Andrew Mawson Partnerships Data Protection Policy and Privacy Notice

Data Protection Policy

This document outlines how the business of Andrew Mawson Partnerships processes and manages personal data. It:

  1. identifies our data controller;
  2. provides our lawful basis for processing personal data;
  3. outlines the scope of personal data we hold and process;
  4. outlines the scope of the special category personal data we hold and process;
  5. describes and justifies our data retention policy;
  6. shows how we intend to respond to Subject Access Requests; and
  7. contains a copy of our privacy notice.

The policies outlined within this document come into full effect on Friday 25th May 2018.

1. Data Controller

The Data Controller is Andrew Mawson.

2. Lawful basis for processing

  1. Data is processed under the lawful basis of legitimate interest for the purposes of running the business. In instances where this lawful basis in not sufficient and explicit consent is required, this will be sought.
  2. Data will be processed only to the extent to which it is necessary to achieve the stated purposes of the above.
  3. We undertake to always act within the reasonable expectations of our clients and customers and any other individuals about whom we hold personal data.

3. Data we hold

As of 25th May 2018, the office holds information on numerous business contacts.

Personal data is stored in a small number of cases in paper files; and electronically, securely on our computer systems. Our files and  systems are in offices which are locked when unattended. We also hold some data on a mobile communication device.

This information predominantly includes but is not limited to:

  • Names, business addresses and email addresses.
  • Telephone numbers.

Mailing lists

There are no mailing lists.

4. Special category data we hold

There is no special category data.

5. Data retention policy

The business, in most cases, will hold personal data for no longer than five years; but in the case of on-going business relationships this may be longer.

6. Subject Access Requests

We will comply to Subject Access Requests in line with the guidance given by the Information Commissioners Office (ICO).

  1. We will respond as quickly as possible, within 30 calendar days.
  2. We will request verification of the identity of any individual making a request, and ask for further clarification and details if needed.
  3. Data subjects have the right to the following:
  1. o be told whether any personal data is being processed
  2. To be given a description of the personal data, the reasons it is being processed and whether it will be given to another organisations or people.
  3. To be given a copy of the information comprising the data, and given details of the source of the data where this is available.

7. Privacy notice

Our office will undertake to ensure all contacts sharing their personal data can have the opportunity to read our privacy notice. We will:

  1. Publish our privacy notice on AMP website:  https://amawsonpartnerships.com/privacy-notice
  2. Add a link to our privacy notice to staff email signatures, and Andrew Mawson’s email signature.

Privacy Notice

This privacy notice relates to the personal data processed by Andrew Mawson Partnerships.

Data Controller

The Data Controller is Andrew Mawson

Type of business

Andrew Mawson Partnerships is a regeneration consultancy business.

Processing of data

In line with data protection regulations, Andrew Mawson Partnerships processes customers and contacts’ data under the lawful basis of legitimate interest for the purposes of running the business. In instances where this lawful basis in not sufficient and explicit consent is required, you will be contacted to establish your consent.

Data will be processed only to the extent to which it is necessary to achieve the stated purposes of above.

We are committed ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

Sharing your data

We will share data in the normal course of running the business.

Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the basis upon which they were originally intended. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures.

In any case, we will not use your personal data in a way that goes beyond your reasonable expectations in contacting us.

How long is personal data kept

Unless specifically requested by you, the business will hold your personal data for no longer than five years unless there is a business need to do so.

Rights with regard to personal data

As a data subject, you have the right to request access to all personal data that we hold on you by making a Subject Access Request to the business. If the data we hold on you is no longer necessary for which is was collected, you have the right to erasure of that data. You also have right of rectification if the data we hold on you is no longer correct. This business will not use your personal data in a way that goes beyond your reasonable expectations in contacting us. In any case, we will not store any unnecessary data longer than 5 years.

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right to be informed – You have the right to be informed about the collection and use of your personal data, the details of which are outlined in this privacy notice
  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing, such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial remedy: if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain to a supervisory body (in this case, the Information Commissioner (ICO) and, if necessary, a judicial authority

Contact

  • You can get in touch with our business by letter, email or telephone using the details at the top of this document.
  • Please note that we will ask for identification should you choose to exercise any of the above rights in relation to personal data we hold.