Privacy and Cookies Policies
9 St. Andrew Square, Edinburgh, EH2 2AF
Personal data is subject to certain legal safeguards and other regulations, which impose restrictions on how it may be processed by organisations and It is our policy to act in accordance with all applicable data protection laws and regulations and in line with the highest standards of ethical conduct.
We will also make sure our use of personal data is fair and transparent and will not process personal data in a manner which is misleading or detrimental to any individuals (our data subjects). We will also only collect and process the personal data we need to complete our operational activities with the aim of only holding the minimum information we require at all times. We will also make sure we review all personal data held on an ongoing basis to ensure it is still required and accurate.
Applicability and Scope of this notice
This notice applies to personal information collected from the following sources:
- Visitors to our web site or other online sites including social media pages;
- All enquiries and communications to our company;
- Business partners and associated entities who may collect information on our behalf;
- Customers, clients, suppliers and all of those who we engage with for operational activities;
- Our employees, sub-contractors or anyone working on our behalf.
Information we may collect and Process
In order to complete our business operations, we may need to collect personal data which we may collect from your directly or from a third party and this data includes the following:
- Contact details including name, address, email and telephone numbers;
- Audit evidence: we may view files / documents with personal data when completing audits but will not actively collect or retain any files / documents with personal data;
- Communications content: including all correspondence you send directly to us or any of our representatives. We may also receive communications from third parties with your personal data;
- Personal identification details including national insurance / social security number, passport details, driving licence information and other ID numbers or identification information;
- Candidate and Staff information including CV’s, qualifications, references, employment history, payroll information etc…;
- Web site information including IP address, web browser and operating system details, Internet Service Provider, location, cookies and other tracking information.
How we use this Information and why
We use the personal information we collect to provide our services as detailed in this privacy notice. The activities that may require collection and processing of personal data are as follows:
- Providing our business services to customers and clients;
- Preparing audit reports detailing evidence viewed;
- Purchasing services from suppliers and sub-contractors;
- Employment of current staff and other operatives and meeting our obligations as an employer;
- Recruiting new staff and operatives;
- Marketing our services, collecting feedback from customers and completing market research;
- Completing internal business operations including internal auditing, staff training and appraisals and other operations required in accordance with our ISO compliant management systems;
- Management of our equipment and premises including Information Communication Technology facilities and security systems;
- Monitoring and analysing traffic and performance of our web site and reviewing and analysing web site visitors.
Lawful Basis – we will only collect and process personal data where we have a clear reason and lawful basis. The lawful basis is dependent on the data processing activity and at least one of the following will apply:
a. Consent – where we have your consent to process your personal data;
b. Contract – the processing is necessary as part of our service provision;
c. Legal obligation – the processing is necessary for legal reasons;
f. Legitimate interests – the processing is necessary for our legitimate interests without infringing your rights as an individual.
What we do with this Information
In completing our services, we may be required or obligated to share your personal data with other entities including;
- Trading partners including service providers;
- Sub-contractors, suppliers and other operatives working on our behalf;
- Our legal advisors, accountants, payroll providers, pension providers and auditors;
- Our IT support providers including web hosting, analytics and cloud providers;
- Our software providers including operational, cloud file storage, sales and accounts software;
- Your former employers or other parties provided as references;
- Government agencies, regulators, law enforcement or other third parties where required for legal or regulatory compliance;
- Any other providers where you direct us to provide your information or where we have your consent.
We will never sell your data or share it with any third parties who might use it for any purpose not associated with the provision of our services. Audit evidence viewed and audit reports are not shared with any third parties unless requested or required by law.
How we store and protect this information
The personal information we collect is stored securely on our company computer systems and also in secure cloud services provided by approved providers based in the UK / EEA and we will not actively transfer your personal data internationally without consent.
File transfer - when collecting or sharing files or documents with our clients we will use secure and encrypted file transfer systems where any personal or confidential data is involved.
We may also hold paper records with personal information and have security systems in place to ensure all records are controlled and protected at all times and disposed of in a secure manner when no longer required.
Protecting the confidentiality, integrity and availability of personal data from all threats whether internal, external, deliberate or accidental is a priority. We will ensure we have implemented appropriate controls to secure personal data using physical, procedural, staff and technical security measures.
Data Retention - we will only hold personal data as long as we need it and we have systems in place for the management of and retention of data. We need to hold some personal data to comply with legal requirements and also for our own legitimate interests.
You have rights relating to your personal which we hold including the right to be informed about our processing of your personal data, as covered by this privacy notice, and the right to request a copy of the personal information we hold about you as well as various other rights as follows:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Not all of these rights will apply to all personal data we hold and process and will be dependent on the category of data and our legal basis for holding this data. If our legal basis is consent you have the right to withdraw consent at any time.
Data Subject Access - please contact us using the contact details listed at the start of this notice if you wish to request a copy of your personal information or to exercise any other rights with regards your personal data.
We will respond to all data subject access requests and will do so within one month and in line with all legally mandated time limits.
There is no charge for responding to access requests unless your request is deemed to be unfounded or if you have made numerous request which we consider to be excessive, in which case, we may notify you of a reasonable admin fee to be charged for completing the request.
You also have the right to complain to the appropriate authority for data regulation if you are unhappy with how we have used your data.
Review and update of this Policy
We may review and update this privacy notice at any time and wil formally review this notice at least annually.
If you have any comments or questions about this privacy notice or your personal data please contact us using the details at the start of this policy.
This website may also use third-party services which may also place cookies. Some of these services include but are not limited to: Google, social network sites, security firewalls and service providers. These services may also collect and use anonymous identifiers such as IP Address, HTTP Referrer, Unique Device Identifier and other non-personally identifiable information and server logs.