Privacy Policy

GRC Matters

Limited

PRIVACY POLICY 

Introduction

Maintaining your privacy is really important to us. You entrust us with sensitive information, and we take that responsibility seriously. We will not disclose your personal details to any third parties unless it is necessary or where we are legally obliged to do so.

 

This Privacy Policy explains how we collect, store, and process personal data in the provision of services to our clients and users of our websites. We hope the following sections will answer any questions you have but if not, please do get in touch with us via the Contact Us section.

 

It is likely we will need to update our Policy from time to time.  This version is dated August 2019.

 

Controller and Processor

We are the “Controller” and “Processor” of your personal information. Your personal information will be securely stored confidentially on our computer systems and/or in paper files. When you are using our website, GRC Matters Ltd is the data controller. By using our website, you’re agreeing to be bound by our Privacy Policy.

 

About us

GRC Matters Ltd a compliance consultancy for firms that are regulated by the Financial Conduct Authority (FCA). We are registered with the Information Commissioner’s Office under registration number ZA544339.  For simplicity throughout this notice, ‘we’ and ‘us’ means GRC Matters Ltd and its brands.

 

The legal bases we rely on

The law on data protection sets out a number of different reasons for collecting and processing your personal data, including:


  • Consent: In specific situations, we collect and process your data with your consent.  For example, when you tick a box to receive email newsletters.
  • Contractual obligations: In certain circumstances, we need your personal data to comply with our contractual obligations.  For example, if you instruct us to manage your FCA authorisation application then we will collect the necessary information to provide the service.
  • Legitimate interests: in specific situations, we require your data to pursue our legitimate business interests in a way which might reasonably be expected as part of running our business.  We make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.  Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

 

If you have any concerns about this processing, you have the right to object to processing that is based on our legitimate interests.  You can do that by contacting us via the Contact Us section.

 

How we collect your personal data

Under GDPR personal information is defined as “any information relating to an identified or identifiable natural person”.  Personal data, or personal information means any information about an individual, from which that person can be identified. We collect personal data, or personal information, directly from you, for example when you:

  • Visit our website, and complete a form;
  • Contact us by any means to enquire about us, our services etc.
  • Engage with one of our marketing emails or on social media.
  • Engage us to provide services;
  • Subscribe to our services;
  • Other data controllers (including our clients) may also provide your personal data to us.

We may, also, obtain information about you from publicly available sources and collect website usage information using cookies (see “Cookies” section below).

 

The personal data we collect

The different types of personal data we may collect about you could include:

  • Identity Data: includes your title, full name and maiden name if applicable, date of birth, sex, marital status, passport, driving licence data or other identity card;
  • Contact Data: includes email address, telephone numbers and home address;
  • Financial Data: includes bank account details and related information;
  • Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us;
  • Usage Data: includes information about how you use our website, products and services;

For marketing purposes and based on ‘Legitimate Interests’.  You are free to opt out of at any time;

 

For other legitimate business purposes.

If you wish to change how we use your data, you’ll find details in the ‘Your Rights’ section below. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.

 

Retention period for using your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements. To determine the appropriate retention period for personal data, we consider:

  • the amount, nature, and sensitivity of the data;
  • the potential risk of harm from unauthorised use or disclosure of the data;
  • the purposes for which we process the data; and
  • the applicable legal requirements.


Personal data will generally not be held for more than seven years after the end of the relationship/appointment, unless otherwise prescribed by law or regulation.

 

How we share your information

We do not sell or distribute your personal data for commercial gain.  We may process your personal data without your knowledge where this is required or permitted by law.


We may have to share your personal data with

  • Trusted third party service providers;
  • Our auditors, insurers or regulatory bodies;
  • Our clients’ funders;
  • Our mutual clients, whom you have given permission for us to share your data with;
  • Third-parties to whom we may sell or merge our businesses or assets.


All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We work closely with them to ensure that your privacy is respected at all times. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

 

Where your data may be processed

Sometimes we will need to share your personal data with firms that provide support services to GRC Matters Ltd who are outside the European Economic Area (EEA).  Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

 

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. The data we collected is aggregated in its nature and is not specific to any one visitor. This helps us to improve our website and deliver a better service. For information about our use of cookies, please view our Cookies Policy.

You can set your browser not to accept cookies and the websites  below, tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.  For further information about cookies visit www.aboutcookies.org or www.allaboutcookies.org.

 

Links to other websites

Our website may contain links to other websites. This Privacy Policy only applies to our websites so when you link to other websites you should read their privacy policies. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

 

Your rights

Whenever we process data we will ensure that we always keep your personal data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, by contacting us via the Contact Us section. Please bear in mind that if you object this may affect our ability to carry out tasks for your benefit.

 

We want to make sure that your personal information is accurate and up to date. You have the right to request a copy of the information that we hold about you. You may ask us to correct or remove information you think is inaccurate.

 

If you would like a copy of some or all your personal information, please contact us using the Contact Us section.  If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

 

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely. Policies and procedures are in place to safeguard it from loss, misuse and improper disclosure.  We, also, have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


How to contact us

Please contact us if you have any questions about our Privacy Policy or information we hold about you by using the Contact Us section.


Email: queries@grcmatters.net

Tel: 07985 923263


© Copyright 2019. All Rights Reserved.

This website uses cookies. By continuing to use this site, you accept our use of cookies.

Accept