This policy is effective as of May 25th, 2018.
Data protection, privacy and confidentiality notice
Achieving Greater (AG) takes the privacy of your personal information very seriously and is committed to safeguarding your privacy and your personal information. This is to ensure that all personal data is collected, stored and processed in accordance with the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.This data protection, privacy and confidentiality notice relates to the use of any personal information supplied directly to Achieving Greater by you.
AG will comply with data protection principles that all personal data must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed.
- Accurate and, where necessary, kept up to date.
- Kept for no longer than is necessary for the purposes for which it is processed.
- Processed in a way that ensures it is appropriately secure.
This data protection, privacy and confidentiality notice sets out how Achieving Greater aims to comply with these principles. It explains the following:
- the legal basis for AG processing your personal information.
- what personal information may be collected, stored and processed about you.
- how AG will use this personal information.
- when AG may use this personal information to contact you.
- how long will AG retain your personal information.
- why/how personal information may be shared with others.
- how your personal information will be kept secure.
- your rights regarding the personal information you provide.
- personal data breaches.
The lawful basis for Achieving Greater to process your personal information is in line the GDPR as a ‘contractual need’. AG will need to process your personal data to:
- to do what you have asked i.e. provide you with specific information, or fees for services requested.
- remain in contact with you as required, to fulfil requested services.
- to comply with obligations under any agreed contract.
- to inform you about news or events provided by Achieving Greater or one of its strategic partners. You can request to not receive this contact at any time.
The personal data held by Achieving Greater
In this notice, personal information means information relating to an identified or identifiable living person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity.
AG obtains personal information from you such as name, email address, postal address, telephone number and job title, when you use the contact page on the website or via direct email or phone contact to request information regarding services provided etc.
Storing and protecting your personal data held by Achieving Greater
- AG will protect your personal data and keep it safe from unauthorised or unlawful access, alteration, processing or disclosure, and against accidental or unlawful loss, destruction or damage.
- your personal data will be stored for no longer than is necessary for the purpose for which the personal data is processed in order to do what you have asked or to comply with safeguarding or other relevant laws.
- personal data stored on electronic devices (laptops and mobile phone) are password protected and are monitored by anti-virus/anti-malware protection.
- paper records are stored securely in a locked storage cabinet.
Data sharing by Achieving Greater
AG will not share information about you with any external third party without your consent unless the law allows for this. Personal data will not normally be shared with anyone else, but may do so where:
- where the disclosure is required to satisfy safeguarding obligations.
- there is a need to liaise with other agencies – we will seek consent as necessary before doing this.
- law enforcement and government bodies legally require this to do so, including for:
- the prevention or detection of crime and/or fraud.
- the apprehension or prosecution of offenders.
- in connection with legal proceedings.
Data Retention by Achieving Greater
Your personal data will be stored for no longer than is necessary for the purpose for which the personal data is processed in order to do what you have asked or to comply with safeguarding or other relevant laws.
Data and information recorded on paper are shredded and disposed of appropriately.
Electronic data and information is deleted as and when this is no longer required to fulfil what has been asked of AG or to comply with safeguarding or other relevant laws.
Personal data breaches by Achieving Greater
AG will make all reasonable endeavours to ensure that there are no personal data breaches. In the unlikely event of a suspected data breach, AG will report the data breach to the ICO within 72 hours. Such breaches may include, but are not limited to:
- Safeguarding information being made available to an unauthorised person.
- The theft of a laptop or mobile phone containing personal data that is accessible.
Disposal of records by Achieving Greater
Personal data that is no longer needed will be disposed of securely. Personal data that has become inaccurate or out of date will also be disposed of securely, where it cannot or do not need to rectify or update it. For example, we will shred paper-based records, and overwrite or delete electronic files.
Your rights with Achieving Greater
You have a right to request that AG restrict or remove the processing of your personal data.
Subject Access Request Procedure
Achieving Greater follows the SAR code of practice published by the ICO.
You have a right to find out what personal data AG holds about you, why AG holds it and who AG might disclose it to (unless this will breach safeguarding and other relevant laws). You may exercise the right by making a written ‘subject access request’ (SAR) to AG.
Complaints of Achieving Greater
AG takes any complaints about the use of personal information very seriously. If you think that use of personal information is unfair, misleading or inappropriate, or has any other concern about AG’s data processing, please raise this with AG in the first instance.
To make a complaint, please contact Angela Gunning. Alternatively, you can make a complaint to the Information Commissioner’s Office:
- Report a concern online at https://ico.org.uk/concerns/
- Call 0303 123 1113
- Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5A
- May 25th, 2018: First revision