IES must gather, store and use “personal data” as defined by the European Union Regulation (EU) 2016/679 in order to market our products and services to you. The collection and processing of personal data is subject to restrictions aimed at protecting the privacy of individuals.
We are registered with the Information Commissioner Office and we adhere to good practice in our data protection policy, including adherence to the General Data Protection Regulations and the PECR guidelines for records retention. A copy of the data protection policy can be obtained from our website or by emailing firstname.lastname@example.org.
This privacy statement will describe the reasons why personal data is needed, how it will be used, who will be able to access the information and when it will be deleted from our records. It also explains your rights to access your data under data protection laws or seek to have it rectified or deleted. We will at all times comply with the provisions of the European Union General Data Protection Regulations (“GDPR”)
2. Personal data which we hold about you
We request very little identifying information from you and only for specific set of purposes.
The personal data we hold on you is:
Your personal data is held:
Sometimes, we may ask questions where you are not personally identifiable from your response although we may post responses on the Website. These instances will be highlighted to you but in all other instances, you should assume that we track any information you provide on a personally identifiable basis.
3. Purposes of processing
We will process your personal data for the purposes of:
We will only process your personal data where one of the following apply:
4. Third parties
In processing your personal data for any of these purposes, we may from time to time pass it to our partner companies. A full and up-to-date list can be found in Appendix one.
We will write to all third parties and ask them for a copy of their data protection policy. If we are not satisfied that they have sufficient safeguards in place for the protection of personal data, we will request a change in process or may switch provider.
5. Transfers of your personal data outside the EEA
IES is an international business and, from time to time, we may transfer your personal data outside the EEA as follows:
6. Retention of your personal data
We will retain your personal data only so long as we reasonably require in light of the purposes for which we are holding it and all relevant legal, commercial and operational considerations.
Where we hold your data for the performance of a contract, your data will be until the completion of the contact plus 2 years.
Where we hold your data with your consent, we will ask you to provide your consent again after 5 years.
If you choose to unsubscribe from receiving marketing emails from us your email address will be held on our email suppression list in order to prevent us from contacting you again via email. This is held under the Legal Obligation basis in order for us to comply with GDPR law.
We frequently review the ICO and PECR guidelines for data retention.
7. Subject Access Rights
You have a right (referred to as the data subject access request, “DSAR”) to access the personal data that we hold about you. If you would like to exercise that right, you must submit a request to email@example.com specifying the information that you want us to provide you.
We are obliged to respond to any such request within one month of receiving it (subject to limited exceptions).
We will inform you via email following receipt of your request and, if necessary, seek additional information from you about your request.
8. Accuracy of Information and Corrections
You have a right (referred to as the right to rectification) to have your personal data rectified if it is inaccurate or incomplete. If you become aware that any of the data that we hold about you is inaccurate, you can
Please do this as soon as practical. We are obliged to comply with requests within one month. This may be extended to 3 months where a rectification request is complex.
9. Storage of Data
Personal data will be stored in password protected software as a service CRM, event technology platform and email marketing platform, password protected documents within electronic folders or locked filing cabinets, which are only accessible to members of the marketing team. We do not hold any sensitive personal data.
You have a right (referred to as the right to erasure) to request the deletion or removal of your personal data where there is no compelling reason for its continued process. In these instances your data will be removed within one month apart from where we hold your email address on our mailing list, where your email address will then be held on email suppression list, which we must hold for legal reasons. You will be notified if any of your data must continue to be held for any legal reasons.
If you would like to exercise this right, you can:
11. Transferring your personal data
You have a right (referred to as the right to data portability) to obtain and reuse your personal data for your own purposes across different services. This right allow you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way.
If you would like to exercise this right, you must submit a request to firstname.lastname@example.org, specifying the information that you wish to be transferred.
We are obliged to comply with any such request within one month. This may be extended to 3 months where the rectification request is complex or multiple requests from the same data subject are received at the same time. We will notify you if an extension is necessary.
12. Restricting use of your personal data
You have a right (referred to the right to restrict processing) to block or suppress the processing of personal data in certain circumstances.
If you contest the accuracy of the personal data, processing may be restricted until the accuracy of the personal data has verified. This also applies where you contest that the processing is unlawful.
If you would like to exercise this right, you must submit a written request to email@example.com, specifying the information that you wish us to impose a processing restriction on.
13. Data Protection officer and Complaints Process
We have appointed a Data Protection Officer who has overall day-to-day responsibility for the processing of personal data.
If you have any questions at all about this privacy notice or would like more information about any of the issues covered in it, please contact firstname.lastname@example.org.
If you have a concern or complaint about the way we have handled your personal data you have the right to complain to the information commissioner via the helpline 0303 123 1113 or by visiting the following website.
A list of all third party companies that we share personal data with is listed below: