Data Privacy Statement
Policy became operational on: 21/03/2019Approved by board / management on: 21/03/2019
Next review date: 21/03/2020
Islebest Ltd knows that your privacy is very important to you. When it comes to your information, we follow some straightforward principles. We aim to be clear about the data we collect and why.
All our employees who handle personal data have agreed to the terms of our Data Protection Policy (which can be accessed via our website) and have a responsibility to comply with it accordingly.
What personal data do we collect?
It is the nature of the services we provide that requires us to collect and process personal data. This may include:
- Your name
- Your email address
- Phone number
- Bank details
We only collect the data we require to deliver our services. Wherever we do not need to collect personal data to deliver a service we will not do so.
If you don’t provide us with personal data which we need to deliver a service, we’ll try to provide the service, but it may be impossible.
N.B. Please do not provide us with the personal data of anyone else without their permission, unless you have obtained the explicit consent from that person.
How else we have obtained your personal data?
We do not buy personal data from 3rd party vendors, nor do we collect personal data from publicly accessible sources. We will not, therefore, send out marketing materials without the permission of our clients.
How do we use your personal data?
We limit the use of personal data to ensuring we deliver the service you have requested. Furthermore, we retain your personal data only for as long as is necessary to deliver you this service. Normally this would be no longer than 6 years. Under certain circumstances we will retain your personal data longer if it is part of an accounting record which we are obliged by law to retain for 7 years. Where this is the case, your details will be kept on a dedicated server located in the UK.
After that, unless we need it for a particular investigation, we securely destroy records your personal data is contained within in line with our retention schedule. Destruction of paper records is done securely and appropriately. For example, we securely shred paper records in line with the British Standard for secure destruction of confidential material (BS EN 15713).
To whom might we disclose your personal data?
We make your personal data available to third parties who help us to provide our goods and services. Deliveries, for example.
We would only ever disclose your personal data to third parties, in the UK, in circumstances that are necessary for delivering the service agreed with you.
We never have and never will sell your personal data.
If there are attacks on our services, or other criminal activity, we may share information with the police or similar public body.
How do we secure your personal data?
Unfortunately, no data transmission over the internet or any other network can be guaranteed as 100% secure, but we take the appropriate steps to try to protect the security of your personal data. Islebest Ltd servers and all data stored locally are protected by a hardware firewall that is preventing unauthorised intrusion into the network. Software solutions are also in place which constantly scan for malware and viruses on the network. Our employees have been made aware of the importance of protecting personal information.
Hard copy documentation including personal identification is dispatched by courier, and signed for on delivery. Any paper documentation containing personal data is shredded once it becomes superfluous.
Access to personal data is restricted to authorised users on a need-to-know basis.
In the event of a data breach involving your personal data which presents a high risk we will contact you immediately.
Inaccuracies and corrections
We would like to keep your personal data accurate and up to date. If you become aware of any errors, noted on our correspondence with you for example, then please let us know by emailing us on: firstname.lastname@example.org
How to contact us and exercise your rights?
Under the General Data Protection Regulation (GDPR) you have certain rights over your personal data that we hold:
- To receive a copy of your personal data that we hold;
- To ask us to correct any errors; and
- To delete it once we no longer need it.
To contact us regarding those rights, or anything else in this data privacy statement, please write to our Managing Director on email@example.com or at our postal address below:
187 Camford Way
If you don’t feel we’ve dealt with your request appropriately, you have the right to appeal to the Information Commissioner’s Office (https://ico.org.uk).
We will update our Data Privacy Statement on an annual basis in order to maintain compliance. Notification of updates will appear on our website or by email.
Links to other websites
What are cookies?
A cookie is a small file which asks permission to be placed on your computer’s hard drive. A cookie can’t read data off your hard disk or read cookie files created by other sites. Cookies do not damage your system; they allow web applications to respond to you as an individual. A cookie in no way gives us access to your computer or any information about you, other than the personal data you choose to share with us.