GDPR Auditing is committed to meeting our legal requirements with respect to Privacy for all who access and use our website and services. Under the General Data Protection Regulation, we must comply with certain requirements that are designed to ensure that any personal data you provide to us is processed with due care and attention, and that you as an individual are aware of and know how to exercise your rights with respect to any personal data you trust us with.
What data do we collect and why?
GDPR Auditing collects the personal details that you provide when you sign up for our toolkit via the payment page or when you enter your details into the Contact Us form, we will also receive some personal information if you email us directly or using email@example.com.
On the payment page we collect the following details:
- First name and last name – so we know who you are
- Contact email – so we know where to send the toolkit
- Company name – used for the provision of the service
- Address – needed for the payment
- Phone number (optional) – In case there is an issue with your order and we need to speak with you
On the contact form we collect the following details:
- Name – so we know who to get back to
- Email address – so we know how to email you
- Phone number – which is optional, if you want us to call you
- Subject (usually no personal information)
- Message – the message you provide so we can address your request
Contact via Email:
We have no control over what you might put in a message, we will however, have at least the email address you mailed us from and what you put into the message. We recommend that you keep any personal details sent to us to an absolute minimum.
How we use your information
This privacy notice tells you what to expect when GDPR Auditing collects personal information. It applies to information we collect about:
- visitors to our websites;
- people who enquire about or use our services;
- people who email us.
Visitors to our websites
However, we do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
What you need to know about:-
- Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by changing your cookie settings on our site here https://www.gdprauditing.com/cookie-policy/
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
People who Purchase or Contract with us for a Service
If you place an order for a toolkit we collect enough information to enable us to process your order and send you a toolkit and access to the portal. We collect and process this information using the ‘performance of a contract legal basis’ so that we may provide the service to you.
Unless you have specifically opted in to receive information about products and services from GDPR Auditing during the order process we will not send you any communication other than what is required for the supply of the service.
We keep this data for as long as we are providing the service to you, after you have stopped using the service(s) we keep the data for 12 months, then we anonymise it removing any personal information.
Any data classified as financial that we are required to keep will be retained according to UK HMRC rules, currently 6 years plus current year.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
If we consider the contents of an email to contain personal data we have not requested or more detail than we need then we will delete some or all of it immediately and request another with less personal details, or no personal details.
By submitting personal data to us by way of an email or an enquiry you necessarily consent to us using that information to contact you in return to complete that enquiry. We do not use that data for any other purpose. For the avoidance of doubt the legal basis for processing your enquiry is ‘consent’.
If you agree to allow us to send you information about GDPR Products and Services by opting in to that service, you do that on the basis of consent.
Who we Share Information With
When you place an order with us for a toolkit, we pass your details onto our payment processor so they may take the payment for the service, our agreement with them identifies them as a processor and ensures that the data transfer is both legal and secure.
We DO NOT share your data with anyone else.
GDPR Auditing DO NOT and WILL NOT transfer the information you provide to countries outside the European Economic Area (“EEA”).
We do pass on your information to our payment service provider, PayPal, who may process your data outside of the EEA – and possibly in the USA.
Under the UK’s GDPR regulations we rely on Article 49 section 1 (c) “the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;”
However, we refer you to Paypal’s Data Processing Addendum for card Processing Products – https://www.paypal.com/uk/webapps/mpp/ua/bt-data-protection
Where we use Google Analytics cookies and you have opted to allow them, you acknowledged that you have consented to their use and that the cookie data is processed outside of the UK and may be processed in the USA
Where data is processed in the USA under these specific circumstances, we need to make you aware that personal data processed in the USA may not be afforded the same privacy rights as those in the UK or EU/EEA.
Notification of Changes
Any policy changes, either due to business reasons or future changes in legislation will be posted on this page and, if material, may be promoted on the Website or through e-mail notification.
Your rights as an individual in respect of the data we hold
We respect the rights and freedoms of individuals and as such we would like to make you aware of the following.
You have the right to:
- Request access to your data
- Request rectification of your data where there are errors or inaccuracies, or the data is not current
- Request that the data we hold is removed entirely from our systems (the right to have data removed is only applicable where it does not conflict with our legal and regulatory requirements to keep certain records according to the data retention period)
- Request us to restrict processing of your data
- Object to our processing of your data
- Request your data in a format that is commonly used/accepted
- Send your data to another controller
- Withdraw consent already provided – at any time
You also have the right to complain to this organisation as detailed within the ‘Complaints or Queries’ section of this Policy,
To exercise your rights above please contact GDPR Auditing using any of the methods described under How to Contact us.
You also have the right to lodge a complaint with a supervisory authority, see Complaints or Queries below.
Complaints or Queries
GDPR Auditing tries to meet the highest standards when collecting and using personal information and take any complaints we receive about this very seriously.
We encourage people to bring to our attention, if they think that our collection or use of information is unfair, misleading, or inappropriate.
If you wish to complain about this policy or any of the procedures set out in it please contact: firstname.lastname@example.org.
If for any reason you believe that GDPR Auditing is not in full compliance with the GDPR or that a request or complaint has not been properly dealt with you have the right to lodge a complaint with the relevant supervisory authority, in the UK this is the ICO.
https://ico.org.uk/concerns/handling/ or call the ICO on 0303 123 1113.
GDPR Auditing Limited
47 The Lanes
Cookies are small text files that are placed on your computer or device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
How to contact us
GDPR Auditing identifies itself as the data controller for information you provide to us.
You can contact us for information, or to exercise your rights under GDPR or to make a complaint using any of the following.
Call us on +44(0)203 488 3050
Email us email@example.com or via our contact us page.
Write to us at:
GDPR Auditing Limited
47 The Lanes