Version 1.0 | 27th March 2020
Added to Website on 5th May 2020
Information About Us
Our Site is owned & operated by Green Light PBS Ltd, a limited company registered in England under company number 09496038
|Mor Workspace, Treloggan Lane, Newquay, Cornwall, TR7 2FP
|Data Protection Officer:
|Richard Jackson (Pulse Cyber Security – DPO as a Service)
Pulse Cyber Security, Trevenson House, Redruth, Cornwall, TR15 3PT
|Jo Pyrah (Nominated Individual)
Mor Workspace, Treloggan Lane, Newquay, Cornwall, TR7 2FP
1. What Does This Policy Cover?
2. What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
3. What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to access the personal data we hold about you; Part 9 will tell you how to do this
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold
- The right to restrict (i.e. prevent) the processing of your personal data
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 10.
It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed if we have that data.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau (CAB).
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.
4. What Personal Data Do We Collect and How?
We obtain personal data about you, for example, when:
- You request a proposal from us in respect of the services we provide
- Your employer or our client engages us to provide our services and during the provision of those services
- You contact us by email, telephone, post or social media (for example when you have a query about our services) or from third parties and/or publicly available resources (for example, from your employer or from Companies House)
The information we hold about you may include the following:
- Your personal details (such as your name and/or address)
- Financial details such as bank account numbers
- Details of contact we have had with you in relation to the provision, or the proposed provision, of our services
- Tax details such as tax codes, unique tax references, national insurance number and salary
- Details of any services you have received from us
- Our correspondence and communications with you
- Information about any complaints and enquires you make to us
- Information from research, surveys and marketing activities
- Information we receive from other sources, such as publicly available information, information provided by your employer or our clients
5. How we use personal data we hold about you
- We may process your personal data for purposes necessary for the performance of our contract with you or your employer or our clients and to comply with our legal obligations
- We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client
- We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes
- We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
a) Situations in which we will use your personal data
We may use your personal data in order to:
- Carry out obligations arising from any agreements entered between you or your employer or our clients and us which will usually be for the provision of our services
- Carry out obligations arising from any agreements entered between our clients and us which will usually be for the provision of our services where you may be a subcontractor, supplier or customer of our client
- Provide you with information related to our services and our events and activities that you request from us or which we feel may interest you, provide you have consented to be contacted for such purpose
- Seek your thoughts and opinions on the services we provide and
- Notify you about any changes to our services
b) Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
6. Do You Share My Personal Data?
a) Why might you share my personal data with third parties?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
b) Which third-party service providers process my personal data?
“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, administration services and payroll processing services.
All our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
c) What about other third parties?
We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
7. How Can I Access My Personal Data?
If you want to know what personal data, we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses provided. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
8. Privacy Overview
Here at Green Light PBS Ltd we are committed to building and keeping the trust and confidence of everyone we have contact with. We think it’s important that you know that we record your personal data when you do things like visit our website, our Facebook page or use our online services in any way. We want you to trust us with any information we collect and hold.
- What information we collect
- Why we collect it
- What we do with it
- When we may share it with others
- How you can access and update your information
Green Light PBS Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date.
9. Sensitive Data
We do not collect any Sensitive Data about you from this website. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
You are not required to provide any personal information on the public areas of this website; however, you may choose to do so by completing the application forms on various sections of our websites and Facebook pages, including:
- Our work with us / careers sections / pages
- Our publications section / pages
- Our seminars and events section / pages
- Our other online services; and
- Our contact us form
We may also obtain personal information from your IP address, operating system and web browser that you use to access our website or Facebook site. You may also provide us with personal information if you contact us by email, telephone or letter.
We require your explicit consent for processing sensitive data, and we will request your signature for this consent.
10. How we use your personal data
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- Where we need to establish and perform the contract between us, for example if you apply to work for us
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
Generally, we do not rely on consent as a lawful basis for processing your personal data, other than in relation to sending marketing communications to you via email or text message.
You have the right to withdraw your consent to receiving marketing information from us at any time by emailing us at: email@example.com
11. Purposes for processing your personal data
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data.
Please email us at firstname.lastname@example.org if you need details about the specific lawful basis we are relying on to process your personal data where more than one ground has been set out in the table below:
|Purpose / Activity||Type of Data||Lawful Basis for Processing|
|To register you as a new customer||
||Performance of a contract|
|To manage our relationship with you which will include:
Asking you to leave a review or take a survey
||Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests to keep our records updated and to study how customers use our services
|To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
||Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise
Necessary to comply with a legal obligation
|To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising||
||Necessary for our legitimate interests to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy|
|To use data analytics to improve our website, services, marketing, customer relationships and experiences||
||Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||
||Necessary for our legitimate interests to develop our services and grow our business|
12. Marketing communications
You will receive marketing communications from us if you have:
a. Requested information from us or purchased goods or services from us; or
b. If you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications; and
c. In each case, you have not opted out of receiving that marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by emailing us at email@example.com at any time
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product / service purchase, service experience or other transactions.
13. Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 2 above:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors, HR professionals and insurers who provide consultancy, banking, legal, insurance and accounting services
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
- CQC, Safeguarding authorities and other Health and Social Care regulators
- Third parties to whom we sell, transfer, or merge parts of our business or our assets
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We share your personal data within our group of companies which involves transferring your data outside the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
14. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
|Email address: email@example.com
Postal Address: FAO Data Protection Officer
Green Light PBS Ltd. Mor Workspace, Treloggan Lane, Newquay, Cornwall, TR7 2FD
Telephone number: 01637 416444
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
16. Regulatory Bodies & Memberships
We are regulated by the Care Quality Commission (CQC)
Cornwall Council commission services and conduct periodical Quality Assurance Visits