Maintaining your privacy is really important to us. You entrust us with sensitive information, and we take that responsibility seriously. We will not disclose your personal details to any third parties unless it is necessary or where we are legally obliged to do so.
It is likely we will need to update our Policy from time to time. This version is dated August 2019.
Controller and Processor
GRC Matters Ltd a compliance consultancy for firms that are regulated by the Financial Conduct Authority (FCA). We are registered with the Information Commissioner’s Office under registration number ZA544339. For simplicity throughout this notice, ‘we’ and ‘us’ means GRC Matters Ltd and its brands.
The legal bases we rely on
The law on data protection sets out a number of different reasons for collecting and processing your personal data, including:
If you have any concerns about this processing, you have the right to object to processing that is based on our legitimate interests. You can do that by contacting us via the Contact Us section.
How we collect your personal data
Under GDPR personal information is defined as “any information relating to an identified or identifiable natural person”. Personal data, or personal information means any information about an individual, from which that person can be identified. We collect personal data, or personal information, directly from you, for example when you:
We may, also, obtain information about you from publicly available sources and collect website usage information using cookies (see “Cookies” section below).
The personal data we collect
The different types of personal data we may collect about you could include:
For marketing purposes and based on ‘Legitimate Interests’. You are free to opt out of at any time;
For other legitimate business purposes.
If you wish to change how we use your data, you’ll find details in the ‘Your Rights’ section below. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Retention period for using your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements. To determine the appropriate retention period for personal data, we consider:
Personal data will generally not be held for more than seven years after the end of the relationship/appointment, unless otherwise prescribed by law or regulation.
How we share your information
We do not sell or distribute your personal data for commercial gain. We may process your personal data without your knowledge where this is required or permitted by law.
We may have to share your personal data with
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We work closely with them to ensure that your privacy is respected at all times. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
Where your data may be processed
Sometimes we will need to share your personal data with firms that provide support services to GRC Matters Ltd who are outside the European Economic Area (EEA). Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
You can set your browser not to accept cookies and the websites below, tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result. For further information about cookies visit www.aboutcookies.org or www.allaboutcookies.org.
Links to other websites
Whenever we process data we will ensure that we always keep your personal data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, by contacting us via the Contact Us section. Please bear in mind that if you object this may affect our ability to carry out tasks for your benefit.
We want to make sure that your personal information is accurate and up to date. You have the right to request a copy of the information that we hold about you. You may ask us to correct or remove information you think is inaccurate.
If you would like a copy of some or all your personal information, please contact us using the Contact Us section. If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Policies and procedures are in place to safeguard it from loss, misuse and improper disclosure. We, also, have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How to contact us
Tel: 07985 923263
© Copyright 2019. All Rights Reserved.