Information we collect
Use of your information
associates) collecting, accessing and using your data we will have confidentiality agreements in place in line with the GDPR requirements
9. The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. In addition, we may use the information for the following purposes:
Legal basis for collecting and storing information
10. Contractual obligation – in order for us to provide services to our clients we are required to retain information provided by our clients
11. Consent – we will send marketing information only to those who have consented to receive such information from us. We will continue to send information to those who were added to our marketing list prior to the 25th of May with a clear ability for them to unsubscribe at any time. All contacts added post 25 May 2018 will only be added with explicit consent and will have the clear option to unsubscribe at any time
Disclosure of your information
12. We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk
13. Where you have given explicit consent for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in
14. If you no longer want us to use your data for our third parties’ use, you can write to us at the address detailed in clause 2, or send us an email to firstname.lastname@example.org at any time.
15. Please be advised that we will not reveal information about identifiable individuals to any potential advertisers
Controlling the use of your data
16. If you have given us consent to use your data for a particular purpose you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 or email us at email@example.com at any time.
Where we store and transfer your data
17. Where third parties are used by us to store your personal data, we ensure that they are compliant with the data protection law and any such data is not held outside the EU
18. As part of the services offered to you, for example through our website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
20. We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
22. Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
23. You have the right to opt out of our processing your personal data for marketing purposes by contacting us at firstname.lastname@example.org.
Retention of your data
24. Whilst you are a client we will continue to store and use your personal data unless you request us to destroy data shared and we are able to legally do so. We will retain your personal data for no longer than ten years following your last invoice. Limited information will be retained within our accounting systems indefinitely to maintain the integrity of the data.
25. For prospective clients we will retain data for a period of no longer than ten years and for those who have actively unsubscribed we will retain data for no longer that two years from date of unsubscription
Security and Data Breaches
26. The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
27. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. You should choose a password that is not easy for someone to guess.
28. Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it
Third party links
29. You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
31. The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in clause 2, above, or by email to email@example.com. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
32. You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or by email to firstname.lastname@example.org.
Changes to this policy
33. We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.
Version: April 2018.
email@example.com www.painlesspractice.com 01491 659073