WHO ARE WE?
InfoShelter Ltd. Is an independent information security and data protection consultancy operating mainly in the market research industry. We provide our clients services and solutions relating to information security, both technical and procedural, as well as data privacy services including but not limited to DPO As A Service.
We are registered in England and Wales and our Company Registration Number is 11326045. Our Registered Address is 3rd Floor 86-90 Paul Street, London, England, EC2A 4NE.
We are committed to meeting the requirements of applicable data protection legislation including the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
With respect to our consultancy activities we are always the Data Processor. Any personal information passed to us from a third-party data controller is done so to assist us to perform our obligations under a specific contract / project. We never determine additional purposes or means for processing this information. We would always obtain consent from you and the data controller for any additional processing activities outside those of the original purpose.
WHAT PERSONAL DATA DO WE PROCESS?
In our DPO As A Service engagements we actively monitor DPO mailboxes to respond to requests made from you (the Data Subject) to our clients – usually involving a particular market research study. This mailbox may be connected to an application local to the InfoShelter environment, and a copy of your request is stored on our systems. These requests would normally contain the following information:
- Your name
- Your email address
- Any information provided in your email signature (e.g. telephone number / address).
- Some details of the market research survey you have undertaken.
How will it be used?
Upon receipt, we will send an acknowledgement of your request , acting as the DPO on behalf of our client.
Your personal data is then used to identify you with our client (for example in the project) and fulfil your request (for example remove you from the database so you will not be contacted further).
Who has access to your data?
Aside from our clients, who would have contacted you initially for market research purposes, only InfoShelter will have access to your personal data.
We will never sell or rent your information to third parties.
We will never share your information with third parties for additional marketing purposes.
How long will we keep your data?
Each one of our clients has different retention periods. Personal data is kept on our systems in line with the retention period contained in our Data Processing Agreements with our clients. For more information please email firstname.lastname@example.org.
How do we secure your data?
InfoShelter is a security consultancy at heart – protecting personal data is at the centre of everything we do. The following is ingrained in our culture:
The following is now ingrained into InfoShelter’s culture:
- Defence in depth – our security controls have been designed and implemented in a layered way.
- Risk based approach – every decision we make around privacy and security measures is based on a risk assessment.
- Security and Privacy by design – security and privacy is baked into each of our processes.
- Encryption at rest and in transit – we encrypt your personal data whilst it is stored on our servers and when we transfer it to clients, sometimes through third party services.
- Principle of least privilege – all of our systems are configured to only permit our team the necessary access they need to fulfil their job roles.
Under certain circumstances you will be able to activate your following rights with the data controller (our client).
- Right of access you have the right to request a copy of the information that we hold about you.
- Right of rectification you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing where certain conditions apply to have a right to restrict the processing.
- Right to object you have the right to object to certain types of processing.
- Right to judicial review in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
Please contact our DPO (email@example.com) if you would like to exercise any of these rights.
If for any reason you are unhappy with our use of your data and wish to lodge a complaint, you can contact the Information Commissioner’s Office as the supervisory authority within the UK. You can do so using their website at ico.org.uk .
We may also use information obtained from cookies or similar technology. Cookies are text files containing small amounts of information which we download onto your computer or device when you visit our website. We can recognise these cookies on subsequent visits and they allow us to remember you.
If you want to delete any cookies that may already be on your computer or device, please refer to the instructions for your file management software to locate the file or directory that stores cookies. If you want to stop cookies being stored on your computer in future, please refer to your browser manufacturer’s instructions by clicking “Help” in your browser menu. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.
Review of this policy
We keep this Policy under regular review. This Policy was last updated in February 2020.