Privacy Notice

Privacy Notice (Business Persona)

1 Introduction

1.1 We are Greyfield Consultancy Services Ltd.

1.2 We are committed to safeguarding your personal data and this notice covers our use of Personal Data in relation to Business Contact Details (Business Persona).

1.3 If you have visited our website we also have a separate cookie policy.

1.4 We may change this policy from time to time by updating this page. Please ensure you check this page for updates to this policy. The latest policy is version 3.0, issued June 2018.

1.5 Please contact us if you believe we hold data about you for another reason.

2 Data we collect about you

2.1 We collect business contact details provided to us by you as a customer or supplier (including as a potential customer/supplier).

2.2 This data will only be collected directly from you, for instance via our web contact form, email, telephone, etc.

2.3 This data, your contact details, includes some or all of the following items:

  1. Your Name
  2. Job Title
  3. Organisation
  4. Organisation postal address
  5. Organisation email address
  6. Organisation website (URL)
  7. Organisation telephone number
  8. Mobile Number*
  • * A mobile number may be a personal mobile number if it has been provided by the individual in relation to providing (business) contact details.

3 How do we use your data?

3.1 If you are one of our customers (or a potential customer) we use information about you to:

  1. to provide you with information you requested from us, such as details of services we offer, quotes, and bid responses; or
  2. to contact you about a contract/order you have placed with us.

3.2 If you are a supplier (or a potential supplier) to us we use information about you to:

  1. to provide you with information you requested from us; or;
  2. to contact you about a contract/order we have placed with you.

3.3 Greyfield Consultancy Services Ltd. act as the Data Controller for the personal data you have provided to us, which means we decide what data we hold and how it is used.

3.4 No other organisation has access to your personal data unless it is specifically required to meet either contractual obligations or our legitimate interests, although we may store your information with a cloud provider (see below).

4 Who do we share your data with?

4.1 In order to provide a range of services we have a number of trusted partners with whom we team up where we cannot provide a specific solution ourselves, and so we may provide them with your contact details (your personal data).

4.2 Similarly, if you are one or our partners, we may provide a customer (or potential customer) with your contact details (your personal data).

5 Why do we share your data?

5.1 If you are one of our customers (or potential customer) we may share your data with a trusted partner:

  1. to allow a partner to contact you about a contract/order you have placed with us; or
  2. to allow a partner to provide a service relating to a contract/order you have placed with us.

5.2 In particular, where you have engaged us to conduct a Cyber Essentials and/or IASME Governance Assessment, we use the Pervade portal system (www.iasme.pervasde.co.uk) to allow you to complete the online assessment questionnaire. Greyfield Consultancy Services Ltd. will then complete the assessment using the Pervade portal.

5.3 We may also share your data with one of our trusted partners to allow them to contact you about information you requested from us, but which our partner is better placed to provide.

5.4 If you are a supplier (or potential supplier) to us we may share your data with one of our customers (or potential customer) to allow them to contact you where we believe you may be able to provide them with information they have requested from us.

6 What data do we share?

6.1 The data to be shared constitutes all or some of the items listed under Data we collect about you, but only as necessary for the purposes specified in Why do we share your data?.

6.2 In particular, where the Third Party has engaged Greyfield Consultancy Services Ltd. to conduct a Cyber Essentials and/or IASME Governance Assessment, the following data items are required to create the assessment record and login credentials for the Data Subject on the Pervade portal system:

  1. Name
  2. Job Title
  3. Organisation
  4. Organisation postal address
  5. Organisation email address
  6. Organisation website (URL)
  7. Organisation telephone number
  8. Mobile Number

7 Your rights to your data

7.1 You have the right to ask us for a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email us (privacy @ greyfield.co.uk) or write to us at the following address.

7.2 We make all efforts to ensure that data we hold about you is correct. Your data is important to us, and you may ask us to correct or remove information you think is inaccurate.

7.3 In certain circumstances (for example, where the accuracy of your personal data is contested) you may request that the processing of your personal data is restricted.

7.4 Where we are processing of your personal data due to your explicit consent, you may subsequently withdraw your consent at any time and your personal data will be subsequently removed.

7.5 You may also ask that we erase your personal data (the ‘right to be forgotten’); please note that may not be able to erase your data where your data is necessary:

  1. to comply with a legal obligation;
  2. for the performance of a task carried out in the public interest or in the exercise of official authority;
  3. for the establishment, exercise or defence of legal claims.

8 Where do we store your data and how do we protect it?

8.1 We hold your data on our internal secure servers and on secure cloud-based services hosted within the UK and in the Republic of Ireland.

8.2 We have rigourous data protection systems in place, and access to your data is restricted to internal use by authorised staff of Greyfield Consultancy Services only. We are certified to Cyber Essentials Plus and we are audited against the IASME Governance standard.

9 How long do we keep your data?

9.1 Where your business contact details form part of our requirement to retain financial/accounting records, your data will be kept for a period required by HMRC.

9.2 If you have been certified by us to the Cyber Essentials, Cyber Essentials Plus or the IASME Governance standard, then your data will be kept for six full calendar years following the date of your certification, as required by our contractual obligations as a Certification Body.

9.3 Otherwise, your business contact details will be kept for a maximum of one year from the completion of your last contract/order placed with is.

9.4 We may, however, keep your data longer in the event of a legal dispute or other legal obligations, but only for as long as required to settle the dispute or discharge such obligations.

9.5 We may also contact you gain your consent to retain your details for a further year in order to keep you up-to-date with services that we may offer you; you may object to this use and/or withdraw your consent at any time at which point we will securely delete your data and not contact you again (unless you then contact us).

10 Complaints

10.1 You may make complaints about your personal data by contacting us (complaints @ greyfield.co.uk) or write to us at the following address.

10.2 Alternatively you may make a complaint about our handling of your personal data by contacting the UK Information Commissioner’s Office here.

10.3  We are registered as a Data Controller with the UK Information Commissioner’s Office.

10.4  Our data protection registration number is ZA101794.

11 How can you contact us?

11.1 Please contact us by email: privacy @ greyfield.co.uk

11.2 Or, write to us at:

  • Greyfield Consultancy Services Ltd.
  • Richmond House
  • Wells Road
  • Hallatrow
  • Bristol
  • BS39 6EJ

Spaces have been added to the email address to avoid use by spambots – these spaces should be removed when using the email address