ICO registration number ZA318185
This Privacy Notice tells you about the types of personal data that we at Really Good Data Protection (RGDP) collect, how we handle it, how we store it and how we keep it safe.
This notice also tells you about your rights in relation to your personal data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
RGDP provides Data Protection Officer (DPO) services to businesses and organisations that wish to outsource all or some of their DPO and data protection functions. RGDP helps customers meet the requirements of UK and EU data protection legislation including the UK Data Protection Act and EU General Data Protection Regulation (GDPR).Our contact details are:
One Edinburgh Quay
Tel: 0131 222 3239
- the employees of potential and current customers
- the employees of our suppliers
- the personal data being processed by our customers to the extent that it is necessary for us to provide our services; and
- our own employees and prospective employees.
Our customers and suppliers are the companies we do business with. As an employee of the company we may use your personal data to contact you about the work we are doing for your company or the work you are doing for us. This personal data will usually be limited to employee contact details such as name and e-mail address.
We have a legitimate interest to process this information in order to keep doing business and provide the services that we offer.
We will also use these contact details to send you information about other data protection related products and services from time to time. This is because we have a legitimate interest in promoting our service but you will have the option to opt-out of these messages when we contact you or at any future stage.Our potential customers
If you have expressed an interest in our services, we may use your contact details (name and e-mail address) to send information about our services and events we hold from time to time. This is because we have a legitimate interest in promoting our service but you will have the option to opt-out of these messages when we contact you or at any future stage.Other Personal data we process as part of our service
We may occasionally have to use the personal data that is being processed by our customers in order to provide our Data Protection Officer services, for example - supporting Subject Access Requests. Occasionally this may include data classed by data protection law as ‘special category data’ such as health or ethnicity. In these circumstances we have a legitimate interest to process this data in order to provide Data Protection Officer services. We will only use this personal data for this purpose and for no other purpose. It will be held securely and then returned to our customers or securely destroyed, as soon as it is no longer required for that purpose.
- Government authorities, law enforcement bodies, regulators for compliance with legal requirements.
- Partner companies required to deliver the services you have asked for, such as Solicitors or Training companies.
- Trusted service providers we are using to run our business such as IT and Marketing.
- Legal and other professional advisers, law courts and law enforcement bodies if we require to enforce our legal rights in relation to our contract with your company.
We will hold this data for as long as we are providing you or your organisation with our services or you are providing us with services. If we no longer have this relationship with you we will delete your data six years after the termination of this relationship. Where we have processed a Subject Access Request on behalf of a customer, we will return all personal data to the customer when no longer required and securely delete any personal data relating to it from our systems.Employees of potential customers
In relation to these business contacts, if you do not engage our services or come to our events, we will hold onto your data for one year after which it will be deleted, unless you request us to delete it before this.
You have rights in relation to your personal data and can ask RGDP for the following:
- To access information about the personal data RGDP is processing and to obtain a copy of it;
- To change incorrect or incomplete data;
- To erase or stop processing your data (in certain circumstances);
- To stop sending you marketing messages; and
- To object to certain processing activities.
If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact us on the contact details above and we will do our best to address your concerns.
If you still believe that RGDP has not handled your personal data properly or has not complied with your rights, you can complain to the Information Commissioner. Contact details are available at www.ico.org.uk
Policy last updated 18 August 2018.