Privacy Policy

 

 

PRIVACY NOTICE

Your privacy is important to us. This Privacy Notice explains what personal data Vedette Consulting Ltd collects from you, how we use that data, and the processes we have in place to govern its management.  It is tailored to comply with the General Data Protection Regulation ((EU) 2016/679) (GDPR)

Personal Data We Collect

Vedette Consulting Ltd collects data to operate effectively in providing you the best information about and access to our consultancy services.  The types of personal data we actively collect are:

  • Contact Details: These will consist of email addresses, addresses, telephone numbers needed to facilitate the fulfilment of our contract with you. We will review these annually for accuracy.
  • Curricula Vitae: These are used as part of business process and are shared with clients on behalf of sub-contractors. Our employee data is governed by separate internal policies.
  • Extended Data sets to fulfil a contract. These can consist of Security and Financial information.

Legal Basis

Vedette Consulting Limited collects data under two of the six legal bases set out in the GDPR.  They are:

  • Performance of a contract. This allows us to collect and store personal data for employees, sub-contractors and clients where it is needed to perform a contract we have in place.
  • Legitimate Interest. This allows us to collect and hold data to pursue our legitimate interests for purposes where they are not overridden because the processing prejudices the interests or fundamental rights and freedoms of Data Subjects. We also may use the data to communicate with you, for example, informing you about our services.
  • In rare circumstances where the two bases above do not pertain we are required and will obtain positive consent, renewed annually, to hold related personal data.

Security and Erasure

We hold your personal data using technical and organisational measures that match or exceed the requirements of the GDPR and Cyber Essentials Plus.  We will review and check contact details annually and delete one month after termination of contracts. Some financial related information must be held for 7 years. CVs will be deleted one month after contract termination or the successful conclusion of a recruitment process unless we have permission from the individual to retain it.

Reasons We Share Personal Data

We share your personal data only where necessary to complete any contract on your behalf or deliver any service you have requested or authorised. We also share data if required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights or property of Vedette Consulting Ltd.

How to Access & Control Your Personal Data

You can view, request to edit or delete your personal data by contacting Vedette Consulting Ltd directly. At your request, we shall provide a copy of all Personal Data held by us in the format and on the media reasonably specified by you. In addition, at least on an annual basis we will positively confirm the accuracy of the data we hold.

Data Breach

We shall, within 72 hours of becoming aware (or earlier if reasonably practicable), notify you in writing of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data where it is likely to affect the protection of your personal data or your privacy. We will give you the information required by Data Protection Legislation to allow you to understand the impact of the breach.  We will promptly comply with any instructions provided by you, and cooperate with you, in relation to the data breach.

Subject Access Requests

We shall provide you with such reasonable assistance as you require in relation to any complaints made by Data Subjects or investigations or enquiries made by any regulator or supervisory authority relating to you or your obligations under GDPR.

All requests shall be actioned within one calendar month.

Internal Training

We shall ensure that any of our Personnel with access to Personal Data are both bound by confidentiality obligations in respect of access, use or processing of such Personal Data, and have received appropriate training.

Termination of Contract            

On termination or expiry of our contract, at your request, we shall delete or return to you all Personal Data processed by us on your behalf, and we shall delete existing copies of such data. For financial and legal reasons we are required to hold certain information beyond the scope of our contract.  These are 7 years for core financial transaction data and two years to facilitate the potential provision of insurance protection for services delivered.

Summary

Privacy and protection of data are critical for you and our business.  We will regularly check that we are meeting our commitment and look for ways to make it even stronger.  Our data protection responsibilities are performed by Mai Wood and she can be contacted at businessadmin@vedetteconsulting.co.uk.