Checked May 2019
Checked November 2019
In order to correctly, accurately and compliantly process client requirements, Business Renewals needs to collect and use personal data about your business in order to carry on its business and meet its customers’ requirements effectively. We recognise that the lawful and correct treatment of both commercial and personal data is very important to successful operations and to maintaining our customer’s confidence in ourselves.
Any personal data which we collect, record or use in any way whether it is held on paper, on computer or other media will have appropriate privacy safeguards applied to it to ensure that we comply with the Data Protection Act 1998, GRPR 2018, and ICO regulations.
We continue to fully endorse and adhere to the eight principles of Data Protection as set out in the Data Protection Act 1998. These principles state that personal data must be:-
• fairly and lawfully processed
• processed for limited purposes and not in any other way which would be incompatible with those purposes
• adequate, relevant and not excessive
• accurate and kept up to date
• not kept for longer than is necessary
• processed in line with the data subject’s rights
• kept secure
• not transferred to a country which does not have adequate data protection laws.
In line with GDPR Business Renewals will also record where this data came from and whom it is shared with to allow for accountability practices.
Our purpose for holding personal data and a general description of the categories of people and organisations to whom we may disclose it are listed below:
• observe the conditions regarding the fair collection and use of personal data
• meet our obligations to specify the purposes for which personal data is used
• collect and process appropriate personal data only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
• ensure the quality of personal data used
• apply strict checks to determine the length of time personal data is held
• ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act
• take appropriate security and privacy measures to safeguard personal data
• ensure that personal data is not transferred abroad without suitable safeguards.
• When we collect any personal data from you, we will inform you why we are collecting your data and what we intend to use it for.
Where we collect any sensitive data, we will take appropriate steps to ensure that we have explicit consent to hold, use and retain the information.
Sensitive data is personal data about an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, details of the commission or alleged commission of any offence and any court proceedings relating to the commission of an offence.
UK companies within and affiliated to Business Renewals may share both personal and business data (excluding sensitive personal data) relating to their customers to enable them to integrate administrative tasks such as address changes. This helps to maintain consistent records for customers who have products with more than one company within Business Renewals.
Business Renewals has procedures in place to detect, report and investigate a personal data breach. Any confirmed breaches of client data, whether in connection with the business or personal data will be reported to the ICO and any other controlling authorities immediately.
Business Renewals has a responsible marketing policy and do not give details of our customers or related individuals to any other company outside the Business Renewals of companies. Customers may be contacted by other companies within the Business Renewals of companies by mail or telephone with details of other products or services. If they do not wish to be marketed in this way they can write to the Data Protection Co-ordinator, at our registered office, Suite 2, 81 Alexandra Road, Blackpool, FY1 6HW
Under the Data Protection Act and in accordance with GDPR, any individual may write to the Data Protection Co-ordinator at the above address and request a copy of the information which we hold about them and we will have a month to comply. We can refuse or charge for requests that are manifestly unfounded or excessive. If we refuse a request, we will tell you why and explain your right to complain to the supervisory authority and to a judicial remedy. If the details are inaccurate you can ask us to amend them.
Business Renewals 7th October 2018