CyberShelter will operate as a Data Controller regarding any Personal Identifiable Information (PII) we gather from you.
This policy sets out the following;
The type of Data we collect
How we use your Personal Data
When, and How we share that Data
How we protect your Personal Data
Your rights and choices regarding your Data
Types of Data
In order to carry out work on your behalf we may need the following information;
Your Business Name and Address
Information regarding your business
Financial and Banking and related Information in order to create a credit reference
We use this data in order to;
Carry out contracted work set out in our letters of engagement
Prepare documentation for the relevant authorities as and when required by UK Law
Sharing Your Data
In order to carry out contracted work we may host some of your data with online services used by us in order to carry out our day to day business. Although your Data may be hosted with one or more of these services no Data Processing is carried out by them at any time. For instance we may use an online (encrypted) backup service or an online accounting package in order to prepare invoices and government required taxation information.
All our supplied services services have been checked for GDPR compliance and relevant GDPR compliance certificates are stored at CyberShelter
We may also share your Data if;
The Law or a public authority says we must share that data
If we need to share data in order to establish or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk)
to any other successors in title to our business
How we protect your Data
We use computer safeguards such as firewalls and data encryption and we enforce physical access controls to our building and files to keep this data safe. We only authorise access to your data for employees who need it in order to carry out their job responsibilities
We protect your data in transit by using Secure Sockets Layer (SSL) or other encryption technologies unless specifically asked by you, the client, to do otherwise.
We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. We may, on occasion, ask for proof of identity before sharing your data with you
Whilst we take appropriate technical and procedural measures to safeguard your data please be aware that we cannot guarantee the security of any data that you transfer over the internet to us
Your Data will never be transferred to or stored at a destination outside the European Economic Area (EEA).
Your Rights and Choices
You have the right to see the personal data we hold about you, under the GDPR this is called a subject access request. If you wish to see this data then please inform us in writing via our email address, firstname.lastname@example.org.
Please inform us if you believe any of the data we hold regarding you is inaccurate and we will update that data accordingly.
You also have the right to ask us to delete all personal data we hold about you. Again please submit this request via email.