Privacy Policy

Assured Information Security Limited (Assured) provides specialist information assurance, data protection and security consultancy services to our customers. This policy covers how we deal with personal data – which is all data relating to an identified or identifiable individual. We take data protection and complying with data protection legislation very seriously, please find below how we do this.

Statement

We do not as a main business focus aim to collect, store or process personal data; we do not use our website to collect personal data; we do not use personal data for marketing or analytical purposes & we are not keen to hold any personal data unless we need to, or are required to do so legally.

All personal data we process refers to our business clients, our partners or specialist suppliers that we may engage on occasion to deliver our services. During these relationships there may be times when an individual’s data is shared with Assured, for instance if we need to hold individual’s contact or verify security clearance details.

Assured will be the Controller of all personal data and information provided to us as needed to deliver our services, and for all information that we collect about individuals when we receive requests for information about our services.

What kind of information do you collect, when and how?

We collect information about you when you:

  • order our services;
  • receive our services;
  • are involved in the delivery of our services;
  • contact us by telephone, e-mail or post, to discuss our services.

The type of information collected depends on the purpose, will be explained on request and we will never hold more information from you than is necessary.

How will we use the information that we collect?

We use the information we hold about you in several ways:

  • where it is necessary to perform our services;
  • when we invite you to provide your services;
  • where you have given us your consent for personal data to be held for specific purposes.

Please note: Where we process your information on the basis of your consent, you have the right to withdraw your consent at any time. You can do this by:

  • Writing a letter;
  • sending an email;
  • calling our office. (See ‘How do I contact you?’ section of this Privacy Notice).

In some areas, we believe we have a legitimate interest and do not consider your rights will be negatively impacted

  • Providing you with information in relation to our services your organisation has ordered from us;
  • responding to any questions or complaints you may have regarding our services.

Will you disclose personal information to third parties?

Assured does not share personal data with third parties, unless in the following circumstances;

  • Within Assured and partner companies to administer our services to the best levels of quality;
  • If consent has been given for your specific data to be shared with specific external organisations (eg. HMRC for employees, etc).

How do you protect personal data?

Any information sent to us is protected using robust security methods. The methods we use are industry-standard, ensuring data is safeguarded whilst being sent over unprotected communications paths such as the internet.

When it reaches us, we store it securely and only provide access to those authorised. Although we safeguard your personal information once received, Assured cannot guarantee the safety of any personal information you transmit to us using online methods. Our security measures include:

  • Encryption of data where appropriate.
  • Security controls which protect the entire Assured infrastructure from external attack and unauthorised access.
  • Cyber security assessments of all service providers who may handle your personal data.
  • Internal policies setting out our data security approach.

Assured processes public sector customers personal data in accordance with its contractual obligations and solely for the purpose of providing the contracted services and managing and administering the contract.

Keeping personal information

We will retain personal information for as long as necessary to fulfil the purposes we collected it for; such as any service delivery, legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the following:

  • amount, nature, and sensitivity of the personal data;
  • the potential risk of harm from unauthorised use or disclosure of your personal data;
  • the purposes for which we process your personal data;
  • whether we can achieve those purposes through other means;
  • the applicable legal requirements.

We will not keep personal data – apart from name & contact details – for longer than 12 months, unless we are continuing to provide a service that requires the additional details.

We will not keep contract related details for longer than 6 years following the termination of a contract. Afterwards the data will be erased.

Data Subject Rights

You have the following rights regarding your information:

  1. The right to be informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
  2. The right of access – you have the right to obtain access to your information (if we’re processing it), and other certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
  3. The right to rectification – you’re entitled to have your information corrected if it’s inaccurate or incomplete.
  4. The right to erasure – this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
  5. The right to restrict processing – you have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
  6. The right to data portability – you have rights to obtain and reuse your personal data for your own purposes across different services. E.g. if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
  7. The right to object – you have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).

To exercise any of these rights at, any time, you can just:

Write to us at:
Assured Information Security Ltd, 3rd Floor, Regal House, London Road, Twickenham, Middlesex TW1 4LG

or,

Email us at:
info@assuredis.co.uk

How do I contact you?

If you have any questions or concerns about our use of your personal information you can use the email or postal address above; or

Call us on 020 8618 2072

If you’re not satisfied with our response to your question or concern, or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO).

 

Assured Information Security Ltd.
May 2018