General Privacy Policy v1.0

Last Updated: Tuesday, May 1, 2018

Introduction

This document is RADD Solutions Limited's general data protection and data privacy policy.

RADD Solutions Limited controls and processes information and data for a number of reasons:

  1. As a business for legal, financial and marketing reasons
  2. As an employer
  3. To fulfil contractual obligations for our clients
  4. For the operation of RADD Solutions' website at www.raddsolutions.co.uk

This document is the data protection and privacy policy for 1. As a business for legal, financial and marketing reasons. This document should be read collectively with all other data protection and privacy policies that apply to you. There is a policy for each of the reasons listed above.

References

Terminology

  • RADD Solutions: RADD Solutions Limited
  • Our and We: RADD Solutions Limited
  • Supplier: RADD Solutions Limited unless otherwise specified
  • Client: An organisation that RADD Solutions Limited has entered into a contract with or supplies a service to.
  • You and Your: The data subject that is reading this document
  • Data Subject: The person who data is about
  • Contract: Any named activity for which a purchase order has been provided to RADD Solutions Limited
  • Personal Information: Information about the data subject that can identify the data subject or be connected to the data subject.

Personal Data

Certain personal information about you (the data subject) is collected, stored, controlled and processed by RADD Solutions. For the operation of RADD Solutions Limited as a business this may include:

  • Your names and salutation
  • Your job title, department and employer
  • Business contact information, including potentially personally identifiable email addresses
  • Personal contact details, if you give them to us, which may include home and mobile telephone numbers, home address and postcode, and personal email addresses.
  • Scheduled meetings between you and RADD Solutions including dates, times, location and minutes.
  • Your social media identifiers/links, if you have provided them to us or they are linked to email addresses that you have provided to us.
  • Any correspondence between you and RADD Solutions, in any medium, which may include digital copies and transcripts of phone and verbal conversations.
  • Any unforeseeable personal information sent to RADD Solutions by you through correspondence.
  • Documentation and reports that identify you as an author, stakeholder, decision maker, information source, and/or subject of an enquiry or support request. Your job title, employer and signature may also be recorded.
  • Consent (or declines) you have given to us for the collection and/or processing of your personal data
  • Information we are legally obligated to record and/or process
  • Records of your access to and modification of documents and information and your access and interactions with our electronic systems and services, which may include IP addresses of computers you use, your internet browser information and audit trails.

We use your personal information to identify and contact you and to schedule meetings with you.

If you or your employer enters into a contract with RADD Solutions we may need to contact you to fulfil our contractual obligations. We may also need to contact you for other legitimate business reasons, if you/we are considering entering into a contract together, if you or your employer is a client or supplier of ours, if you are a prospective or existing customer, or if we have a legal reason to contact you. Contact for any other reason will be with your consent: if you contact RADD Solutions this will constitute consent for communications relating to your contact but we may ask you if we can contact you for additional reasons.

Any correspondence between you and RADD Solutions, in any medium, which may include digital copies and transcripts of phone and verbal conversations, may be recorded. This is so that we can refer to past communications to better communicate with you in the future, as record of our legitimate business activities with you, and to improve our business services through the review of past communications.

Any personal information you sent us in communications may be recorded through automation. You are welcome to ask us to remove such content, which is true of all personal information we hold about you, and we will comply unless there are obligations that prevent us from doing so.

If we have business together you may be a person of importance in some way to a legitimate business activity of ours. As such you are likely to have provided and/or be identified in business documents and reports.

We may collect and process information about you for information and system security purposes: to detect malicious use, unauthorised access, malware, and other threats. For example, we may log electronic access and modification of documents, systems and services.

We may collect and process your information to ensure that our terms, conditions and policies are being appropriately enforced and to ensure that we comply with legal and regulatory obligations.

There may be legal or financial obligations which obligate RADD Solutions to record and/or process your personal information.

RADD Solutions may contact you for marketing or sales purposes. If we do not have a legitimate business reason to believe that you would be receptive to such activities, for example you are an existing customer, we will ask for your consent to contact you for these purposes. You may revoke your consent or tell us that you do not wish to receive marketing and sales information at any time. You may be able to change your consent on the RADD website at http://raddsolutions.co.uk or you can contact RADD Solutions Limited at info@raddsolutions.co.uk or write to us.

Before we contact you we may view your public social media information and any restricted social media information that you may have given us access to. This is so that we can better understand the person that we are conversing with and provide better responses and service. We do not record, hold or control this information except for a link to your online information and in certain circumstances, where you have not provided contact information to us but we have a contractual or legitimate business reason to contact you, we may collect and use your social media contact information to contact you.

