New legislation introduced namely the General Data Protection Regulations (GDPR) came into force on 25 May 2018. The regulations are intended to ensure that data is controlled and the sharing of data is regulated. The nature of our business is that ALL the information we hold is and has always been treated as highly confidential consequently we do not share data with other parties accept as specifically instructed by clients. This will not change. GDPR does afford rights to individuals whose data we might hold placing an obligation under the legislation for us to provide information to those applying for data to provide it to them. To protect client confidentiality we have adopted a policy not to keep investigation data beyond the conclusion of investigations. In this policy we will state how we will erase all but current ongoing investigation data except that required for accounting purposes which we have constructed to keep to the absolute minimum required information. The principal is simple if we do not store the data we cannot share it or have it breached in anyway. This change of policy fulfils the requirement of law and ensures that increased rights of individuals to data held do not breach client confidentiality.
Who we are
If you have any concerns, or would like more detail about how we process your Personal Data, you can contact us using info at Boothroydassociates.co.uk
Protecting Your Personal Data
Your Personal Data isn’t just protected by the quality, commitment and high standards of Boothroyds, it’s also protected by law. The law states that we can only process your Personal Data when there is a genuine reason to do so.
When we have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected and we must not process it in a way that would be unfair to you or your interests.
If we do use legitimate interests as a reason to process your Personal Data you have the right to object. However, compelling grounds for processing such information may over-ride your right to object.
How long we keep your Personal Data/Periodic Erasing of Data
Whenever your data is kept by Boothroyds we will ensure that it is appropriately protected and only used for acceptable purposes.
We will keep your data for the period that you are a customer of Boothroyds and unless otherwise instructed by you, on the 1st day of the month after we have completed your instruction we will erase any reports we have provided or any information we have upon you or the subject(s) we are instructed to investigate. We will retain however your name and the subject’s name or company on our daybook spreadsheet for our accounting records.
If you are no longer a client of Boothroyds, we will keep your data for the minimum length of time required to comply with the purposes set out in this policy and relevant legal or regulatory obligations. Your Personal Data may be kept longer if we cannot delete it for technical reasons.
The information and data about you which we may collect, use and process includes the following:
Telephone conversations, completed webforms, emails, letters other digital communications such as SMS and WhatsApp messages, verbal communication face to face and any other communication method of your choosing.
Where it is reasonable for us to do so and not detrimental to your rights and freedoms, we also collect Personal Data from publicly available sources such as internet searches, Companies House, and broadcast media.
Information we have may have been obtained from information you have chosen to share publically on social media or otherwise on the internet etc. We have no control over this.
Personal Data we share with others
We will only share data as per the explicit instructions of clients or as required to do so by a requirement of law.
Data Transfer Outside the EEA
We will only transfer your Personal Data outside of the EEA where:
• We have the explicit instruction to do so from clients
• To comply with a legal duty or obligation
If we do transfer your Personal Data outside of the EEA, within Pegasus, we will take measures to ensure it is protected to the same standards as it would be within the EEA by relying on one of the following:
• The country that is receiving your Personal Data has been found by the European Commission to offer the same level of protection as the EEA. More information can be found on the European Commission Justice website.
• We will use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA
• Where the transfer is to the USA and the recipient is registered with Privacy Shield. Privacy Shield is a framework that ensures Personal Data is protected to a level approved by the EU. Read more about Privacy Shield on the European Commission Justice website.
In some instances we may be compelled by law to disclose your Personal Data to a third party and may have limited control over how it is protected by that party.
Your rights over your Personal Data
We will assist you if you choose to exercise any of your rights over your Personal Data, including:
• Withdrawing your previously granted consent; however, this will not invalidate any previously consented processing
• Lodging a complaint with any relevant Data Protection Authority
• Access to your Personal Data that we hold or process
• Correction of any Personal Data that is incorrect or out of date
• Erasure of any Personal Data that we process
• Restrict processing of your Personal Data in certain circumstances
• Asking us to provide you or another company you nominate with certain aspects of your Personal Data, often referred to as ‘the right to portability’
• The ability to object to any processing data where we are doing it for our legitimate interests
• The ability to contest a decision made entirely by automated processing, to express your point of view and to request that a human review the decision
For more information on these rights you can contact firstname.lastname@example.org.
Changes to our Privacy Statement
We may update this policy from time to time, so please review it frequently.