Like most companies, Acstro need to collect and use your personal details for a variety of purposes. This privacy notice provides you with details of what information we collect and how we process your personal data including any information you may provide through our website. We are required by data protection law to give you this notice. We only process data ‘as necessary’ and only to the extent that it is needed.
If you are not happy with any aspect of how we collect and use your data please contact us so that we can try to resolve your concern.
You have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues www.ico.org.uk.
It is very important that the information we hold about you is accurate and up to date. If your personal information changes, please write to us or email email@example.com
THE LAWFUL BASIS ON WHICH WE USE THIS INFORMATION
On 25th May 2018 the Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR). The condition for processing under the GDPR will be:
Processing Client and Supplier information as is necessary for Acstro to undertake its responsibilities in the day to day running of a project and in discharging its legal obligations to all parties involved in the project.
YOUR DATA AND OUR GDPR RESPONSIBILITIES
The General Data Protection Regulation (GDPR) gives you important rights: –
1. The right to be informed
2. How you can access your information
3. Ensuring your information is accurate
4. Making sure your information is deleted in an appropriate timeframe
5. Ensuring that your information is only used for the purposes for which it was gathered
6. In certain circumstances the right to object
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
Personal data means any information capable of identifying an individual; however, it does not include anonymised data.
Typically, the business to business personal data we collect about you is limited to the types of information found on a business card.
We may process certain types of personal data about you as follows:
HOW WILL WE USE THIS INFORMATION ABOUT YOU?
We will only use your personal data when legally permitted. The most common uses of your personal data are:
Generally, we do not rely on consent as a legal ground for processing your personal data. You have the right to withdraw consent by writing to us or emailing firstname.lastname@example.org
COLLECTING CLIENT AND SUPPLIER INFORMATION
Whilst the majority of information provided is on a voluntary basis in order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
WHO WE SHARE CLIENT AND SUPPLIER INFORMATION WITH:
We may have to share your personal data with the parties set out below for the purposes of performing our contract:
SHARING CLIENT AND SUPPLIER INFORMATION
We do not share information about our Clients and Suppliers with anyone without their prior knowledge and consent, unless the law and our policies allow us to do so.
VITAL INTEREST INFORMATION
In emergency situations it may be necessary to share information without your consent or knowledge.
REQUESTING ACCESS TO YOUR PERSONAL DATA
Under data protection legislation Clients and Suppliers have the right to request access to information about them that we hold. To make a request for your personal information please make your request in writing to the Directors including your contact details and we will contact you.
You also have the right to:
RIGHTS IN RELATION TO AUTOMATED DECISION MAKING AND PROFILING
Acstro does not use automated decision making and profiling techniques.
Acstro will not share personal data with third-parties for marketing purposes.
We may send to you our company profile about our services which may be of interest. If you do not wish to continue to receive this, you may opt out by advising us via email to email@example.com
RETAINING COMMUNICATIONS AND CORRESPONDENCE
Telephone calls are not monitored or recorded. Correspondence includes all ways in which we receive communications from whatever source. This includes emails, text messages and social media messages, letters and documentation. This can also include photographs and other visual recordings. It is in our legitimate interests to maintain an accurate record of these.
STORAGE AND SECURITY OF DATA
We keep information both electronically and in a manual filing system to maintain our records. We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, sub-consultants and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentially.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website we encourage you to read the privacy notice of every website you visit.
For further information visit www.allaboutcookies.org/
We may also obtain information from you which is available in the public domain via search engines such as Twitter, Facebook or LinkedIn. This will include information about you which you yourself made public however, when doing so we make sure that we comply with the applicable guidelines under data protection legislation.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
All information will be reviewed before destruction to determine if there are special factors that mean destruction should be delayed, e.g. potential litigation, complaints, or ongoing cases.
We will keep our policy under regular review and we will place any updates on this web page. This policy was produced on 1 August 2018.
HOW TO CONTACT US