The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.
Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites.)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. Neither this website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses].
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Integrale Limited General Data Protection Policy
Data collection and processing for the purposes of accounting, including but not limited to names, addresses, contact information, payment information is required to fulfil the legal obligations of the company and its directors. Data collected for this purpose will be held for as long as is legally required and then securely destroyed, as described below.
Integrale Ltd (Integrale) may collect data during the course of business and may include all and any personal data provided to the client by service users. This information is required for Integrale to provide contractually obligated services to clients and will be retained for a maximum of 10 years, or until such time as this is no longer required.
This information may be considered as held for ‘legitimate interests’ under GDPR until such time as the client requests removal of such data.
If you have concerns that Integrale may hold personal data without legitimate interest in that data, please contact us and advise if you no longer wish that data held.
Sharing of Data
Integrale do not share data with third parties, other than those concerned with the specific project on which you provided your data to us. This data is held and shared only for the purposes of providing our legitimate consultancy service, legal compliance, HR and accountancy.
Retention of Data
Integrale operates the following retention schedule, but if data is no longer required it may be deleted in advance of these timescales:
- Accountancy – All financial data will be retained for 6 financial years in line with UK financial requirements. In some cases data will be stored for 10 years to ensure the company is able defend any potential legal claim.
- HR records will be held for up to 6 years from the point at which the employees employment ends, to ensure the company is able to defend any potential county court or high court claim. In some cases data will be stored for 10 years to ensure the company is able prove safeguarding measures were adhered to.
- Quotation, sales or marketing data will be removed within a 24 month period of the data no longer having a valid use in the case of prospective information. Customer information (including previous and existing customer) may be retained for up to 10 years to ensure the company is able to defend any potential legal claim.
- Preliminary or outline design and project data will be removed within a 24 month period of the data no longer having a valid use. Final design, issued reports and other pertinent client and project information (including previous and existing clients) may be retained for up to 10 years to ensure the company is able to defend any potential legal claim.
Electronic information stored on redundant media / systems will be securely destroyed by a third party, WEEE recycling and data destruction specialist.
Documented data containing sensitive information is securely destroyed on-site or off-site by a third party document destruction company.
The above destruction methods ensure Integrale controls data destruction and complies with legislative requirements, whilst ensuring client, employee and confidential business information is kept secure at all times.
Technical / Business Security Measures
Integrale takes the security of data very seriously and takes steps to ensure data is kept safe:
- Our premises are securely locked and alarmed. Visitors to our offices are accompanied / monitored at all times.
- Documentation is securely managed within the business via the use of lockable rooms, storage / filing cabinets.
- All business devices, where applicable / possible are password protected.
- Staff are not permitted to use personal devices to access or use company data unless the device is password protected, to ensure data remains managed and protected at all times.
- Our day-to-day business may require us to store our data online. Integrale will only use secure online business applications from reputable organisations who themselves comply with GDPR.
- Integrale where possible, will always ensure that applications and/or operating systems are running the very latest secure versions of the software and will where possible, ensure the latest security updates and patches are applied where it is safe to do so.
- All staff must adhere to this GDPR policy.
List of Your Rights
GDPR includes the rights for individuals to be informed, to have access to data, to have the right to rectification, erasure, to restrict processing, to have the right to data portability, to object, nad to not be subject to automated decision making (including profiling).
Integrale, will where possible, conform in full and to completion to these rights within 30 days of notification. This period of compliance may be extended by a further two months where requests are complex or numerous. In this case the individual will be notified within 30 days of receipt.
To ensure data security, Integrale will need to verify the identity of the person making the request, using “reasonable means”.
In some instances Integrale will be unable to conform to the individual’s rights. In these instances, Integrale will partially conform to the individual’s rights and where possible notify the individual as why the company was unable to fully comply.
Information will be provided free of charge. A reasonable fee may apply when a request is manifestly unfounded or excessive, particularly if it is repetitive or for requests for further copies of the same information.
Where a particular situation becomes unclear or the individual disagrees, advice and guidance will be sought from the Information Commissioners Office.
If you would like to exercise this right, please write to the Data Protection Officer below.
Data Protection Officer
Please use the contact information below to write to the Data Protection Officer. In order for us to fully comply with your rights under the act, all requests being made should clearly mention “General Data Protection Regulations” and include your full name, address and relevant contact information for a response. Requests submitted by any other means than written letter may not be processed.
Data Protection Officer
Name: Dr Kay Boreland
Position: Company Director
Address: Integrale Limited, Suite 7, Westway Farm, Bishop Sutton, Bristol, BS39 5XP
In the unlikely event of a serious data breach, Integrale will contact you via the last known contact details we hold on file for you or your organisation. You will be informed as far as is technically possible of the data that has been potentially compromised and where you can seek further advice about your rights.