INVADE International Limited Data Management and Data Governance Policy
1.Purpose
INVADE International Limited (INVADE) has implemented this policy for the following reasons:
- We are required by law to comply with GDPR and other legislation such as PECR.
- We wish to follow good practice
- We wish to protect clients, staff and other individuals
- We wish to protect the organisation
2.Types of data
Data may include name, email address, position within the company, telephone contact details, details of business interest, and full company information.
INVADE does not hold any data on an individual that could be termed sensitive and holds no special category data on any individuals.
3.Legal basis for processing data
INVADE may process data for the following reasons:
- Consent has been given
- To fulfil contractual obligations
- To fulfil legal or statutory obligations
- Where we have identified a legitimate interest
4.Policy Statement
INVADE emphatically respects the individuals rights to have their data permanently removed from any of its records so long as this does not impact on data that INVADE has a legal obligation to retain.
We comply with the law and good practice concerning the storage and use of data. We undertake to be open and honest with individuals whose data is held.
All personnel employed by or contracted to INVADE will be trained to understand good practice in relation to data handling.
5.Security and Location
Data is held securely behind a firewall and on secure protected servers off-site. Data is stored in the following places: i) within an email system which retains details of emails sent to and from the organisation by/to individuals with whom it engages. ii) within a CRM system for the purpose of logging business and technology interests and ensuring that we continue to provide relevant business information to individuals and organisations that have requested it. iii) within an accounts system where invoices are raised and payments made to companies with whom we conduct business and where we are required by law to document such transactions. iv) within a secure hosted mailing system where the data has been populated from the CRM system. v) within a document storage system containing documents relevant to the business relationship.
With explicit consent from the individual some data may be included in news items on the INVADE website or other promotional materials.
All communication from INVADE to individuals affords the individual an opportunity to be removed from all our data records. If a data breach occurs that represents a risk to an individual’s rights and freedoms the ICO will be informed.
For all enquires and requests for information covered by this policy, please email operations@invade.net
For more information on GDPR and the ICO see:- https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/