Data Protection Policy

Pace Consult Ltd
INTRODUCTION
Anyone who obtains personal data about other individuals is a ‘data controller’ and is thus regulated by the General Data Protection Regulation 2018 (GDPR). The Regulation controls what can lawfully be done with personal data. Personal data is any information which can identify an individual.

This can include any of the following:

Name
Date of Birth
Address
Email address (personal or business) IP address
is not exhaustive.

INFORMATION WE HOLD
In order to continue to undertake our work, we hold certain information about our clients and suppliers. This information includes:

• Name
• Company
• Address
• Email address
• Telephone number
• Bank details
• Credit check reports

The business does not keep records of ‘sensitive data’ for our clients or suppliers.

HOW WE USE THE DATA WE HOLD
The data we hold will only be used for the purpose for which we were given the information. We will never sell the data we hold on our clients or suppliers to third parties. We may occasionally send data subjects information on new legislation which we believe may be of interest, information on new services which we offer or other news regarding the business which may be of interest.

OUR OBLIGATIONS
Below is a summary of the legal obligations imposed upon us and the rights that you have under the
General Data Protection Regulation 2018 together with our policies about those rights and obligations.

The principles for processing personal data are:
1. Lawfulness, fairness and transparency;
2. Purpose Limitation;
3. Data minimisation;
4. Accurate;
5. Storage limitation i.e. not kept longer than necessary;
6. Integrity and confidentiality.
 
We are committed to following these principles and to ensuring all our data processing in relation to data of which you are the subject is lawful. We will take all reasonable steps to ensure that the data we process is accurate. We will retain the data for as long as we are providing you a service, are likely to provide a service due to an enquiry we have received, or you are providing us a service.

We will process data in accordance with
your rights under the GDPR. Data will be kept in a secure system whether manual or computerised at all times.

YOUR RIGHTS UNDER THE ACT
The GDPR gives individuals certain rights to control how information about them is obtained, used, store d and distributed.

These rights are:
• the right to be informed
• the right of access
• the right to rectification
• the right to erasure
• the right to restrict processing
• the right to data portability
• the right to object
• rights in relation to automated decision making and processing.
 
Pace Consult ltd - Privacy & Data Security Policy

Rectification of Data
Individuals are entitled to have inaccurate personal data rectified or completed if it is missing. This request can be made in writing or verbally. Pace Consult will rectify data within one month and free of charge. If the request is manifestly unfounded or excessive, taking into account any repetitive nature, has a right to refuse to deal with the request or to charge a reasonable fee. The fee will be based on ad ministrative costs involved in complying with the request.

Right of Access
If the data subject wishes to access the data we hold, the data subject must provide Pace Consult with any information reasonably requested to enable us to be satisfied as to the data subject’s identity and to locate the information.

Where disclosure of data would necessarily mean that information relating to a third party would be disclosed Pace may refuse to disclose it unless the third-party consents or it is reasonable to disclose the information without such consent.

Direct Marketing
Pace Consult Limited does not currently use any data we hold for marketing purposes. Should the use of data for direct marketing become practice you will be notified and given the opportunity to opt out and our policy will be update accordingly.

Breach
Pace Consult will report any data breaches to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. If the breach is likely to adversely affect the individual’s rights or freedoms, the individual must be informed also. Pace must keep a record of any and all personal data breaches.
 
Further Information
Further information regarding your rights can be found on the ICO’s website: https://ico.org.uk/.