Privacy Policy and Fair Clarification

idash are committed to upholding our responsibilities under General Data Protection Regulation (GDPR) EU 2016/679. GDPR requires that we provide a Privacy Policy that is jargon-free, and this is our policy.

What GDPR-applicable Data We Hold

We collect and hold personal data in the following formats:

Customer Data

We hold customer data, including names, roles, organisation, contact details. This information is held on the following:

• Our internal Business Management Systems

• Our Financial Management System, Sage 50

• Our Email and Contact System, Office 365

• Electronic customer Back-Up Data, which is encrypted in transit and in storage.

Supplier Data

We hold supplier data including names, roles, organisation, contact details. This information is held on the following:

• Our internal Business Management Systems

• Our Email and Contact System, Office 365

• Our Financial Management System, Sage 50

Employee Data

We hold employee data including, names, roles, contact details, personal details. This information is held on the following:

• In hard-copy format, held in secure filing and accessed only by idash Management

• Sage Payroll Management System

• Contact details are held in our Email and Contact System, Office 365.

idash System Back Up Data

• Electronic data encrypted in transit and in storage.

CCTV information

• idash has an CCTV system to monitor access of the building and key infrastructure. We hold this data for 30 days.

Lawful Basis

There are six lawful bases that can be applied for processing your data:

• Consent

• Contract

• Legal Obligation

• Vital Interests

• Public Task

• Legitimate Interests

The data we hold complies with this requirement as follows:

Customer Data:

• Legitimate interest – for example we hold the contact details for the persons responsible for paying invoices.

• For marketing purposes: Consent.

• For quotation, tendering, support or Backup purposes: Contractual.

• For project management purposes:

Contractual Supplier and Subcontractor Data:

• For purchasing, contracting, quotation or tendering purposes: Contractual

• For project management purposes: Contractual

Employee Data:

• Legal Obligation

CCTV information:

• Legitimate interest

Data Processors

• We act as Data processors for many of our customers

• We use third parties to process personal data. These third parties are:

  1. Microsoft who provide Azure Cloud Storage and processing services they have confirmed GDPR Compliance and all data is stored in the UK or EU.

  2. Microsoft who also provide Office 365 for our email and communication services.

Keeping Your Data Secure

We are committed to ensuring the data we keep is secure. Our premises are secured by intrusion detection systems, and our IT systems are secured with relevant protection suites. The data processors we use have demonstrated their safe handling of data.

Keeping Your Data Relevant

We will only keep data that is relevant. We will delete any data that is redundant, and we will not keep data without good reason.

Use of Data for Marketing, & Consent

We will contact you, to ask your consent to include you in our marketing campaigns.

  1. We can only contact you for marketing purposes if you give us permission to do so.

  2. If you change your mind, you can subsequently remove or add yourself to our marketing lists.

Data

Data Requests

• You can ask us what personal data we hold about you, and we must give you that information free of charge, within one month of your request.

• You can ask us to amend your data where the accuracy is in question.

Deleting Data

• If you ask us to delete your data, we will process your request and advise you of progress.

Data Breaches

• We have standard operating procedures in place to ensure data breaches are identified and remedied. We will contact you if any of your data is included or effected in the data breach.

Buying or Selling Data

• If we choose to buy personal data, we will ensure that the seller is GDPR compliant, and that all persons whose data is sold, has explicitly consented to their use of that data.

• We will not sell your data.

• Should our organisation be sold to another person or business in the future, your data may also be transferred to the new organisation. However, that data may only be used for its original lawful basis. You can still opt out, request information, or request the deletion of your data.

Data Retention

• We will not hold data for longer than is necessary

• We will make efforts to ensure that the data we hold is up-to-date and accurate

Data Manager

Our appointed Data Protection Compliance Manager is M H Marks MBE CEng. If you have a question relating to this policy, please contact him via [email protected]