Except as set out below, GSA do not share, or sell, or disclose to a third party, any information collected through our website.
Recorded, stored information irrespective of the medium by which it is recorded or on which it is stored. It may be on a computer or paper. Having been recorded in writing, it will still be an unlawful disclosure of data if it is subsequently given to someone directly or indirectly, verbally, on the telephone or even left on an answering machine.
Any information about an individual from which they can be identified, either taken on its own or combined with other information held by the data controller, or, in this case, the company. It may be factual data or an expression of opinion or intent. It may be something as simple as a telephone number or a piece of advice, such as (where X is data identifying the individual) “X is not right for this job” or “X should face disciplinary proceedings over this”. It does not have to be negative in nature and would still be personal data if it is complimentary or positive: “X is adjusting well to this difficult situation”.
Sensitive personal data
Data falling within particular categories of personal information, relating to any person’s: racial or ethnic origin; political beliefs, opinions or affiliations; religious or some philosophical beliefs; membership or non-membership of trade unions; physical, mental or sexual health, condition or preferences; participation in, allegations pertaining to or the progress of or sentencing for any criminal acts or proceedings.
Any person to whom the personal information relates.
Global Secure Accreditation Limited is the controller and are responsible for your personal data (collectively referred to as GSA, “we”, “us” or “our” in this privacy notice).
Any action involving data including the passive retention of it. It denotes all stages from acquiring to disposing of data and all actions in between while the data processor is in control of the data such as recording, maintaining, storing, updating or amending, disclosing or deleting it.
GSA will ensure that all personal data is processed in accordance with the following fundamental principles. The company will:
Personal information may be collected from you in various ways, for example:
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
All information you provide to us is stored on our secure servers or those of our third-party data storage providers.
We may collect, use, and store personal data about your identity and contact information, including information such as First Name, Last Name, Company, Email and Telephone details that you may have provided to us. This information will be used for the purposes of your enquiry. We may additionally use this information to understand your needs and provide you with a better service, and for the following reasons:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Further information about the types of lawful basis that we will rely on to process your personal data is provided below:
Your information will not be disclosed to any third party unless you have given your consent to such disclosure. You may at any time ask us to refrain from sending you marketing messages by sending us an email with the words UNSUBSCRIBE in the subject box to email@example.com, telephoning us or selecting UNSUBSCRIBE in all email outreach sent by GSA.
We may disclose aggregated statistics about our site visitors, clients and sales in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.
We use the following third-party services to track and monitor visitor flows and behaviour.
Social Media Services
Some pages of our website may connect with the following social media services. These may use third party cookies to connect with your own account to provide personalised content. If you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter, or giving us a ‘+1’ via Google Plus, those social networks will record that you have done so and may set a cookie for this purpose.
Email Communication Services
We may use third-party services to send emails, if utilised they will indirectly have access to a portion of your activity and some of your personal details. Once an email leaves our systems that we use directly, it may be routed through any number of other systems.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Compliance with the law
Subject Access Requests
Under certain circumstances, all data subjects have rights under data protection laws in relation to your personal data. These include:
All data subjects have the legal right to request details of information held about them by the company. Subject access requests must be made by the data subject in writing and must be accompanied by an administration fee of £10.
Any subject access requests received by managers or other employees should be referred to the Office Manager. The company will respond to any subject access requests promptly, and in any event within 40 days.
You have the right to require us to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.
Erasure of Data
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. If you would like us to destroy information held about you, please let us know. However, please note that if you use any of our services which require you to provide personal information, deleting our records will mean that you will need to resubmit it to continue using such services. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If our business is sold, we will transfer your personal information to a third party:
We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the relevant seller or buyer of our business may not be able to provide services to you.
In some circumstances we may also need to share your personal information if we are under a duty to disclose or share it to comply with a legal obligation.
If you would like to contact us with any queries or comments, please send an e-mail to firstname.lastname@example.org or alternatively write to GSA, One Croydon, 12-16 Addiscombe Road, Croydon, CR0 0XT.
To find out more about your rights under the GDPR, visit the Information Commissioner’s website (www.ico.org.uk).