Data protection, Data Security and Privacy Policy

Phil Saunders Associates Ltd –  Data protection, Data Security and Privacy Policy – 13 November 2023

Our contact details

Name: Phil Saunders

Address: Cedar Tree Farm, Badgworth, Axbridge, Somerset BS26 2QW

Phone Number: 07790 924160

E-mail: phil@philsaundersassociates.com

We currently collect and process the following information:

• Client email addresses
• Client emails that may contain further client contact details
• Project contact email addresses provided by clients
• Research data provided by clients

Most of the personal information we process is provided to us directly by you, to correspond with you about consultancy/research projects and provide advice.

We also receive personal information indirectly, from the following sources in the following scenarios:

• Clients sometimes pass on project contact details
• Clients sometimes pass on research data

We use the information given to us in order to:

• correspond with you about consultancy/research projects and provide advice
• get in touch with project contacts
• process data as part of commissioned research and consultancy projects

We may share this information with:

• The client who has commissioned us to carry out a research or consultancy project

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

• Your consent. You are able to remove your consent at any time. You can do this by contacting Phil Saunders on  phil@philsaundersassociates.com

• We have a contractual obligation.

Your information is securely stored on a single desk top computer that is password protected with a secure password that meets the necessary requirements around passwords – see Create and use strong passwords – Microsoft Support.  Appropriate antivirus software is in place and we have the ability to restore data from backups.

We keep contact details and research data for one year. We will then dispose of your information by deleting it from our computer and back- up system.

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at phil@philsaundersassociates.com if you wish to make a request.

If we think there has been a personal data breach, we will follow our Data Breach Policy

If you have any concerns about our use of your personal information, you can make a complaint to us at phil@philsaundersassociates.com

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Phil Saunders Associates Ltd –  Data Breach Policy – 13 November 2023

Our contact details

Name: Phil Saunders

Address: Cedar Tree Farm, Badgworth, Axbridge, Somerset BS26 2QW

Phone Number: 07790 924160

Email: phil@philsaundersassociates.com

If we think a personal data breach has taken place we will:

• Start the timer – by law, we’ve got to report a personal data breach to the ICO within 72 hours

• Start a log – to record what happened, who is involved and what we’re doing about it

• Pull the facts together as quickly as possible –  what happened and why, how many people were involved, a timeline of when it all happened and what actions we’ve taken so far

• Try to contain the breach – recover the data and take steps to protect those who will be most impacted

•  Assess the risk of harm to those affected

• Act to protect those affected, providing clear advice to people on the steps they can take to protect themselves and what we’re going to do to help them

• Submit our report to the ICO (if needed)

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk