Privacy Notice
Introduction
This privacy notice explains how we collect, store and protect your information. Any information that identifies you as an individual is called ‘personal information’. We also explain why we collect information, how we use it and for how long we keep it. During the course of our business we are a Data Controller and in some circumstances, a Data Processor. Prior to collecting or processing personal information, we consider the impacts to data subjects and ensure that our information security and data protection practices are proportionate to the risk.
The legal purpose for collecting data
Guardian Saints CIC operates as a Community Interest Company providing services on a not-for-profit basis, our collection of personal information is usually for business purposes to satisfy contractual obligations for example the sale of goods or services in a business to business context.
Where we state that our lawful basis for processing is ‘Legitimate Interest’, we have conducted a three part Legitimate Interest Test and a copy is available upon request if you are an included data subject.
If Guardian Saints requires personal data belonging to individuals for which we cannot identify or establish another lawful basis, we will seek specific consent for its use.
We may collect your personal data if required to do so by law enforcement for example, to support an investigation.
Information collection and purpose
We collect your personal information in the following ways:
| How we collect information | Purpose of collection |
|---|---|
| Website cookies | We use this information when you access our website to assess how many people access our website. You can find out how to manage cookies from the link on our website |
| Website contact form | We use the information you provide on our website contact form so that we can respond to your enquiries |
| Telephone | When you make a telephone enquiry, we will collect your information to enable us to process your request |
| If you contact us by email we will collect your information so that we can respond to your enquiry | |
| Social media | When you engage with us on social media we may respond to your commentary |
| Surveys | From time to time Guardian Saints conduct surveys using third party suppliers. We always ensure that third party suppliers manage your information appropriately and insist that our survey suppliers conform to the National Cyber Security Centre’s standard ‘Cyber Essentials’. Information collected in this context will be anonymised |
| Training | Guardian Saints CIC provide data protection and online safety training. The names of attendees and the organisation they are associated with are retained for a period of 2 years. This information is retained for the purpose of providing certificates of attendance. We retain the information for 2 years so that we can provide copies of certificates that may be required as proof of attendance |
The personal data that we collect
In order to respond to your enquiries we may collect your name, address, telephone number, email address and company name.
When conducting a survey, we limit the amount of personal information we collect and restrict the respondent information collected to first name, associated organisation and Internet Protocol address. The Internet Protocol address is not collected for identification purposes. It is collected to separate duplicated entries.
When attending a training session, we will collect your name and the name of the company that arranged your attendance. The information is required to provide certificates of attendance. As data protection training is required by most organisations every 2 years, we retain attendance records for that period.
Protecting your data
Data protection is important to Guardian Saints and our internal policies and processes have data security and protection at their heart. We maintain certifications with Cyber Essentials and IASME governance, which provide assurance over our information security and protection processes. The staff, volunteers and contingent workers that manage or have access to personal information attend data protection training at least annually and sign our Information Security Policy as a condition of working with Guardian Saints.
How long do we keep your personal data?
We keep your information for no longer than is required to maintain our business relationship or for the length of time it takes to respond to your enquiry. Our retention policy states that personal data that is not used for a period of one year shall be deleted where technically possible from our systems unless there is a legal requirement, such as tax law, that requires us to keep it beyond that time. We may delete information more frequently if we determine we have no reasonable cause to retain it.
Who do we share your personal data with?
Guardian Saints do not share collected information with third parties. Sometimes, the collection of data is managed by a third party, such as our website hosting company, but once collected, the data is for Guardian Saints internal processes only.
We may be compelled to share your data with law enforcement or other government agencies.
Where your personal data may be processed
During the course of business, data including email, is processed within the EEA using cloud services provided by Microsoft and its associated businesses.
Our website is hosted by Duda, a US company that is registered under the US Privacy Shield certification system.
Guardian Saints CIC regularly assesses business partners in the context of Data Privacy.
What are your rights over personal data?
You have the right to:
- Request the correction of personal data we hold about you that is incomplete or out of date
- Request access to the personal data we hold about you
- Withdraw a previous consent from you for us to hold your personal data
- Request cessation of the use of your personal data for direct marketing
- That we cease processing consent-based activity after withdrawing that consent
To exercise any of your data protection rights, please contact:
The Data Controller
Guardian Saints CIC
Eagle House
Cranleigh Close
South Croydon
CR2 9LH
Or email: keepmesafe@guardiansaints.com
We will contact you within 24 hours of receipt of your request to arrange verification of the request to protect the confidentiality of your information.
If you are dissatisfied with our response
If you are unhappy with how Guardian Saints manage your personal data or how we respond to requests relating to your rights, you have the right to complain to the Information Commissioner’s Office:
Tel.: 0303 123 1113
Web: https://ico.org.uk/make-a-complaint/
Further information:
If you require further information, please contact:
The Data Controller
Guardian Saints CIC
Eagle House
Cranleigh Close
South Croydon
CR2 9LH
Or email: keepmesafe@guardiansaints.com
Privacy notice updates
This notice will be reviewed from time to time and any changes to the notice will be made on this website.
Current review date May 2021
Registered Office: Eagle House, Cranleigh Close, South Croydon, Surrey CR2 9LH
Registered in England No.09072526
© 2024 All Rights Reserved
Guardian Saints CiC