On our website we do not collect or process any personal data from visitors.
If you contact us to request a meeting or use our service, and provide us with your personal data, your providing of this information will constitute your consent to us having and handling this data.
We will keep all such data according to the standards set out below.
DATA PROTECTION AGREEMENT –
Compliance of the EU General Data Protection Regulation (GDPR)
LAWFUL BASIS FOR PROCESSING DATA
We agree with clients either verbally or in writing to provide a service. The processing of personal data is necessary for us to fulfil this agreement.
We may hold your data for a short period of time before providing a service because you have provided us with the data and asked us to act in your behalf.
INTENDED PURPOSES FOR PROCESSING DATA
To fulfil services agreed.
To comply with regulations and laws set out by English law and our regulatory bodies, City & Guilds and the CIEH. To meet the requirements of ISO 9001.
SOURCE OF PERSONAL DATA
All personal data we hold will be supplied by you, the client, or your previous accountant.
We do not source your personal data from anywhere or anyone else.
DATA WE HOLD AND WHO HAS ACCESS
It is necessary for us to hold and process certain personal data about our clients. This includes, but is not limited to, the following: name, date of birth, address, contact details, business name and details.
We regularly review the data we hold for you and destroy any that is not necessary.
We store this data securely on site, where is only accessed by the directors and members of administrative staff.
THIRD PARTY DATA SHARING
It may be necessary for us to share or store your personal information with third parties. These may include: CIEH, City & Guilds, our software providers including Quickbooks, and Microsoft. We check all of our third party providers to ensure that they too comply with the GDPR and we do not establish working relationships with providers that are not compliant.
We will not share your information with any third parties unless it is necessary in order for us to fulfil the services we have agreed to provide for you.
Upon request, we can provide you with an up to date and comprehensive list of the third parties with whom your data is shared or stored.
DATA STORAGE AND DESTRUCTION
Our company policy is to retain all training-related documentation for 4 years.
City & Guilds require us to keep Street Works portfolios for a minimum of 3 years.
Unless you instruct us not to, we intend to destroy correspondence and other papers that we store after this date, other than documents which we think may be of continuing significance. If you require the retention of any document, you must notify us of that fact in writing.
We store all paper and electronic documentation securely. We review our data security annually.
Restriction of access to physical data is relatively simple as all physical data can be accessed only by us, the directors (Wesley and Rachel Fullman).
We use up to date anti-virus software, and IT protection to ensure that digital files are kept secure.
RIGHT TO BE FORGOTTEN – You may contact us at any time to request that all your personal data be forgotten. We have 28 days to respond to this request. This right is not absolute, and we will decide whether or not we can comply, depending on whether this request conflicts or contradicts with our existing obligations to our regulatory bodies.
If you do not agree with our decision you can submit a complaint to the ICO at https://ico.org.uk.
RIGHT TO RESTRICT PROCESSING – You may contact us at any time to request restriction or suppression of your personal data so that we can store it but not process it. We have 28 days to respond to your request.
RIGHT OF ACCESS – You may at any time request access to all the personal information that we hold for you. We will comply and send you all the information we hold about you within 28 days. This allows us an acceptable amount of time to gather the paper and electronic information and arrange to deliver it to you securely.
RIGHT TO RECTIFICATION – You may at any time request that we rectify incorrect or incomplete personal data that we hold or process for you.
DATA PROTECTION BREACH
Should we suffer a breach and your personal data is at risk, we will notify the ICO and yourself within 72 hours.