Special Categories of Data

For general business purposes we do not control or process any special categories of data. We may do so for employment purposes or for contractual obligations to our clients under special circumstances: this will be documented in the specific data policies for those activities.

We do not provide services to children. We do not record, store, control or process the personal information of children.

Data Access

Primarily RADD Solutions limited will have access to your data because we have asked you for it and/or you have provided it to us though one of the following:

  • Online forms
  • Direct communications including email, letters and phone calls

Where possible we make disclosure of your personal information optional. We may not be able to provide some of our services to you if you do not provide certain information and some information we will be legally required to collect and process.

We may access your public social media information and restricted social media information that you have granted us access to. The social media services we use will explicitly ask for your permission before data is made available to RADD Solutions Limited.

Data Storage, Security and Transfer

RADD Solutions' technical staff occasionally use Evernote to store limited information about you as notes. Evernote does not currently store your data on EU servers but is certified for the Privacy Shield Framework. Please see Evernote Privacy Policy for more information.

All documents, communications, meetings and other data about you will be stored in Microsoft Azure or Microsoft Office 365, in UK data centres. These services are certified for ISO/IEC 27001 and other data security standards. See Microsoft Trust Center and Microsoft Trust Center ISO-IEC-27001 for more information.

Documents and information that are currently being worked on/with may temporarily reside on our employee's local workstations. We require that employees:

  • Purge local data as soon as it is no longer being actively worked on
  • Our employee's workstations run at least Windows 10 operating system with the latest Windows updates installed weekly
  • Windows defender and Windows firewall must not be disabled unless a more secure alternative to these services has been approved by the data privacy officer. Decisions will be based on the latest AV-Test results which scored Microsoft Defender as 6/6 for Antivirus protection (Dec 2017)

Your information may occasionally be recorded on paper or other physical mediums for legitimate business purposes. We require that such documents are kept either at our employee's place of work, our head office or with them, at all times. Paper records will be destroyed or redacted to remove all personally identifiable or sensitive information at least every two years unless there are legislative or financial obligations to keep them.

For legal or financial reasons, we may be required to disclose information we hold to legal or financial authorities.

While RADD Solutions Limited is not ISO/IEC 27001 certified we maintain data we control in services that are certified (Microsoft Azure and Office 365).

Retention

Financial and legal information will be retained for 7 years or longer if legally required.

Information relating to our clients and our clients' employees will be retained for up to 2 years after all contracts with the client have been terminated, unless it is financial or legal information relevant to RADD Solutions Limited.

Employee and applicant information will be retained for up to 2 years after employment has ended (or for applicants, has been unsuccessful) unless it is financial or legal information.

Information we hold about you to provide a service will be retained for up to 2 years after you have ceased to use the service or the service is no longer provided.

Personal information held by RADD Solutions will be reviewed at least every 3 years:

  • If there is no longer a reason to retain your personal information it will be deleted, destroyed or redacted
  • If we believe that your information may not be accurate we will attempt to validate and correct the information

Your Rights

You have the right to object to how we process your data. You have the right to access, correct, sometimes delete and restrict the personal information we collect. You have the right to complain to us and to the data protection regulator.

You may ask us to provide a copy of the data we hold about you, this is known as a Data Access Request. You will need to contact our data protection officer and provide a way of responding, typically an email address, and we will contact you within 72 hours. We will:

  1. Contact you to verify who you are and what services we provide and have provided to you.
  2. If you work with one of our clients we will inform them that a data access request has been made so that they can contact you and start their data access request process with you. We can only provide a copy of data that we control.
  3. Ask you for, and verify, any additional personal information you wish to provide that may identify you in our data.
  4. Search our document management system and databases for your information.
  5. Ask each of our employees to search for information they may currently hold about you that has not yet been uploaded to our central systems.
  6. Identify information that you may not be authorised to view or fully view for legal reasons, for contractual reasons or because the information identifies other individuals or contains other individual's personal information.
  7. Redact information that you are not authorised to view fully, where possible.
  8. Provide you with a copy or redacted copy of the information we hold about you and a summary of the information we hold but cannot provide. This will usually be provided as download link to a compressed archive (zip file) of your data.

Our data protection officer can be contacted by email at info@raddsolutions.co.uk or by writing to:


Data Protection Officer
RADD Solutions Limited
187 Hull Road,
Woodmansey,
HU17 0TR

We are registered with the Information Commissioners Office, registration number A8266715.