StoneArch Compliance

The building blocks of Compliance e: stonearch@protonmail.com t: 01706 559 022

StoneArch Compliance

GDPR Expertise You Can Rely On.

1. Introduction

StoneArch Compliance (referred to as ‘we’, ‘us’ or ‘our’) is the Controller for any personal information you may provide to us via our website, or through any other means, when, for example, you enquire about the services and support we can offer you.

We are committed to protecting your privacy, and we will always process your personal data in a manner compliant with the data protection legislation. We have created this privacy notice to inform you of the data that we collect, what we do with it, our lawful bases for processing, and to inform you of your rights and choices you have over the information we process about you.

Throughout this notice, we reference the relevant data protection legislation, which in the UK from January 2020 is the UK General Data Protection Regulation (UK GDPR) as well as any associated legislation. This also includes all relevant EU Legislation, in particular the General Data Protection Regulation (GDPR).

Please do take the time to read this notice, and don’t hesitate to contact us on the information below if you have any questions or concerns.

2. The information we collect

We will only ever collect personal information that we genuinely require, which is always processed in a manner that is compliant with the relevant data protection legislation. The type of information we will collect about you varies on the nature of your enquiry, or the type of services you request, but will typically include:

· Your name

· Contact details (telephone and email)

· Your company details and your job title

· Details required relating to payment of our services

· Responses to any surveys (including customer satisfaction surveys)

We will also keep a record of any communications we have with you, whether that be through email, chat or telephone. We do not use cookies on our website. We do not process any information about you considered to be special category (sensitive) information.

3. How we use your information

We will always ensure we have a valid lawful basis under the relevant data protection legislation. The following basis apply to the processing we conduct:

How we process your data Our lawful basis

To respond to any customer service enquiries Legitimate interest

The steps taken to enter into a contract with you and Performance of a contract

for us to fulfil that contract in order to provide the

required services. This includes processing orders and

taking payment for services.

We may approach you for feedback (which we will use Legitimate interest

for statistical analysis) or ask for details from you to

use in a case study to promote the work we do.

We may ask if you would like to receive newsletters or Consent

information that we think may be of interest to you,

based on the nature of your relationship with us.

Use of your basic personal details and direct quotes Consent

for promotional purposes.

4. Who we might share your information with

We use data processors to support the services offered to you. This includes email and cloud storage providers, such as Proton Mail and Proton Drive, and online meeting providers such as Zoom. We may change our processors from time to time.

Beyond this, we do not typically share your personal information with any other individuals or third party organisations. However, on occasion, we may be required to do so. This includes the following circumstances:

· Where there is a statutory legal obligation to share your personal information with policing organisations or competent authorities

· Where we need to share personal data in order to establish, defend or exercise out legal rights, such as preventing fraud

5. How we keep you updated on our products and services

If you have signed up to receive information from us via our website, we will use your name and basic contact details to provide you with information which we thing may be of interest to you. You are able to withdraw consent at any point, and we will always provide details on how to do this in all communications we send you.

If you do provide us with your contact details, we will store these securely on our contact lists. We will review our contact lists for relevancy every two years, after which point, we will refresh consent with you.

6. Your rights over your information

You have various rights under the data protection legislation. These include, but are not limited to:

· The right to be informed – we will always be transparent in how we process your data. Our privacy notices help us to meet this requirement

· The right of access - unless relevant exemptions apply, you have the right to be told whether we hold personal information relating to you and, if so, to be given a copy of it. This is known as the right of access or subject access

· The right to rectification – if you believe the information we hold is inaccurate or incomplete, please contact us to investigate.

Further information about your rights can be found on the Information Commissioner’s Office website.If you would like to exercise any of your data subject rights, please contact us on the details below.

7. How long we keep your information for

We will retain your information only for as long as it is deemed to be relevant in order for us to provide you with a high quality and consistent service. In particular, the following retention applies:

• Unless otherwise required by law, we will retain your information for 7 years after our contract with you expires

• If you have made an enquiry with us, which has not lead to a contract being established, we will delete your information as soon as the enquiry is closed

• If you have asked to be included in our newsletter or to be kept up-to-date with information we think may be of interest to you, we will keep your details for as long as we deem it relevant, but will refresh your consent every 2 years

8. How to contact us and the data protection regulator

If you would like to exercise one of your rights as set out above, or you have a question about how we process your personal data, please contact us by one of the following means:

By email: stonearch@protonmail.com

By phone: 01706 559 022

By post: StoneArch Compliance, 8 Malpas Drive, Timperley, Altrincham, WA14 5BH

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. You can make a complaint to the ICO at any time about the way we process your information. However, we would encourage you to speak to us about any dissatisfactions prior to raising through the ICO. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.