IDENTITY & CONTACT DETAILS OF THE CONTROLLER & THE DATA PROTECTION OFFICER
ISO 27001 Consultants is a trading name of Global QA Limited (GQA). GQA is one of the UK’s largest independent ISO and BRCGS Management Consultancies. GQA is committed to protecting and respecting your privacy whilst remaining compliant with EU GDPR and the Data Protection Act. We work under our Personal Information Management System, compliant with BS 10012:2017 Data Protection to drive compliance.
Global QA Limited (GQA) is the Data Controller and has an appointed Data Protection Officer. Contact them via email; email@example.com.
You can also contact GQA via post at; Parkhead House, Biddulph Park, Stoke on Trent, ST8 7SR.
PURPOSE OF THE PROCESSING AND THE LEGAL BASIS FOR THE PROCESSING
For Global QA Limited (GQA) to fulfil its contractual and customer obligations, there is a requirement to collect specific personally identifiable information relating to our clients, such as their employees and other relevant business information. The legal basis for processing such personally identifiable information is that it is necessary to perform a contract to which the data subject is party or to take steps at the data subject’s request before entering into a contract (e.g., sales/service agreement).
Should there be a requirement to market at organisations who have never enquired or bought into our products and/or services, we shall only do this on the basis that we have received freely given, explicit Consent.
LEGITIMATE INTERESTS OF GLOBAL QA LTD
Global QA Limited (GQA) has a legitimate interest in further processing the information provided by clients at the point of enquiry or sale for marketing purposes.
We may also use your information for other specific legitimate purposes such as to:
- Ensure that content from our site is presented most effectively for you and your computer.
- Provide you with information, products, or services that you request from us or which we feel may interest you, where you have either explicitly consented to or we believe you have a legitimate interest in.
- Carry out our obligations arising from any contracts entered into between you and us.
- Notify you about changes to our service.
We do not sell, rent or lease customer lists to third parties. However, we may share data with trusted partners to help us perform affiliate marketing, statistical analysis, send you emails or postal mail. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.
If you are an existing customer, we may contact you by post, e-mail, or telephone with information about goods and services similar to those subject to a previous sale.
If you are a new customer, we will only contact you by post, e-mail, or telephone if you have consented to this or demonstrate a legitimate interest.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- Information that you provide by filling in forms on one of our websites (www.global-qa.co.uk), (www.brcconsultants.co.uk), (www.siaconsultants.co.uk), (iso27001standards.com), (www.brcgsconsultants.co.uk) such as;
- Name – Without this, we won’t know whom to contact when responding to an enquiry made by you.
- Email address – We use this to respond to enquiries made through our website. We also use this information to confirm your orders via email and send you informational messages and offers that may interest you.
- Telephone numbers – If there are any problems with your order or we need to check anything, we need to contact you quickly.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site and the resources that you access.
CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
Global QA Limited (GQA) must transfer the personal information provided by its customers to third parties to fulfil contractual obligations. The following are categories of recipients that we could transfer customer information to:
- CRM provider
- Data Centres
- External IT Providers
- Third-party feedback platforms
All information you provide to us is stored on our secure systems. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site or our mailboxes; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorized access.
We will not disclose your information to any of the relevant third parties listed above for marketing purposes.
DETAILS OF TRANSFERS TO THIRD COUNTRIES & SAFEGUARDS
GQA does not make any transfers of personal data to third countries. All personal data resides within the EEA.
GQA retains all customer information for 7 years after they last interacted with us. After 7 years, and there has been no interaction between the organisation and the customer, their information is erased and securely disposed of. Our justification for retaining this information is that it is necessary for HMRC purposes.
RIGHTS OF DATA SUBJECTS
As a Data Subject (individual) of which GQA process information on behalf of, you have the right to withdraw from our processing at any given time. You can do this through the contact details provided on page 1 of this policy. In addition, you can exercise the right at any time by contacting us at firstname.lastname@example.org.
You have the right to make a Subject Access Request to our Data Protection Officer if you wish to determine what information we hold on you. You also have the following rights, which you may exercise at any given time by contacting us; right to Rectification, Erasure, Restriction of Processing, Portability and Objection to processing. We welcome these requests and aim to respond within 72 working hours of receipt.
You also have a right to complain with the Supervisory Authority (Information Commissioners Office in the UK). For example, should you feel that we have not handled your information according to legislative and regulatory requirements.
AUTOMATED DECISION MAKING, INCLUDING PROFILING & INFORMATION ABOUT HOW DECISIONS ARE MADE, THE SIGNIFICANCE OF THE CONSEQUENCES
We do not use automated decision-making or profiling when processing your personal data.
We may collect information about your computer, including where available your IP address, geographic location (if you allow when prompted by your browser), operating system, and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, if you choose to decline cookies, you may not fully experience the interactive features of our site.
If you wish to alter your Privacy settings or opt-out, you can do this by emailing our Data Protection Officer at email@example.com. Our DPO will provide you with the contact details of our third parties upon request if required. Alternatively, you can hit the unsubscribe link in one of our marketing emails to auto-generate an email you can send to us.