Coast Risk Management - Data Protection Policy
Coast Risk Management Ltd (CoastRM) collects and processes data and information about the Individuals and Service Users who come into contact with CoastRM in order to carry business activity. This personal data will be collected and dealt with appropriately whether is collected on paper, stored in a computer database, or recorded on other material and there are safeguards to ensure this meets with the requirements of the Data Protection Act 2018.
CoastRM take the issue of security and data protection very seriously and strictly adhere to guidelines published in the Data Protection Act 2018. We may make changes to this policy from time to time. If we do so, we will post the changes on our website noting the time the changes will apply from.
2. The Policy Summary
It is important to consider this full policy to understand what information we hold, how we may use it, and what your rights are, here is a summary of these, CoasrRM:
Collects information that is either personal data, ie. name, address, email or non-personal data place of employment, salary information;
Collects information about the people we assist; staff, customers and those we work with in providing consultancy service and advice;
Collect and process information to provide services, to provide information and for administration;
Will only collect the information that we need or that would be required for CoastRM to provide the best possible service and carry out business activity;
Will only collect and use the minimum amount of data for the above purpose; to cause the minimum privacy impact, with the aim to ensure those receiving information from us should be aware of this and not causing to be likely to object;
As required, CoastRM will collect and use your personal information by relying on the legitimate interest legal basis set out in the Data Protection Act 2018;
Will keep personal information secure, including any personal data held in paper, electronic, online or in any other format;
Will never sell or use personal data and will never share it with another company for marketing purposes;
Will only share data where we are required by law or with selected business partners who work with us. Requiring our partners by their contractual agreement to apply to the principals of the Data Protection Act 2018 and treat personal data in line with this policy, to only use it as instructed by us, and to allow us to check that they do this;
3. Data Security and Privacy
This policy applies to all form of data and includes CoastRM’s website, use of emails and text messages for any purposes, and any other methods we use for collecting information. It covers the collection, reason why, how data and information is processed and individuals rights for personal data security.
To enable CoastRM to ensure we achieve the highest level of data security an assessment & data flow map has been undertaken to assess under the Data Protection Act 2018 to ensure compliance with the regulation. The data flow map and information obtained and processed by the CoastRM, is to identify Personal Identifiable Data (PID). From this assessment the company has identified and developed appropriate measures to manage PID to ensure robust data security is in place and compliance with the Data Protection Act 2018.
CoastRM data protection officer has determined that purposes personal information held, will be used for. It is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.
CoastRM Data Protection Officer is Mr Colin Weatherill – Contact (01723 381 900) and any questions relating to our privacy practices should be sent via email to firstname.lastname@example.org or in writing to CoastRM head office.
5. Information collection
CoastRM will only ever collect the information that we need to undertake and perform our obligations and duties to you in accordance with the terms of our contract and allow the company to provide a service to our staff and customers. Personal information such as name, postal address, phone number, NI number, email address, date of birth, your preferred contact preferences, other information relevant i.e. next of kin details and information, bank or debit card details (where appropriate).
6. How information is used
CoastRM will use the information you provide to:
6.1 Process payment transactions, other payments, financial accounting and verify financial transactions;
6.2 Enable the supply of a services and information which may have been requested;
5.3 Undertake and perform obligations and duties in accordance with terms of our contract;
6.4 Carry out specific activities associated with the setting up and management of any consultancy work or service provision;
6.5 To carry out any due diligence (as applicable);
6.6 Provide a personalised service to a customer;
6.7 Record any contact with customers;
6.8 If there is a legal requirement to do so such as to prevent or detect fraud, any other criminal act and to enable third parties to carry out this function;
6.9 For all other purposes consistent with the proper performance of business operations, such as risk assessments, safe systems of work identifiable to your business;
6.10 Data supplied will be used to provide and support any service delivery;
6.11 For handling any instruction, deliver our services and communicate with you about matters relating to the setting up and management of a contract or as part of service provision;
6.12 To keep a record of your relationship with CoastRM to ensure we know how you prefer to be contacted and to understand how we can improve our services.
