees.

Our Customers and Suppliers

Our customers and suppliers are the companies we do business with. As an employee of the company we may use your personal data to contact you about the work we are doing for your company or the work you are doing for us. This personal data will usually be limited to employee contact details such as name and e-mail address.

We have a legitimate interest to process this information in order to keep doing business and provide the services that we offer.

We will also use these contact details to send you information about other data protection related products and services from time to time. This is because we have a legitimate interest in promoting our service but you will have the option to opt-out of these messages when we contact you or at any future stage.

Our potential customers

If you have expressed an interest in our services, we may use your contact details (name and e-mail address) to send information about our services and events we hold from time to time. This is because we have a legitimate interest in promoting our service but you will have the option to opt-out of these messages when we contact you or at any future stage.

Other Personal data we process as part of our service

We may occasionally have to use the personal data that is being processed by our customers in order to provide our Data Protection Officer services, for example - supporting Subject Access Requests. Occasionally this may include data classed by data protection law as ‘special category data’ such as health or ethnicity. In these circumstances we have a legitimate interest to process this data in order to provide Data Protection Officer services. We will only use this personal data for this purpose and for no other purpose. It will be held securely and then returned to our customers or securely destroyed, as soon as it is no longer required for that purpose.

We may share your personal data with the following third parties for the purposes described in this Privacy Policy:

• Government authorities, law enforcement bodies, regulators for compliance with legal requirements.
• Partner companies required to deliver the services you have asked for, such as Solicitors or Training companies.
• Trusted service providers we are using to run our business such as IT and Marketing.
• Legal and other professional advisers, law courts and law enforcement bodies if we require to enforce our legal rights in relation to our contract with your company.

We are committed to implementing appropriate technical and organisational measures in order to prevent your personal data from being accidentally or unlawfully accessed, altered, lost, destroyed or otherwise used in an unlawful manner.

Personal data of customers and suppliers

We will hold this data for as long as we are providing you or your organisation with our services or you are providing us with services. If we no longer have this relationship with you we will delete your data six years after the termination of this relationship. Where we have processed a Subject Access Request on behalf of a customer, we will return all personal data to the customer when no longer required and securely delete any personal data relating to it from our systems.

Employees of potential customers

In relation to these business contacts, if you do not engage our services or come to our events, we will hold onto your data for one year after which it will be deleted, unless you request us to delete it before this.

You have rights in relation to your personal data and can ask RGDP for the following:

• To access information about the personal data RGDP is processing and to obtain a copy of it;
• To change incorrect or incomplete data;
• To erase or stop processing your data (in certain circumstances);
• To stop sending you marketing messages; and
• To object to certain processing activities.

If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact us on the contact details above and we will do our best to address your concerns.

If you still believe that RGDP has not handled your personal data properly or has not complied with your rights, you can complain to the Information Commissioner. Contact details are available at www.ico.org.uk