Privacy Policy
Introduction
Protecting the security and confidentiality of your data and that of your employees is paramount importance to Asquith Bradley Consulting Limited (“Asquith Bradley”). Therefore, we have put in place this Personal Data Protection Policy to guarantee the security of the information provided to us. This will demonstrate what data Asquith Bradley may collect, the scope of the data processed, and how the Asquith Bradley uses and protects it.
Scope of this Policy
This policy outlines how Asquith Bradley complies with data protection laws, namely the DPA 2018 and the EU GDPR framework. The DPA enacts GDPR and sets out:
How other information rights legislation, e.g. Freedom of Information Act 2000, interact with the DPA and GDPR
How personal data must be processed in the UK where it doesn't fall within EU law, e.g. immigration or national security matters
Local rules for the UK that complement GDPR, e.g. additional measures required for the processing of special category personal data
The Information Commissioner’s Office’s (ICO) role, functions, and powers
Such legislation is designed to protect how the personal data of individuals is collected and used by organisations. GDPR specifically applies if the data controller (an organisation that collects data from EU residents and who determines why personal data is processed), or processor (an organisation, either internal or external, that handles the technical processing of the data on the controller’s behalf), or the data subject (person) is based in the EU. The regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU.
Underlying Values of the DPA and GDPR
Consent – When requesting personal data people must provide consent, i.e. “opt-in” rather than “opt-out”. There must be clear, affirmative action from data subjects, not passive, ‘soft’ approval and it must be as easy to withdraw consent as it is to give it. Consent may be required for transfers outside the EEA/ EU.
Right to be forgotten - When data is no longer relevant to its original purpose, data subjects are entitled to have the company erase their personal data and cease its dissemination.
Right to access/ portability - Data subjects have the right to obtain confirmation as to whether, where & why their personal data are being processed
Privacy by design - the regulations call for the integration of key data protection principles from the onset of designing systems/technical & infrastructural measures. We should not collect/process more personal data than is necessary
Breach disclosure - Personal data breaches must be notified to the regulatory authority within 72 hours. Affected individuals may also need to be informed. Privacy Impact Assessments are mandatory before carrying out any processing that is likely to result in a high risk to data subjects.
Data Protection Officers - organisations that engage in large scale systematic monitoring or processing of sensitive personal data must appoint a Data Protection Officer
Fair Collection of Relevant and Strictly Necessary Data
While using our services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify You. This may include, but is not limited to:
Email address
First name and last name
Phone number
Only the data necessary for the exercise of our services are collected, stored, and updated. The storage of your personal data in our systems is primarily the result of their decision to entrust this data to us; we do not capture this data without your knowledge or without informing you. For the sake of transparency when collecting clients’ data, we provide full disclosure about the purpose of this collection and the nature of the rights our clients’ have.
Type of Data Processed
In the context of our commercial approaches, we may collect various categories of personal data concerning your employees, whether you are a prospect, customer, or supplier, such as identification data (surname, first name, title), professional contact details (addresses, telephone numbers, email, position) and a history of customer relations (appointments, complaints, responses to satisfaction surveys, etc.).
Your data is communicated to us when you approach us, with special note of the contact us from on this website, via partners, or directly by you within the framework of our exchanges.
In addition, you are led to communicate to us various categories of information necessary for the completion of our services. The contract binding Asquith Bradley details the data processing methods, the storage periods, and the security measures implemented by us.
Use of Clients’ Personal Data
When you provide us with personal data, we use it in accordance with the agreed purposes to undertake the services we have agreed to, to answer queries, or to enable you to access specific information.
Asquith Bradley uses a third party provider (CreditSafe) to fulfil our AML obligations when upon the signing of a contract to provide services for you, upon which it will be necessary to share personal information with this automated service.
Law enforcement: Under certain circumstances, the Company may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements may require us to disclose your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of Asquith Bradley
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of users of the service or the public
Protect against legal liability
Moreover, only in the context of our commercial relations, may store and process your professional data (surname, first name, position, …) and share it within the Asquith Bradley in order to better understand your needs and how we can adapt our services.
If you do not wish your personal data to be used for direct marketing or market research, we will respect your choice. We do not sell your personal data to third parties.
Data Retention Period
Your data is not retained beyond what is necessary; retention periods vary according to the nature of the data, the purpose of the processing and legal or regulatory requirements.
The data collected from the forms on our websites are kept for a period only as long as necessary to carry out our contractually agreed services.
The retention period for data received within the framework of our contractual relationship is specified in the contract.
Internal Compliance
In order to guarantee the correct application of our rules and the compliance of our practices over time, our Data Protection Officer follows up with each Asquith Bradley data controller and audits are carried out by our team of internal quality auditors, trained in the specific rules of the GDPR.
Should you have any queries regarding Asquith Bradley’ use of your personal data, please email info@asquithbradley.co.uk.
Any updates to this policy will be communicated in good time to all relevant parties.
Asquith Bradley Privacy Policy - January 2024