IDENTITY & CONTACT DETAILS OF THE CONTROLLER & THE DATA PROTECTION OFFICER
ISO 27001 Consultants is a trading name of Global QA Limited (GQA). GQA is one of the UK’s largest independent ISO and BRC Management Consultancy Companies. GQA are committed to protecting and respecting your privacy whilst remaining compliant with The General Data Protection Regulation (EU GDPR) and the Data Protection Act (DPA). In order for us to drive compliance, we work in accordance with our Personal Information Management System which is compliant with BS 10012:2017 Data Protection.
Global QA Limited (GQA) are the Data Controller and have an appointed Data Protection Officer whom can be contacted via email; firstname.lastname@example.org
You can also contact GQA via post at; Parkhead House, Biddulph Park, Stoke on Trent, ST8 7SR
PURPOSE OF THE PROCESSING AND THE LEGAL BASIS FOR THE PROCESSING
In order for Global QA Limited (GQA) to fulfil its contractual and customer obligations, there is a requirement to collect specific personally identifiable information relating to our clients such as their employees and other relevant business information. The legal basis for the processing of such personally identifiable information is that it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g. sales agreement).
Should there be a requirement to market at organisations whom have never enquired or bought into our products and/or services, we shall only do this on the basis that we have received freely given, explicit Consent.
LEGITIMATE INTERESTS OF GLOBAL QA LTD
Global QA Limited (GQA) have a legitimate interest in further processing the information which is provided by clients at the point of enquiry or sale for marketing purposes.
We may also use your information for other specific legitimate purposes such as:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have either explicitly consented to or we believe you have a legitimate interest in.
- To carry out our obligations arising from any contracts entered into between you and us.
- To notify you about changes to our service.
We do not sell, rent or lease customer lists to third parties. We may share data with trusted partners to help us perform affiliate marketing, statistical analysis, send you email or postal mail. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.
If you are an existing customer, we may contact you by post, e-mail, or telephone with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer we will contact you by post, e-mail or telephone means only if you have consented to this or we are able to demonstrate that there is a legitimate interest.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- Information that you provide by filling in forms on one of our websites (www.global-qa.co.uk), (www.brcconsultants.co.uk), (www.siaconsultants.co.uk), (iso27001standards.com) such as;
- Name – Without this we won’t know whom to contact when responding to an enquiry made by you.
- Email address – We use this in order to respond to enquiries made through our website. We also use this information for confirmation of your orders via email and will send you informational messages as well as offers which may interest you.
- Telephone numbers – If there are any problems with your order or we need to check anything, we need to be able to contact you quickly.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site and the resources that you access.
CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
Global QA Limited (GQA) are required to transfer the personal information provided by its customers to third parties in order to fulfil contractual obligations. The following are categories of recipients that customer information could be transferred to:
- CRM provider
- Data Centres
- External IT Providers
- Third party feedback platforms
All information you provide to us is stored on our secure systems. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site or to our mailboxes; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will not disclose your information to any of the relevant third parties listed above for marketing purposes.
DETAILS OF TRANSFERS TO THIRD COUNTRIES & SAFEGUARDS
GQA do not make any transfers of personal data to third countries. All personal data resides within the EEA.
GQA retain all customer information for 7 years after they last interacted with us. Where there has been a period of 7 years and there has been no interaction between the organisation and the customer, their information is erased and securely disposed of. Our justification for retaining this information is that it is necessary for HMRC purposes.
RIGHTS OF DATA SUBJECTS
As a Data Subject (individual) which GQA process information on behalf of, you have the right to withdraw from our processing at any given time. You are able to do this through the contact details provided on page 1 of this policy. You can exercise the right at any time by contacting us at email@example.com
You have the right to make a Subject Access Request to BRC’s Data Protection Officer in the event that you wish to determine what information we hold on you . You also have the following rights which you may exercise at any given time by contacting us; right to Rectification, Erasure, Restriction of Processing, Portability and Objection to processing. We welcome these requests and aim to respond within 72 working hours of receipt.
You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office in the UK), should you feel that we have not handled your information in line with legislative and regulatory requirements.
AUTOMATED DECISION MAKING, INCLUDING PROFILING & INFORMATION ABOUT HOW DECISIONS ARE MADE, THE SIGNIFICANCE OF THE CONSEQUENCES
We do not use automated decision making or profiling when processing your personal data.
We may collect information about your computer, including where available your IP address, geographic location (if you allow when prompted by your browser), operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our site.
In the event that you wish to you alter your Privacy settings or opt-out, you are able to do this by emailing our Data Protection Officer at firstname.lastname@example.org. Our Data Protection Officer shall provide you with contact details of our third parties upon request if required. Alternatively, you can hit the unsubscribe link in on of our marketing emails
which will auto-generate an email you can send to us.