smart-ISOTM Limited (smart-ISO) understands that your privacy is important to you and that you care about how your personal data is used. smart-ISO respects and values the privacy of all of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
- Information About smart-ISO
registered in England under company number 6006680
Registered address: 14 Postbridge Road, Styvechale, Coventry, CV3 5AH
Main trading address: As Registered
VAT number: 903880522
Data Protection Officer: John R Moffat.
Email address: firstname.lastname@example.org.
Telephone number: 07872127558.
Postal Address: As Registered Address
Fellow of Institute of Occupational Safety and Health
- What Does This Notice Cover?
This Privacy Information explains how smart-ISO use your personal data: how it is collected, how it is held, and how it is processed. This document also explains your rights under the law relating to your personal data.
- What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that smart-ISO use is set out in Part 5, below.
- What Are Your Rights?
Under the GDPR, you have the following rights, which smart-ISO will always work to uphold:
- The right to be informed about smart-ISO‘s collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact smart-ISO to find out more or to ask any questions using the details in Part 11.
- The right to access the personal data smart-ISO holds about you. Part 10 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by smart-ISO is inaccurate or incomplete. Please contact smart-ISO using the details in Part 11 to find out more.
- The right to be forgotten, i.e. the right to ask smart-ISO to delete or otherwise dispose of any of your personal data that smart-ISO Please contact smart-ISO using the details in Part 11 to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to smart-ISO using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to smart-ISO directly, smart-ISO am using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask smart-ISO for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. smart-ISO does not use your personal data in this way] OR [Part 6 explains more about how smart-ISO use your personal data, including [automated decision-making] AND/OR [profiling]].
For more information about smart-ISO use of your personal data or exercising your rights as outlined above, please contact smart-ISO using the details provided in Part 11.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about smart-ISO use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
- What Personal Data Do You Collect?
On behalf of clients smart-ISO may collect some or all of the following personal data but for smart-ISO use only data in sections a-c (in bold) will be retained by smart-ISO
- Name; Forename and Surname
- Email Address
- Contact Telephone Number
- Date of birth;
- Business Unit
- Job title
- Mobile Number
- Training Records
Clients may require more data to be stored. smart-ISO will facilitate that but will require proof that the persons agreement/approval has been received to do so.
Personal data is obtained for smart-ISO either from
- the individual directly
- is supplied by the client
- How is Personal Data used?
Under the GDPR, smart-ISO must always have a lawful basis for using personal data. This may be because the data is necessary for smart-ISO performance of a contract with you, because you have consented to smart-ISO use of your personal data, or because it is in smart-ISO legitimate business interests to use it. Your personal data will only be used by smart-ISO for the following purposes:
- Providing and managing your relationship with smart-ISO
- Supplying responses to any questions
- Providing information on smart-ISO products or services to you. Your personal details are required in order for smart-ISO to enter into a contract with you.
- Involving you in Issue Tracking, Personalising and Tailoring smart-ISO products and services for you.
- Communicating with you. This may include responding to emails or calls from you.
Even where permitted by law, smart-ISO will not use your personal data for marketing or any other purpose, without first contacting you to explain the situation and get your agreement/approval for such actions. smart-ISO will ALWAYS work to fully protect your rights and comply with smart-ISO obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out at any time.
- How Long Will Personal Data be Kept?
smart-ISO will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected and WILL remove personal data when you request.
- How and Where Do You Store or Transfer My Personal Data?
Because of the use of Cloud storage smart-ISO will only store or transfer your personal data in a way that is related to country of operation. However, regardless of actual location of data it will be fully protected to meet GDPR or any HIGHER standard by law that may arise.
smart-ISO provides a service that has NO need or intent to provide the limited personal data it holds to any third party. The clients are, however, deemed third parties for the purpose of GDPR.
The security of your personal data is essential to smart-ISO, and to protect your data, smart-ISO take a number of important measures, including the following:
- What do we do?
- Do You Share Personal Data?
smart-ISO will NOT share any of your personal data with any third parties for any purposes, subject to one important exception.
In some limited circumstances, smart-ISO may be legally required to share certain personal data, which might include yours, if smart-ISO is involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
- How is Personal Data accessed?
If you want to know what personal data smart-ISO have about you, you can ask smart-ISO for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11 and contained on the initial email you received prior to data being stored.
smart-ISO will aim to respond to your subject access request within one day but, in any case, not more than one month of receiving it. Time may be taken up when we have to confirm the situation with the client – where personal data and client data are linked. Normally, smart-ISO aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date smart-ISO receive your request. You will be kept fully informed of smart-ISO progress.
- How is Contact made?
To contact smart-ISO about anything to do with your personal data and data protection, including to make a subject access request, please use the following details
- for the attention of John R Moffat
- Email address: email@example.com.
- Postal Address: Registered Address.
- Changes to this Privacy Notice
smart-ISO may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if smart-ISO change smart-ISO business in a way that affects personal data protection.
Any changes will be made available on line