This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and GDPR requirements for user privacy.
Contact and Communication – Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely for a period of up to 6 months or less if deemed necessary. Every effort has been made to ensure a safe and secure form for email submission process but advise users using such form to email processes that they do so at their own risk. This website and its owners use any information submitted to provide you with further information about the products/services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.
Email Newsletter – This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user. Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the EU General Data Protection Regulation 2018. No personal details are passed on to third parties nor shared with companies/people outside of the company that operates this website. Under GDPR you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.
Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity. In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead. In accordance with the GDPR you will also be given the opportunity for your information to be removed completely from all our systems.
External Links – Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text/banner/image links to other websites.) The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platfroms – Communication, engagement and actions taken through external social media platforms that this website and its owners participate in are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively. Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email. This website may use social sharing buttons that help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media – This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo). Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- Privacy and Electronic Communications Regulations 2003 – The Guide
- GDPR Legislation
- Fillable PDF Forms Creation
Telephone Calls – All telephone calls incoming and outgoing will be recorded by Darcey Quigley and Co for reference, validating information in relation to cases and internal training purposes. All recording will be backed-up and stored securely for a period of 6 months. Once a call is recorded, it is stored using 256-bit encryption and each recording has a unique key and modification hash (checksum) to ensure authenticity at the network generation level which makes the recording admissible in a court of law. No archiving of call-recordings is allowed at a network level and once the defined call-recording storage period has elapsed, the recording is permanently deleted. Recording is necessary to protect the interests of one or more participants Recording is in the legitimate interests of the recorder unless those interests are overridden by the interests of the participants in the call. Call recordings are compressed using MPEG layer 3 encoding @ 24Kbps. 1GB of storage should accommodate 92.59 hours of audio recorded or approximately 10.8 MB per hour of audio recorded. All storage is within the United Kingdom and encrypted at rest within ISO27001, ISO9001, PCI-DSS and GDPR compliant Data centres.
How will we use the information about you and why? – Darcey Quigley & Co take your privacy seriously and will only use your personal information to provide information or Services you have requested from us. We will only use this information subject to your instructions, data protection law and our duty of confidentiality. The data that we collect from you will not be transferred to, and stored at, a destination inside the United Kingdom and within the European Economic Area (“EEA”). We will take all steps reasonably necessary to ensure that no personal data will be transferred outside the UK or the EU. We will take all reasonable steps to ensure all data we collect is treated securely and in accordance with the applicable data protection laws. Under the applicable data protection laws we need a lawful basis to collect and use your personal data. The law allows for six lawful bases to process people’s personal data, and one of them allows personal data to be legally collected and used if it is necessary for a legitimate interest of the organisation – as long as it is fair and balanced and does not unduly impact the rights of individuals. For Business to Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if: we have a genuine and legitimate reason and we are not harming any of your rights and interests. Individuals may be contacted about our services through social media, telephone or email but only in their business capacity as an employee of an organisation or on behalf of the business itself, except where such interests are overridden by the interests, rights or freedoms of the individual. All communication will be measured and unobtrusive. For Business to Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” eg to supply goods and services you have requested, or to fulfill obligations under an employment contract. This also includes steps taken at your request before entering into a contract. There are also instances where we will may contact non-limited businesses who under the FCA rules should be referred to and dealt with as consumers through social media, telephone or email. Your information will be processed except where such interests are overridden by the interests, rights or freedoms of the individual. All communication will be measured and unobtrusive. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
WE WILL NEVER SELL YOUR PERSONAL INFORMATION TO ANY THIRD PARTY.
Where you data is stored – All storage is within the European Union and encrypted at rest within ISO27001, ISO9001, PCI-DSS and GDPR compliant Data centres.
Right to Access and Complaints – We are fully compliant with GDPR and will honour the rights for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. If you would like a copy of some or all your personal information, please email [email protected] or write to us at the following address: Lynne Darcey Quigley, Managing Director, International House, Stanley Boulevard, Hamilton Technology Park, Glasgow, G72 0BN. We will respond to your request within 30 days of receipt of the request. We may also ask you for proof of your identity and address (eg. a copy of your driving licence or passport, and a recent utility or credit card bill). This is so that we can check that any information we disclose is only provided to the authorised party. If you have any concerns or complaints about our privacy activities, you can contact us on [email protected]. You can also contact the Information Commissioner’s Office on 0303 123 1113 (www.ico.org.uk)
Objections to processing of personal data – It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
Right to be Forgotten – Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
Breach Notification – Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. Darcey Quigley & Co are required to keep a record of all security incidents involving personal data. Reportable incidents must be reported to the Information within 72 hours of detection, and without undue delay to individuals affected by the incident. It is vital that all staff report a personal data breach, however minor, as soon as possible after discovery so that we can use the 72 hours to establish what has happened, the size of the breach and whether it needs to be reported further.