Privacy policy

Privacy policy

Introduction

GDPR Auditing is committed to meeting our legal requirements with respect to Privacy for all who access and use our website and services. Under the General Data Protection Regulation, we must comply with certain requirements that are designed to ensure that any personal data you provide to us is processed with due care and attention, and that you as an individual are aware of and know how to exercise your rights with respect to any personal data you trust us with.

What data do we collect and why?

GDPR Auditing collects the personal details that you provide when you sign up for our toolkit via the payment page or when you enter your details into the Contact Us form, we will also receive some personal information if you email us directly or using info@gdprauditing.com.

On the payment page we collect the following details:

  • First name and last name – so we know who you are
  • Contact email – so we know where to send the toolkit
  • Company name – used for the provision of the service
  • Address – needed for the payment
  • Phone number (optional) – In case there is an issue with your order and we need to speak with you

On the contact form we collect the following details:

  • Name – so we know who to get back to
  • Email address – so we know how to email you
  • Phone number – which is optional, if you want us to call you
  • Subject (usually no personal information)
  • Message – the message you provide so we can address your request

Contact via Email:

We have no control over what you might put in a message, we will however, have at least the email address you mailed us from and what you put into the message. We recommend that you keep any personal details sent to us to an absolute minimum.

How we use your information

This privacy notice tells you what to expect when GDPR Auditing collects personal information. It applies to information we collect about:

  • visitors to our websites;
  • people who enquire about or use our services;
  • people who email us.

Visitors to our websites

Unless you have chosen to accept only functional cookies (see cookie policy) then when you visit www.gdprauditing.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. Whilst this information is not directly personal data, when used in combination with other data is may become personal data.

However, we do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

What you need to know about:-

  • Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by changing your cookie settings on our site here https://www.gdprauditing.com/cookie-policy/

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

People who Purchase or Contract with us for a Service

If you place an order for a toolkit we collect enough information to enable us to process your order and send you a toolkit and access to the portal. We collect and process this information using the ‘performance of a contract legal basis’ so that we may provide the service to you.

Unless you have specifically opted in to receive information about products and services from GDPR Auditing during the order process we will not send you any communication other than what is required for the supply of the service.

We keep this data for as long as we are providing the service to you, after you have stopped using the service(s) we keep the data for 12 months, then we anonymise it removing any personal information.

Any data classified as financial that we are required to keep will be retained according to UK HMRC rules, currently 6 years plus current year.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

If we consider the contents of an email to contain personal data we have not requested or more detail than we need then we will delete some or all of it immediately and request another with less personal details, or no personal details.

Whether you email us directly or via any of our generic addresses, we will only use the information you provide to respond to your enquiry and will keep it for 14 days after the last correspondence with you and then remove it, unless you become a customer and then your data will be stored and processed in line with this privacy policy and any Terms and Conditions related to the services.

By submitting personal data to us by way of an email or an enquiry you necessarily consent to us using that information to contact you in return to complete that enquiry. We do not use that data for any other purpose. For the avoidance of doubt the legal basis for processing your enquiry is ‘consent’.

If you agree to allow us to send you information about GDPR Products and Services by opting in to that service, you do that on the basis of consent.

External Sites

GDPR Auditing Limited is not responsible for the content of external internet sites. You are advised to read the privacy policy of external sites before disclosing any personal information.

Who we Share Information With

When you place an order with us for a toolkit, we pass your details onto our payment processor so they may take the payment for the service, our agreement with them identifies them as a processor and ensures that the data transfer is both legal and secure.

We DO NOT share your data with anyone else.

Overseas Transfers

GDPR Auditing DO NOT and WILL NOT transfer the information you provide to countries outside the European Economic Area (“EEA”).

We do pass on your information to our payment service provider, PayPal, who may process your data outside of the EEA – and possibly in the USA.

Under the UK’s GDPR regulations we rely on Article 49 section 1 (c) “the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;”

However, we refer you to Paypal’s Data Processing Addendum for card Processing Products – https://www.paypal.com/uk/webapps/mpp/ua/bt-data-protection

Where we use Google Analytics cookies and you have opted to allow them, you acknowledged that you have consented to their use and that the cookie data is processed outside of the UK and may be processed in the USA

Where data is processed in the USA under these specific circumstances, we need to make you aware that personal data processed in the USA may not be afforded the same privacy rights as those in the UK or EU/EEA.

Notification of Changes

Any policy changes, either due to business reasons or future changes in legislation will be posted on this page and, if material, may be promoted on the Website or through e-mail notification.

Your rights as an individual in respect of the data we hold

We respect the rights and freedoms of individuals and as such we would like to make you aware of the following.

You have the right to:

  • Request access to your data
  • Request rectification of your data where there are errors or inaccuracies, or the data is not current
  • Request that the data we hold is removed entirely from our systems (the right to have data removed is only applicable where it does not conflict with our legal and regulatory requirements to keep certain records according to the data retention period)
  • Request us to restrict processing of your data
  • Object to our processing of your data
  • Request your data in a format that is commonly used/accepted
  • Send your data to another controller
  • Withdraw consent already provided – at any time

You also have the right to complain to this organisation as detailed within the ‘Complaints or Queries’ section of this Policy,

To exercise your rights above please contact GDPR Auditing using any of the methods described under How to Contact us.

You also have the right to lodge a complaint with a supervisory authority, see Complaints or Queries below.

Complaints or Queries

GDPR Auditing tries to meet the highest standards when collecting and using personal information and take any complaints we receive about this very seriously.

We encourage people to bring to our attention, if they think that our collection or use of information is unfair, misleading, or inappropriate.

If you wish to complain about this policy or any of the procedures set out in it please contact: info@gdprauditing.com.

If for any reason you believe that GDPR Auditing is not in full compliance with the GDPR or that a request or complaint has not been properly dealt with you have the right to lodge a complaint with the relevant supervisory authority, in the UK this is the ICO.

https://ico.org.uk/concerns/handling/ or call the ICO on 0303 123 1113.

Registered Office

GDPR Auditing Limited
Grove House
47 The Lanes
Over
Cambridge
Cambridgeshire
CB24 5NQ

Cookies

Cookies are small text files that are placed on your computer or device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Please see separate Cookie Policy on this site.

How to contact us

GDPR Auditing identifies itself as the data controller for information you provide to us.

You can contact us for information, or to exercise your rights under GDPR or to make a complaint using any of the following.

Call us on +44(0)203 488 3050

Email us info@gdprauditing.com or via our contact us page.

Write to us at:

GDPR Auditing Limited
Grove House
47 The Lanes
Over
Cambridge
Cambridgeshire
CB24 5NQ

If you want to request information about our privacy policy you can email us at info@gdprauditing.com.