Privacy Policy
LEGAL INFORMATION

Assured Information Security Ltd.
Privacy Policy

Assured Information Security Limited (Assured) provides specialist information assurance, data protection and cyber security consultancy services to our customers. This policy covers how we deal with personal data – which is all data relating to an identified or identifiable individual. We take data protection and complying with data protection legislation very seriously, please find below how we do this.

Statement

We do not as a main business focus aim to collect, store or process personal data; we do not use our website to collect personal data for identifying individual visitors; we do not use personal data for proactive marketing purposes & we are do not hold any personal data unless we have individual consent to do so for business delivery purposes or are required to do so legally.

All personal data we process refers to our business clients, our partners or specialist suppliers that we may engage on occasion to deliver our services. During these relationships there may be times when an individual’s data is shared with Assured, for instance if we need to store email addresses or contact details for individuals, or to verify security clearance details.

Assured will be the Data Controller of all personal data and information provided to us as needed to deliver our services, and for all information that we collect about individuals when we receive requests for information about our services. 

What kind of information do we collect, when and how?

We collect information that can relate to an individual when you:

• order our services;  
• receive our services;
• are involved in the delivery of our services;
• contact us by telephone, e-mail or post, to discuss our services.  

The type of information collected depends on the purpose, will be explained on request and we will never hold more information from you than is necessary. 

Where Assured is the Data Processor of personal data shared by its clients, who are the Data Controller, we will only process data in accordance with the Data Controller’s permissions and restrictions, specified as data controls within the contractual obligations or in a separate Data Processing Agreement; and solely for the purpose of providing the contracted services and managing and administering the contract. 

How will we use the information that we collect?

We use the information we hold about you in several ways:
 
• Where it is necessary to perform our services;
• When we invite you to provide your services;
• Where you have given us your consent for personal data to be held for specific purposes.

Please note: Where we process your information on the basis of your consent, you have the right to withdraw your consent at any time. You can do this by:
 
• Writing a letter;
• Sending an email;
• Calling our office. (see ‘How do I contact you?’ section of this Privacy Notice).

In some areas, we believe we have a legitimate interest and do not consider your rights will be negatively impacted.
 
• Providing you with information in relation to our services your organisation has ordered from us;
• Responding to any questions or complaints you may have regarding our services;
 
Will we disclose personal information to third parties?

Assured does not share personal data with third parties, unless in the following circumstances;
 
• Within Assured and partner companies to administer our services to the best levels of quality;
• If consent has been given for your specific data to be shared with specific external organisations (eg. HMRC, UKSV, etc).

How will we protect personal data?
 
Any information sent to us is protected using robust security methods. The methods we use are industry-standard, ensuring data is safeguarded whilst being sent over unprotected communications paths such as the internet. 

When it reaches us, we store it securely and only provide access to those authorized with robust access controls. Although we safeguard your personal information once received, Assured cannot guarantee the safety of any personal information you transmit to us using online methods. Our security measures include:
 
• Encryption of data where appropriate.
• Security controls which protect the entire Assured infrastructure from external attack and unauthorised access.
• Cyber security assessments of all service providers who may handle your personal data, supported by NDA’s and contractual data controls.
• Internal policies setting out our data security approach.

Where Assured is the Data Processor of personal data shared by its clients, who are the Data Controller, we will only process data as in accordance with contractual obligations and solely for the purpose of providing the contracted services and managing and administering the contract. 

Keeping personal information.

We will retain personal information for as long as necessary to fulfil the purposes we collected it for; such as any service delivery, legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal data, we consider the following:

• amount, nature, and sensitivity of the personal data;
• the potential risk of harm from unauthorised use or disclosure of your personal data;
• the purposes for which we process your personal data;
• whether we can achieve those purposes through other means; 
• the applicable legal requirements.

We will not keep personal data - apart from name & contact details - for longer than 12 months, unless we are continuing to provide a service that requires the additional details. 

We will not keep contract related details for longer than 6 years following the termination of a contract. Afterwards the data will be erased.

Data Subject Rights.
 
You have the following rights regarding your information:
 
1. The right to be informed - you have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
 
2. The right of access - you have the right to obtain access to your information (if we’re processing it), and other certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
 
3. The right to rectification - you’re entitled to have your information corrected if it’s inaccurate or incomplete. 
 
4. The right to erasure - this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.  
 
5. The right to restrict processing - you have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. 
 
6. The right to data portability - you have rights to obtain and reuse your personal data for your own purposes across different services. E.g. if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
 
7. The right to object - you have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent). 
 
To exercise any of these rights at, any time, you can;

Write to us at :    Assured Information Security Ltd, 71-75 Shelton Street, London WC2H 9JQ

or, Email us at:    contact@assuredis.co.uk

How can you contact us?

If you have any questions or concerns about our use of your personal information you can use the email or postal address above; or 
 
Call us on 020 8618 2072

If you’re not satisfied with our response to your question or concern or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office, whose contact details can be found at the ICO website - www.ico.org.uk

Assured Information Security Ltd.
January 2024

Share by: