Your privacy is important to us. This Privacy Notice explains what personal data Vedette Consulting Ltd collects from you, how we use that data, and the processes we have in place to govern its management. It is tailored to comply with the General Data Protection Regulation ((EU) 2016/679) (GDPR)
Personal Data We Collect
Vedette Consulting Ltd collects data to operate effectively in providing you the best information about and access to our consultancy services. The types of personal data we actively collect are:
Vedette Consulting Limited collects data under two of the six legal bases set out in the GDPR. They are:
Security and Erasure
We hold your personal data using technical and organisational measures that match or exceed the requirements of the GDPR and Cyber Essentials Plus. We will review and check contact details annually and delete one month after termination of contracts. Some financial related information must be held for 7 years. CVs will be deleted one month after contract termination or the successful conclusion of a recruitment process.
Reasons We Share Personal Data
We share your personal data only where necessary to complete any contract on your behalf or deliver any service you have requested or authorised. We also share data if required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights or property of Vedette Consulting Ltd.
How to Access & Control Your Personal Data
You can view, request to edit or delete your personal data by contacting Vedette Consulting Ltd directly. At your request, we shall provide a copy of all Personal Data held by us in the format and on the media reasonably specified by you. In addition, at least on an annual basis we will positively confirm the accuracy of the data we hold.
We shall, within 24 hours of becoming aware (or earlier if reasonably practicable), notify you in writing of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data where it is likely to affect the protection of your personal data or your privacy. We will give you the information required by Data Protection Legislation to allow you to understand the impact of the breach. We will promptly comply with any instructions provided by you, and cooperate with you, in relation to the data breach.
Subject Access Requests
We shall provide you with such reasonable assistance as you require in relation to any complaints made by Data Subjects or investigations or enquiries made by any regulator or supervisory authority relating to you or your obligations under GDPR.
We shall ensure that any of our Personnel with access to Personal Data are both bound by confidentiality obligations in respect of access, use or processing of such Personal Data, and have received appropriate training.
Termination of Contract
On termination or expiry of our contract, at your request, we shall delete or return to you all Personal Data processed by us on your behalf, and we shall delete existing copies of such data. For financial and legal reasons we are required to hold certain information beyond the scope of our contract. These are 7 years for core financial transaction data and two years to facilitate the potential provision of insurance protection for services delivered.
Privacy and protection of data are critical for you and our business. We will regularly check that we are meeting our commitment and look for ways to make it even stronger. Our data protection responsibilities are performed by Ella Hutchings and she can be contacted at [email protected].