Privacy and Data Protection Policy
Verify Solutions is committed to being transparent about how it collects and uses personal data, and to meeting its data protection obligations. This policy explains what personal data we collect or obtain about you, where we store it, how we use it, how we protect it and what your rights are regarding access to the data.
This policy applies to all current, past and prospective employees, associates, clients, customers and suppliers.
This policy should be read in conjunction with the relevant privacy notices.
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioners Office (www.ico.gov.uk).
||The person or company that determines when, why and how to process personal data, i.e. Verify Solutions
||Any activity that involves the use of personal data, e.g. payroll
||The person, company or system that processes the personal data, e.g. HR system
||A living identified or identifiable individual about whom we hold data, i.e. you
||General Data Protection Regulations EU 2016/679 and all applicable regulations, domestic legislation and any successor legislation relating to the protection of individuals with regards to the processing of personal data to which Verify Solutions is subject
||Any information that could identify the data subject (directly or indirectly), e.g. your name
||Separate notices explaining the information that the company collects about the data subjects and how this may be used
|Special Category Data
||Personal data which the GDPR says is more sensitive, and so needs more protection, e.g. gender
Why do we collect personal data?
We need to collect and use information about people with whom we work in order to operate and function as a business. These may include members of the public, current, past and prospective employees, associates, clients, customers and suppliers. In addition, we may be required by law to collect and use information in order to comply with the requirements of central government.
On occasion, we will process personal data provided by our clients in order to fulfil our business contract with them.
Where a client provides data for us to use, where requested, we will operate in accordance with their data protection policy.
How do we process personal data?
We process personal data in line with the following data protection principles:
- We will process personal data lawfully, fairly and in a transparent manner
- We will collect personal data only for specified, explicit and legitimate purposes
- We will ensure that the personal data we hold is accurate and will take reasonable steps to rectify or delete inaccurate personal data
- We will only keep personal data for the period necessary for processing
- We will adopt appropriate measures to make sure that personal data is secure and protected against unauthorised or unlawful processing and accidental loss, destruction or damage.
- We will inform the data subject the reasons for processing their personal data, how we use their data and the legal basis for processing, in the privacy notice. We will not process personal data for any other reasons.
- We will update personal data promptly if we are advised that the information has changed or is inaccurate.
- We will not transfer your personal data outside the EU without your consent.
- We will never sell your personal data.
Our website does not automatically capture or store personal data from visitors to the site. We may log the user’s IP address and hostname, and session details such as the duration of the visit, pages visited, and the nature of the browser used. This information does not identify you personally; it may be used to help us diagnose problems with our data server, to administer our website, and to compile statistics about our visitors and their use of the site. For example, we may use this data to track which pages our users are visiting most often, or to determine which web browsers our visitors use.
Any data that is collected will not be sold to any third parties for marketing purposes.
How do we protect personal data?
Where required, we will develop, implement and maintain generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
We have what we believe are appropriate security controls in place to protect personal data. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentiality means that only people who have a need to know and are authorised to use the personal data can access it.
- Integrity means that personal data is accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users are able to access the personal data when they need it for authorised purposes.
All employees will receive training on data protection. Those individuals whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests under this policy, may receive additional training to help them understand their duties and how to comply with them as appropriate.
What would happen in the event of a personal data breach occurring?
If we suspect or discover that there has been a breach of personal data, and that this could pose a risk to the rights and freedoms of individuals, we will report the breach to the Information Commissioner within 72 hours of discovery.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken
If you know or suspect that a personal data breach has occurred, do not attempt to investigate the matter yourself. Immediately advise a member of the Leadership Team and also email firstname.lastname@example.org Ensure you preserve all evidence relating to the potential personal data breach.
We will record all data breaches regardless of their effect and employees must therefore report any breach, regardless of any perceived level of severity.
The rights of the data subject
You have the following rights with respect to your personal data:
- The right to be informed – you have the right to know what personal data we hold about you, the source of the date, the purposes or processing the data and the lawful basis for processing the data.
- The right of access – you can request a copy of the personal data that we hold about you.
- The right to rectification – you can request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to erasure (the right to be forgotten) – you can request for your personal data to be erased, however this is not an absolute right and only applies in certain circumstances.
- The right to restrict processing – you can request to limit the way we use your data, however this is not an absolute right and only applies in certain circumstances.
- The right to data portability – you can request that we transmit your personal data directly to another data controller.
- The right to object – you can request that we stop processing your personal data and you can remove your consent (where consent is relied upon as the basis for processing).
- The rights related to automated decision making including profiling – you can request human involvement.
You also have the right to lodge a complaint with the Information Commissioners Office (www.ico.gov.uk).
How do I make a data subject access request?
To make a subject access request, please email email@example.com
In some cases, we may require proof of identification before we can process the request.
We will respond to the request within one month of the request being received. In exceptional cases, where there are large amounts of personal data involved, we may require up to two months to process the request.
We will respond to all subject access requests and advise:
- what personal data is processed and why
- the source of the personal data
- how the personal data is processed and the relevant safeguards in place to protect the personal data
- for how long the personal data is stored (and how that period is decided)
- the right to rectification or erasure of data, or to restrict or object to processing
- the right to complain to the Information Commissioner if you feel that we have failed to comply with data protection rights
We will post any changes to this policy on our website. Those changes will then apply to any future use by you of our website.
Alternatively, you can contact us using the following postal address or telephone numbers:
Verify Solutions Limited
10 Beech Court
Telephone: +44 (0)333 987 4040
Our telephone switchboard is open 9:00 am – 5:30 pm GMT, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.