1. Introduction
This document sets out our Privacy Policy and defines data processing of personal records in accordance with General Data Protection Regulations.
2. Scope
The scope of this policy is the processing of Client and Prospective Client personal data in relation to business to business processing.
3. Responsibilities
Due to the nature of the business it has been decided that the role of Data Protection Officer is not required. The Operations Director is responsible for recommending and implementing agreed processes and policies and under the directive of the Managing Director as the ultimate risk owner.
4. Business details of data controller
Robinsons Worldwide Solutions Ltd is a company registered in England and Wales under Company Number 02464841 and with a Registered Office at 22 Barrs Street, Whittlesey, Cambs, PE7 1DA.
5. Data Controller
For the purposes of the scope of this policy RWS Ltd are the data controller and do not perform any processing on behalf of other controllers.
6. Data Processor
For the purposes of the scope of the policy RWS Ltd are not a data processor.
7. Grounds for Processing
RWS consider the following as lawful grounds satisfying requirements of GDPR Article 6.
(a) Processing personal data for Sales & Marketing purposes is made in the Legitimate Interests (GDPR Article 6 (f)) of both the data subject and data controller. This is based on the pre-qualification process engaged before contacting a data subject. The sending of communications will only occur when pre-qualification or referral has been established based on the services we provide, the services the data subject is responsible for procuring, and that a mutual benefit is likely to be gained;
(b) additional considerations include the Privacy Impact as minimal and, given the targeted nature of the processing per clause (a), use of the data is within the reasonable expectations of the data subject;
(c) further processing of a Prospective Clients’ data and the processing of Client data will be based on the request of the data subject and consent (GDPR Article 6 (a)) to continue to process.
8. How we collect data
When you visit our website.
(a) information that you provide to us when registering with our website including your email address and contact details;
(b) information that you provide to us when registering on our website to receive newsletters including your email address and contact details;
(c) use of performance cookies to gather browsing data to enable us to monitor the effectiveness of our website;
The following is in use:
a. Google Analytics; Google will store this information and provides us with statistical information; Googles Privacy Policy http://www.google.com/privacypolicy.html;
b. On Monitoring; A third party tracking software which tracks anonymous web traffic and not individual personal information.
Use of outbound marketing activities.
(a) by reviewing your business public facing websites, professional networking sites, professional registers, industry portals and any other reputable publicly available data sources;
(b) by calling company listed numbers and asking for contact details;
(c) by emailing generic company and in-company personal emails and asking for contact details;
(d) business cards and information provided via introductions at trade shows, seminars and networking events;
(e) from event organisers where you have registered to attended;
(f) referrals from other similar organisations;
(g) personal referrals within a business context;
(h) provided by you in communications as an expression of interest in our services;
(i) provided by you in communications in the provision of service.
When you contact us via telephone or email.
9. Data we collect
Based on the processing conducted in clause 8, the following types of data may be processed.
(a) computer IP address;
(b) search terms;
(c) geographical location;
(d) website referral source;
(e) website duration of visit, pages viewed, pages navigated;
(f) browser type and version;
(g) name;
(h) company name and address;
(i) email address and telephone numbers.
10. Purpose
We will only process your personal data for the following purpose or purposes:
(a) administer and personalise our website and business;
(b) communicate with you about our services (marketing and non-marketing);
(c) provide pricing, contracts, purchase agreements, service documents etc.;
(d) process payments, send statements, invoices, remittance notices and payment reminders;
(e) send requested communications and notifications by post, email or similar technology;
(f) respond to issues and complaints;
(g) verification of service terms and conditions.
11. Data sharing
We may share your data with the following parties.
(a) employees and company officers;
(b) sub-contractors of a management nature i.e. Consultants;
(c) sub-contractors for delivery of services to clients;
(d) suppliers for outsourced services i.e. IT and Communications Infrastructure;
(e) insurers and professional bodies;
(f) suppliers;
(g) payment and financial service provider’s i.e. banks and insurance companies etc.
12. International data transfer
Requirements to provide further controls for International transfers of data are managed by.
(a) retaining all processing in our UK data centres;
(b) retaining any data sharing arrangements within the EEA.
13. Security of your personal data
The security or personal data is protected by the following controls.
(a) all data is processed in our UK data centres protected by firewalled infrastructure;
(b) all mobile data is protected to include encryption and anti-malware security;
(c) mobile devices are managed via mobile device management software;
(d) remote working is via company issued devices only and only over a RDP session;
(e) no cloud or web based systems store any personal data;
(f) personal data is included in our classification scheme as sensitive;
(g) processing of sensitive data is controlled via our Acceptable Use of Assets Policy;
(h) all backup data is encrypted;
(i) all paper records containing personal data are shredded when disposed of;
(j) RWS are ISO27001 certified under UKAS accreditation by certification body BSI;
(k) processing of personal data is audited as part of ISO27001 certification;
(l) all staff and sub-contractors processing personal data are expected to comply with Baseline Standard (BPSS) as a minimum level of security clearance.
14. Retention periods
Personal data is retained for the following durations.
(a) personal data processed of a sales and marketing nature is retained for two years from last communication;
(b) personal data processed of a prospective client nature is retained for two years from last communication;
(c) personal data of an existing client nature is retained for three years from the last communication from the last project worked on
(d) Newsletter unsubscribe details are kept indefinitely as reference to ensure no further contact is made.
15. Amendments
We may update this policy from time to time by.
(a) publishing a new version on our website;
(b) notifying you of any changes by email;
Please let us know if the personal information that we hold about you needs to be corrected or updated.
16. Your rights
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to.
(a) there is no payment required; and
(b) the supply of appropriate evidence of your identity for this purpose;
(c) we may withhold personal information that you request to the extent permitted by law;
(d) you may instruct us not to process your personal information as permitted by law;
(e) you can instruct us to erase your data, compliant to GDPR Article 17;
(f) you have the right to lodge a complaint with the Data Protection Authority, if you consider your rights have been breached in anyway.
The UK Data Protection Authority contact details can be found at:
https://ico.org.uk/global/contact-us/
RWS contact details are:
Telephone: 01733 351136
E-mail: rws@rwsltd.co.uk
to raise any questions or exercise your rights in relation to GDPR.