Protecting your Privacy

ICO registration number ZA318185

This Privacy Notice tells you about the types of personal data that we at RGDP LLP collect, how we handle it, how we store it and how we keep it safe.

This notice also tells you about your rights in relation to your personal data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

Who are we?

RGDP LLP (RGDP) provides Data Protection Officer (DPO) services to businesses and organisations that wish to outsource all or some of their DPO and data protection functions. RGDP helps customers meet the requirements of UK and EU data protection legislation including the Data Protection Act 2018 and General Data Protection Regulation (GDPR).

Our contact details are:
RGDP LLP
Level2
One Edinburgh Quay
133 Fountainbridge
Edinburgh
EH3 9QG
Tel: 0131 222 3239
E-mail: info@rgdp.co.uk

What personal data do we process?

RGDP collects, stores and uses personal information about

the employees of potential and current customers
the employees of our suppliers
the personal data being processed by our customers to the extent that it is necessary for us to provide our services; and
our own employees and prospective employees.

We are fully committed to dealing with all personal data in a fair and transparent way and ensure that we have the appropriate security measures in place. This notice sets out what we do with your personal data, why we do it, who we pass it on to and what we do to keep it secure. A separate notice is made available to our employees.

Why do we process this personal data?

Our Customers and Suppliers

Our customers and suppliers are the companies we do business with. As an employee of the company we may use your personal data to contact you about the work we are doing for your company or the work you are doing for us. This personal data will usually be limited to employee contact details such as name, telephone number and e-mail address.

We have a legitimate interest to process this information in order to keep doing business and provide the services that we offer.

We will also use these contact details to send you information about other data protection related products and services from time to time. This is because we have a legitimate interest in promoting our service but you will have the option to opt-out of these messages when we contact you or at any future stage.

Our potential customers

If you have expressed an interest in our services, we may use your contact details (name and e-mail address) to send information about our services and events we hold from time to time. This is because we have a legitimate interest in promoting our service but you will have the option to opt-out of these messages when we contact you or at any future stage.

Our prospective employees

As a prospective employee, we need to process your personal data so that we can efficiently and effectively fulfil our obligations and responsibilities as a potential employer to you. The personal data that we hold includes, but is not limited to, your contact details such as name, address, telephone number and e-mail address plus any personal data that you may supply to us as part of your job application, for example, your CV and health data if that is required.

The legal bases we use for processing your personal data in these respects are Contract, Legal Obligation and for health data, Explicit Consent.

Other Personal data we process as part of our service

We may occasionally have to use the personal data that is being processed by our customers in order to provide our Data Protection Officer services, for example, supporting Subject Access Requests. Occasionally this may include data classed by data protection law as ‘special category data’ such as health or ethnicity. In these circumstances, we have a legitimate interest to process this data in order to provide Data Protection Officer services. We will only use this personal data for this purpose and for no other purpose. It will be held securely and then returned to our customers or securely destroyed, as soon as it is no longer required for that purpose.

Who we share your personal data with

We may share your personal data with the following third parties for the purposes described in this Privacy Policy:

Government authorities, law enforcement bodies, regulators for compliance with legal requirements.
Partner companies required to deliver the services you have asked for, such as Solicitors or Training companies.
Trusted service providers we are using to run our business such as IT and Marketing.
Legal and other professional advisers, law courts and law enforcement bodies if we require to enforce our legal rights in relation to our contract with your company.
Referees (for prospective employees).

Security of your personal data

We are committed to implementing appropriate technical and organisational measures in order to prevent your personal data from being accidentally or unlawfully accessed, altered, lost, destroyed or otherwise used in an unlawful manner.

Data retention

Personal data of customers and suppliers

We will hold this data for as long as we are providing you or your organisation with our services or you are providing us with services. If we no longer have this relationship with you, we will delete your data five years after the termination of this relationship. Where we have processed a Subject Access Request on behalf of a customer, we will return all personal data to the customer when no longer required and securely delete any personal data relating to it from our systems.

Employees of potential customers

In relation to these business contacts, if you do not engage our services or come to our events, we will hold onto your data for one year after which it will be deleted, unless you request us to delete it before this.

Prospective employees

If you are employed by RGDP, you will be given a copy of our employee privacy notice. For prospective employees who do not become employees, as soon as we no longer require your data, we will delete it. This will usually be within one year unless you have agreed that we may retain it for longer in order to contact you about future employment opportunities.

Your rights

You have rights in relation to your personal data and can ask RGDP for the following:

To access information about the personal data RGDP is processing and to obtain a copy of it;
To change incorrect or incomplete data;
To erase or stop processing your data (in certain circumstances);
To stop sending you marketing messages; and
To object to certain processing activities.

If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact us on the contact details above and we will do our best to address your concerns.

If you still believe that RGDP has not handled your personal data properly or has not complied with your rights, you can complain to the Information Commissioner. Contact details are available at www.ico.org.uk

Notice last updated 11 March 2020.