This document outlines how the business of Andrew Mawson Partnerships processes and manages personal data. It:
The policies outlined within this document come into full effect on Friday 25th May 2018.
1. Data Controller
The Data Controller is Andrew Mawson.
2. Lawful basis for processing
3. Data we hold
As of 25th May 2018, the office holds information on numerous business contacts.
Personal data is stored in a small number of cases in paper files; and electronically, securely on our computer systems. Our files and systems are in offices which are locked when unattended. We also hold some data on a mobile communication device.
This information predominantly includes but is not limited to:
There are no mailing lists.
4. Special category data we hold
There is no special category data.
5. Data retention policy
The business, in most cases, will hold personal data for no longer than five years; but in the case of on-
6. Subject Access Requests
We will comply to Subject Access Requests in line with the guidance given by the Information Commissioners Office (ICO).
7. Privacy notice
Our office will undertake to ensure all contacts sharing their personal data can have the opportunity to read our privacy notice. We will:
This privacy notice relates to the personal data processed by Andrew Mawson Partnerships.
The Data Controller is Andrew Mawson
Type of business
Andrew Mawson Partnerships is a regeneration consultancy business.
Processing of data
In line with data protection regulations, Andrew Mawson Partnerships processes customers and contacts’ data under the lawful basis of legitimate interest for the purposes of running the business. In instances where this lawful basis in not sufficient and explicit consent is required, you will be contacted to establish your consent.
Data will be processed only to the extent to which it is necessary to achieve the stated purposes of above.
We are committed ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Sharing your data
We will share data in the normal course of running the business.
Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures.
In any case, we will not use your personal data in a way that goes beyond your reasonable expectations in contacting us.
How long is personal data kept
Unless specifically requested by you, the business will hold your personal data for no longer than five years unless there is a business need to do so.
Rights with regard to personal data
As a data subject, you have the right to request access to all personal data that we hold on you by making a Subject Access Request to the business. If the data we hold on you is no longer necessary for which is was collected, you have the right to erasure of that data. You also have right of rectification if the data we hold on you is no longer correct. This business will not use your personal data in a way that goes beyond your reasonable expectations in contacting us. In any case, we will not store any unnecessary data longer than 5 years.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights: