This notice states:

​

What information we capture - we gather traffic data through Google Analytics, contact information through enquiries via the 'contact us' page and personal information through our professional activities with clients. We may also consume special category personal data through employment activities and undertaking application for security clearances.

​

How we use the information - we use information from Google Analytics to determine how people use our site, and contact details to communicate with individuals/organisations who have made an enquiry, or to process commercial activities related to the undertaking of professional services.

​

Our basis for processing information - we will only process personal information for contact purposes from the contact page, or unless they have been provided to us through our professional services activities for that specific purpose.  Any other personal information provided as part of execution of our professional services shall be processed in accordance with client instructions.

​

How we handle personal information - Any personal information provided as part of execution of our professional services shall be logged within an asset register, subject to risk assessment, application of controls and only handled/retained for the requirements stipulated in legislation, regulation and/or contractual obligation.

​

For clarity, legislation is considered first, then applicable regulations and finally contracts; in all cases, the most stringent requirements shall apply to information handling and retrieval of assets and where they are captured, processed, communicated and/or stored.

​

How long we will retain personal information - We will retain all details of financial transactions for seven years, all personal contact information gathered from our commercial activities will be retained for a year after project completion (or a year after last contact).  Any other personal information shall be assessed to determine if there are any other retention requirements from law, regulation and/or contractual obligations relevant to it, and these will be complied with.  Where clients request it, we shall immediately securely erase any personal information in our care where the requestor is the data controller and the personal information has come from them.

​

Your rights relating to personal information - you have a range of rights with regards to your personal information (detailed within https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/), if you wish to exercise these rights, then please use the 'contact us' page.

​

Our policy on transfer of personal information outside of the EEA - we do not knowingly use any service or system that processes personal information outside of the European Economic Area (EEA).  We take all reasonable steps to ensure that processing of personal information occurs within this zone.