Follow us

Contact us

info@issured.com
HOME

Privacy Policy

Scope
This policy sets out the basis by which any personal data collected from or provided to Issured Limited (“Issured Ltd”, “we”, “us”, “our”) by you, the data subject, will be processed. We are committed to protecting and respecting the privacy of our associates, employees, clients and any users of our services. Please read this privacy policy carefully so you understand our views and practices regarding your personal data and how we will treat it.

Identify and Contact Details
Issured Limited is a company registered in England and Wales (Registration number 08860437) whose registered address is 1-2 Charterhouse Mews, London, EC1M 6BB. We are registered with the Information Commissioners Office (ICO) as a data controller in the United Kingdom for the purposes of any UK Data Protection legislation resulting from EU General Data Protection Regulations (GDPR). (ICO registration number ZA220733. The Issured Data Protection Officers contact details can be found at the end of this document.

Responsibilities
The Data Protection Officer (DPO) is responsible for ensuring that this privacy policy is made available to all data subjects prior to us processing their personal data.

All our employees or associates who interact with data subjects are responsible for ensuring that this privacy policy is drawn to the data subject’s attention and their consent to the processing of their data is secured.

Privacy Policy
Who are we?
We are a consultancy specialising in independent programme assurance, business design and information system development, spanning the full development lifecycle. We provide Programme Design and Management, Business Architecture and Analysis, Information System Design, Business Change and Training Development and Information Assurance and Security Risk Management.

Cookie and analytical data
Issured do not capture any cookie or analytical data from their website. 

What personal information do we collect and why do we do it?
Unless otherwise stated, the information we process is in relation to our employees, associates and clients only. This information is provided directly to us by the data subject with their permission. We hold no other personal information

Special Category Data
We also process a small amount special category information, with regards to our employees and those associates that are contracted to Issured Limited. This is limited to:

Financial information: This is used initially to set up the payment for employees and contracted associated.  After initial setup this information is not retained on the Issured infrastructure, but the responsibility remains as part of the management of each employee and associate whilst part of Issured Limited

Although we do not hold any additional special category information, as part of some client contracts, there may be instances where we will have visibility of such information.  If this is the case the information will be captured within each specific contract. Where there is a requirement to store and protect such information, it shall be documented accordingly. We are committed to protect all information provided to us, with all special category data compartmented and secured accordingly. 

Purpose this information is held, processed, used and disclosed
  • To assess suitability for associate vacancies we judge maybe suitable for our associates job specification
  • To maintain our accounts and records to support and manage our employees and shareholders.
  • To carry out obligations arising from any contracts entered into between you as the associate and us. 
  • In order to comply with any applicable law and regulatory requirements 
  • Where data is contractually required for processing, Issured Limited may processes data without consent in order to fulfil contractual obligations (bank details to process salary)

Our legal basis for processing for the personal data
We shall ensure that processing remains lawful to the extent that:

  • The data subject has given consent to process their data for specific purposes detailed above
  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Processing is necessary for compliance with legal obligations to which the controller is subject, this could include for the purpose of detecting crime, fraud and in order to comply with any other applicable law.

Consent
Where our processing is based on consent, our controller shall be able to demonstrate that the data subject has consented to the processing of their personal and special category data.

Consent is required for us to process both personal and special category data, but it must be explicitly given. Where we are asking you for special category data we will always tell you why and how the information will be used and stored. 
By consenting to this privacy policy, you are giving us permission to process your personal data specifically for the purposes identified.

You may withdraw consent at any time by contacting our Data Protection Officer and stating:

“I, [data subject name], withdraw my consent to process my personal data from Issured Limited. Issured Limitedno longer has my consent to process my personal data for the purpose of [specify legitimate reason of processing personal data], which was previously granted”.


Once received we shall adhere to the data protection requirements and cease processing your information in line with Article 6, 1 a-f of the lawfulness of processing principle.

Where there is a contractual obligation to process personal information all data processing is carried out in accordance with the handling requirements detailed within each specific contract, with deletion and return of personal data captured as part of the contract.

Disclosure
Issured Limited WILL NOT pass on your personal data to any third parties without first obtaining your consent.

Retention period
We implement a Retention, Review and Disposal (RRD) process for all our information not just personal data, with Information Asset Owners (IAO) consulted with regards to suitable retention periods for information assets. 
 
For the purpose of process personal data, the following applies:

  • Our staff/employees, and any contracted associates, data we will be retained during the term of their employment and for 7 years thereafter. 
  • Our associates not contracted through us, CV’s shall be removed after a 12-month period, with each associate given the option to update their CV or removed their personal information altogether.
  • For information provided as part of the “leave us a message” contact/customer information, the request of name, email, phone and message are only retained to allow a response to the data subject.  This information is only retained for a maximum of 30 days and then removed from the Issured system.

If there is a business requirement to retain the “leave a message” information, i.e. services are requested and/or a contract agreed, then the information will be retained and agreed as part of that contract.

At the end of the agreed retention period your information will be securely and confidentially destroyed. 

Where there is contractual obligation to process personal information, the retention period of this information will be in line with the contract specification. All personal information will be deleted or returned as per the requirements captured within each contract.

Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or access in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breaches and will notify you and any applicable regulator where we are legally required to do so.

Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that Issured Limitedrefuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in complaints clause below.

Complaints or concerns
If you wish to exercise your rights or raise a complaint or have any concerns with the way we have handled your personal data, you can contact us through:

Issured Data Protection Officer
The Science and Innovation Centre
A&E Block Bletchley Park
Milton Keynes
MK3 6EB
Email: Compliance@issured.com


In addition, if you are not satisfied with our response or any of our data protection activities, you can make a complaint to the Information Commissioners Office at:

Wycliffe House
Water Lane
Wilmslow
Cheshire 
SK9 5AF