Fire Investigation Risk Evaluation Consultancy Limited:
1.4 Data Protection, references in this Policy to:
1.4.1 “Privacy and Data Protection Requirements” means: the Data Protection Act 1998 (until repealed) (“DPA”), the Data Protection Directive (95/46/EC) (until repealed) and, from 25 May 2018, the General Data Protection Regulation 2016/679 (“GDPR”) or any equivalent provision which may replace the GDPR following the formal political separation of the United Kingdom from the European Union; the Regulation of Investigatory Powers Act 2000; the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699); the Electronic Communications Data Protection Directive (2002/58/EC); the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003); and all applicable laws and regulations which may be in force from time to time relating to the processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction; and
1.4.2 “Personal Data”, “Data Controller” and “Data Processor” and “processing” shall have the meanings given to them in the DPA or, from 25 May 2018, the GDPR.
1.4.3 For the purposes of applicable Privacy and Data Protection Requirements, we (Fire Investigation Risk Evaluation Consultancy Limited) are a Data Controller and therefore we are responsible for, and control the processing of, your Personal Data in accordance with applicable Privacy and Data Protection Requirements. “Personal Data” has a legal definition but, in brief, it refers to information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Such information must be protected in accordance with applicable Privacy and Data Protection Requirements.
2. Whose personal data do we collect?
3. How long we keep your information
4. Lawful use of your personal data
4.1 We will only use your personal data where we have a lawful basis to do so. Therefore, if we received your personal data because you are employed by a client, supplier or subcontractor, we will process your personal data to perform any contract we have entered into with your employer or in relation to any steps we take at the request of your employer prior to entering into a contract.
5. Who do we share your data with?
5.1 For our legitimate interests, we may share your personal data with any service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, IT service providers, accountants, auditors and lawyers. We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
5.2 In order to comply with our legal obligations, under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety.
5.3 For our legitimate interests, we may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
6. Where we hold and process your personal data
6.1 Some or all of your personal data may be stored or transferred outside of the European Economic Area (the EEA) for any reason, including for example, if our email server is located in a country outside the EEA or if any of our service providers are based outside of the EEA.
6.2 If we do store or transfer your personal data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under applicable laws.
7.1 We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. We do this by using appropriate technical or organisational measures, for example, all information you provide to us is stored on our secure servers and our employees are required to comply with all applicable data protection laws.
7.2 Notwithstanding paragraph 6.1 above, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.
- Your rights and retention of personal data
7.1 You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date. You also have the right at any time to require that we delete your personal data and to withdraw your consent to receive communications from us.
7.2 To exercise these rights, or any other rights you may have under applicable laws, please contact us. It may take us a few days to process your request, in particular to remove you from our communications database, but we shall do our best to act promptly. Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
7.4 We retain your personal data in accordance with applicable laws. If we have received your personal data because you are an employee of a client, supplier or subcontractor, we shall retain your personal data until we no longer work with your employer, except where we are required to retain your personal data for longer to comply with accounting, audit and taxation requirements.
Last updated: January 2019