This privacy notice explains how Data GRC Ltd (Registered in UK, number 10892418, 27 Old Gloucester Street, London, WC1N 3AX, UK) uses personal data.
We are Data Controllers (ICO registration number ZA284104) for the following processes:
More detail is provided about each process below.
You can use our contact form to initiate business conversations with us. As a legitimate interest, we retain this data for two years.
We're strong advocates of long term business relationships. We retain contact and business data of people we have or may work with, as a legitimate interest. We will delete data if requested by the individual or if the data is no longer relevant.
When individuals apply to work at Data GRC, as staff or contractors, we will use the information that is provided to assess the applicant. We will obtain consent before reqesting references or other background checks. We will delete data from unsuccessful candidates after 6 months.
For employees, we will maintain employee records for a variety of reasons including legal (e.g. Employment, AML and tax law), contract (e.g. bank details) and legitimate interest (e.g. performance reviews). After their employment, we will delete data that is no longer required after 7 years, and retain high level information that may be required for references or legal reasons.
We fully respect your rights to request that we:
If you wish to raise a privacy request or contact us about any another matter, please contact our Data Protection Office using the form below or by sending a letter to "Data Protection Office, Data GRC Ltd, 27 Old Gloucester Street, London, WC1N 3AX, UK".
When we receive a request, we will verify your identity, then normally complete our response within 1 month. We will retain details of your request as a legitimate interest, for quality assurance purposes and to ensure we continue to comply going forward. Requests for "all data" will be deemed manifestly unfounded unless a clear and reasonable purpose can be ascertained
We only process personal data in the UK.
We only share personal data with third parties if they are processing that data on our behalf under written contract, or if required for legal or regulatory reasons. We will not sell or give away personal data.
Our website provides links to other websites, which are beyond our control. We encourage you to read the privacy statements on the other websites you visit.
This privacy notice was drafted with brevity and clarity in mind. Please let us know if you would like more details.
We reserve the right to update our privacy notice and cookie notice at any time. We will notify our Data Subjects of major amendments.
This notice was last updated 2nd January 2020.
+44 (0) 208 133 0242