This privacy notice explains how Data GRC Ltd (Registered in UK, number 10892418, 27 Old Gloucester Street, London, WC1N 3AX, UK) uses personal data.
We are Data Controllers (ICO registration number ZA284104) for the following processes:
More detail is provided about each process below.
Unless otherwise stated...
We only process personal data in the UK.
Security of personal data is very important to us. We use a wide range of organisational, technical, physical and operational controls to prevent unauthorised access to data. Our controls are assessed on a regular basis.
We only share personal data with third parties if they are processing that data on our behalf under written contract, or if required for legal or regulatory reasons. We will not sell or give away personal data.
We fully respect your rights to request that we:
If you wish to raise a privacy request or contact us about any another matter, please contact our Data Protection Office using the form below or by sending a letter to "Data Protection Office, Data GRC Ltd, 27 Old Gloucester Street, London, WC1N 3AX, UK".
When we receive a request, we will verify your identity, then normally complete our response within 28 days. We will retain details of your request as a legitimate interest, for quality assurance purposes and to ensure we continue to comply going forward.
We record your IP address, pages you visit and datetime stamp. This is a legitimate interest to help maintain the security and performance of the website. The information is not used to identify visitors and is deleted after two years.
You can use our contact form to initiate business conversations with us. As a legitimate interest, we retain this data for two years.
We're strong advocates of long term business relationships. We retain contact and business data of people we have or may work with, as a legitimate interest. We will delete data if requested by the individual or if the data is no longer relevant.
When individuals apply to work at Data GRC, as staff or contractors, we will use the information that is provided to assess the applicant. We will obtain consent before reqesting references or other background checks. We will delete data from unsuccessful candidates after 6 months.
For employees, we will maintain employee records for a variety of reasons including legal (e.g. Employment, AML and tax law), contract (e.g. bank details) and legitimate interest (e.g. performance reviews). After their employment, we will delete data that is no longer required after 7 years, and retain high level information that may be required for references or legal reasons.
Our website provides links to other websites, which are beyond our control. We encourage you to read the privacy statements on the other websites you visit.
This privacy notice was drafted with brevity and clarity in mind. Please let us know if you would like more details.
We reserve the right to update our privacy notice and cookie notice at any time. We will notify our Data Subjects of major amendments.
This notice was last updated 28th April 2018.
+44 (0) 208 133 0242