To uphold the highest levels of data protection for our customers, we voluntarily engage an independent company to assist with our data protection compliance activities. For all data related matters, including subject access requests, please contact our Data Protection Officer.
Acclaim Contracts Ltd
Email: [Link to contact form]
Contact Our Data Protection Officer
Jennifer House – Smarter Data Protection Ltd
The data we collect from you
We collect, store and process any information you submit when you use our Contact Us form. We will only ever ask you for contact and identity information including name, email address and telephone number.
We do not collect additional data about you from any third parties.
How we process your data lawfully
We only ever use the data we collect from you to respond to your enquiry, or to enhance and improve the performance of our website for our customers and visitors.
As a data controller, we must always have a lawful basis upon which to process your data. We use the lawful basis of legitimate interests in order to process your data to respond to any enquiry you submit using our website contact form.
Wherever we use legitimate interests as our lawful basis for processing, you have the right to object to that processing. If you’d like to do so, please contact our Data Protection Officer.
We will only use your personal data for the purpose we’ve collected it. This is unless we need it for another reason that we believe is compatible with our original purpose.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Details of retention periods relating to your personal data can be requested from our Data Protection Officer.
Who we share your data with
In the course of doing business with you, we may have to share your personal data with the parties set out below:
- Service providers acting as processors based in the European Union, and on occasion the United States of America, who provide IT and system administration services.
- Professional advisers acting as processors including lawyers, bankers, auditors and insurers based in the UK who provide related services to us.
- HM Revenue & Customs, regulators and other authorities based in the UK acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We fully support your rights. If you ever feel this is not the case please contact our Data Protection Officer or the Information Commissioner’s Office to discuss the matter further.
At any point during the time you seek to use our services you can exercise your:
- Right of access – contact us for a copy of the data we hold about you.
- Right of rectification – let us know if the data we hold is out of date or inaccurate and we’ll update it.
- Right to be forgotten – if you no longer want to use our services, please contact us and we’ll delete all related data where we’re able to.
- Right to restrict processing – we only ever collect the data we need and actively ensure we’re never collecting anything over and above that need.
- Right of portability – we will support reasonable requests to transfer your data to another organisation should you require it.
In the event we ever need to refuse to your rights we will provide you with a reason why. You will then have the right to complain to the supervisory authority as outlined below.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We engage a small, trusted group of GDPR compliant data processors. They will only process your personal data on our instructions, they are party to a data processing agreement with us which includes a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.
We only transfer your data outside of the European Economic Area (EEA) when we utilise the services of carefully selected external third parties based in the United States of America who provide IT and administration services. Each one of these providers participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.
Subject Access Requests
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To submit a Subject Access Request, please contact our Data Protection Officer.
In the first instance please contact our dedicated Data Protection Officer. If this does not resolve your issue you have the right to lodge a complaint with the Information Commissioner’s Office, the United Kingdom’s Supervisory Authority.
Information Commissioner’s Office
Tel: 0303 123 1113
Online contact form: https://ico.org.uk/global/contact-us/email/