7. Information for marketing
CoastRM will only send marketing information to people who have specifically said that they agree for us to do so and to those CoastRM have a legitimate interest in communicating with, CoastRM will always seek permission to do so.
CoastRM will use and share personal data only when we have a proper reason to do so and in line with Data Protection Act 2018, these are:
Contract - Your personal and business information is processed to fulfil a contractual arrangement;
Consent - Where it is agreed to us using information in this way Legitimate interests; such as managing business activity and in providing the best service in the most secure and appropriate way;
(Having given consent by any communication channel, you may withdraw that consent at any time by contacting our office on (01723 381 900) or email email@example.com ;
Legal obligation - Where there is a statutory or other legal requirement to share the information; such as for law enforcement purposes.
9. Information sharing
CoastRM will only share information when:
9.1 We are legally required to do so, such as law enforcement agency legitimately exercising a power;
9.2 It is necessary to protect or defend contractual, professional, intellectual right, property or the personal safety of staff or visitors to our premises or website;
9.3 Working with a secure partner in carrying out work on our behalf;
9.4 Entering into business information may be disclosed to nay new business partners or owners to carry out service delivery;
9.5 To carry out due diligence;
9.6 If a customer or individual request so, information shall be disclosed if there is a legal to legitimate to do so, such as to determine if they have a history of bankruptcy or insolvency;
9.7 If a customer is unable to make payments under contract, information may be disclosed to any relevant party assisting in the recovery of this debt;
9.8 In the managing a contract for service provision disclose information to trusted partners or associates to enable access arrangements for fulfilling service requirements;
9.9 If there is a requirement to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent;
9.10 Abide by the requirements of the Data Protection Act and Data Protection Act 2018, treating personal information as carefully and securely, using the information for the purposes it was supplied.
10. Information storage and data security
CoastRM information is stored electronically on computers located in the UK, CoastRM also store information in paper files. CoastRM places the greatest importance on the security of all personally identifiable information associated with individuals and customers. CoastRM will ensure security measures are in place to attempt to protect against the loss, misuse and alteration of personal data under our control.
Only authorised personnel are authorised to access Individual and company information. Loss, misuse or alteration of data will not occur while it is under our control, CoastRM will endeavour to ensure this does not happen. CoastRM recognises the transmission of data across the internet is not completely secure and whilst we do our best to try to protect the security of your information we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
CoastRM policy is to only keep your information only for as long as we need it to provide you with the services or information you have requested, to administer a contract, to comply with the law, or to ensure we do not communicate with people that have asked us not to. CoastRM will hold business information such as risk assessments, safe systems of work and associated operational documentation on file for retention and reference unless you request for us to dispose of this or there is no longer a need for the information; we will always dispose of it securely.
CoastRM will never share or sell data or information to other organisations or companies.
11. Individual and customer rights
CoastRM recognise individual and customers have the right at any time to:
11.1 In certain circumstances to have inaccurate personal data rectified, blocked, erased destroyed;
11.2 Object to receiving any marketing communications from CoastRM;
11.3 Ask for a copy of the information CoastRM hold about (subject access request);
11.4 Have a right to ask us to stop processing your personal data, if it is not necessary for the purpose you provided it to us for, CoastRM we will stop. Please contact us on 01723 381 900 in office hours or by emailing firstname.lastname@example.org if you have any concerns.
11.5 If an individual or customer believes any information being held is incorrect or incomplete, or wish to change contact preferences at any point this can be done by calling 01723 381 900 office hours or by emailing email@example.com
11.6 Individuals and customers have a right to ask for a copy of the information CoastRM hold about them. Access to this information can be obtained by sending a description of the information you want to see and proof of your identity by post to Coast Risk Management Ltd, 13 Falsgrave Road, Scarborough,YO12 5AE. Email request will not be accepted to ensure that we only provide personal data to the right person.
For more information about your rights under the Data Protection Act go to the website of the Information Commissioner’s Office at www.ico.org.uk
CoastRM Data Protection Officer.
Signed: Colin Weatherill
Date: 24 May 2018
Review Date: May 2020 or should there be any reason to do so