DATA PROTECTION AND
RETENTION POLICY

SMART CONSULTANCY & COACHING LTD

DATA PROTECTION AND RETENTION POLICY

Introduction

In order to operate is business, Smart Consultancy & Coaching Ltd needs to gather, store and use certain forms of information about individuals, who are almost exclusively customers, but may include suppliers, potential suppliers, business contacts and other people the company has a relationship with or regularly needs to contact. This policy explains how this data will be collected, stored and used in order to meet the requirements of data protection standards and comply with the General Data Protection Regulations (GDPR).

The policy applies to all those handling data on behalf of Smart Consultancy & Coaching Ltd and applies to all data that the company holds relating to individuals which includes:

· Names

· Email Addresses

· Postal Addresses

· Phone Numbers

· Low level financial information in order to collect monies owed.

All individuals who have access to this data has a responsibility to adhere to this policy.

Application of Data Protection Principles

· Data will be processed in a transparent way.

A customer’s name and contact details will be collected when they first communicate their interest in the company’s range of products and services and will be used to contact the company or individual for contractual purposes.

An individual’s name and contact details may be collected at any time for marketing purposes in order to communicate with them and promote activities.

· Personal Data will only be used for specified purposes

Smart Consultancy & Coaching Ltd will provide a clear and specific explanation why the data is required and what it will be used for.

Smart Consultancy & Coaching Ltd will not collect or store more data than the minimum information required for its intended purpose.

Smart Consultancy & Coaching Ltd will review the data held annually but it can be changed by a contact whose details are held, at any time.

· Personal data will be kept for only as long as necessary .

Personal data will only be retained for as long as is necessary in order to fulfil contractual or other business purposes, or for legal reasons.

· Personal Data will be kept safe .

Bulk data will be stored electronically on a password protected system and hard copies will be stored in a lockable cabinet. Access to data will be restricted to those individuals who have a legitimate need for access.

· Personal Data will not be transferred to any other organisation either in
UK or abroad

Although personal details are available to professional advisers or legal authorities in the discharge of their professional duties, no information will be transferred to any other person or organisation in either the UK or abroad, unless expressly authorised in writing.

Individual’s Rights

The individual has the following rights:

· Right to be informed of what data is being collected and how it is being used

· Right of Access: Individuals can request to see the data that is held on them

· Right of Rectification if data inaccurate or incomplete

· Right to Object to data being used for a purpose

· Right to Erasure though data retention policy will ensure that data is not held for longer than necessary

· Right to Restrict Processing (eg if accuracy has been contested)

Marketing

Smart Consultancy & Coaching may occasionally collect data from consenting individuals for marketing purposes which may include contacting them to promote products and services, updating them about company news and activities.

Any time data is collected for this purpose, Smart Consultancy & Coaching Ltd will provide a clear and specific explanation of what the data will be used for and a method for individuals to show their active and positive consent to receive these communications, and also a method to withdraw that consent which will be processed within 14 days.

Data Retention

Personal data held by Smart Consultancy & Coaching will be reviewed annually to establish if there is still good reason to retain and use the data held.

Personal Data no longer required will be electronically deleted or shredded and mailing lists will be amended as required.

The review will be conducted by the Data Protection Officer (Company Secretary) in conjunction with the company Director(s).