Last Updated: 19/09/22
1. Who are we?
Company Name: Principle Defence Ltd
Registered Address: 69 Knowl Piece, Wilbury Way, Hitchin, SG4 0TY
Phone: 01707 330986
2. What information do we collect?
We currently collect the following personal information:
When you email us: we may collect your email address, full name, contact details and IP address.
Providing services: we may collect your email address, full name, contact details, financial information, role, and other personal and technical information you may provide us.
Training Courses: we may collect your full name, contact details, email address, financial information, company, and your role.
Using our Website, including:
Leaving Comments: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Media Uploads: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Employment (including applications): if you apply for an open position we will collect your email, phone number, full name, the names and contact details of any provided references, employment history. If you are successful then we will also need to collect your Date of Birth (DoB), identity documentation (i.e., passport information to confirm right to work and to conduct background checks), your financial information and details of your Next of Kin.
3. How do we collect your personal data
We collect personal data through the following activities:
a. Email – when you contact us we will collect personal data associated with the email and its contents
b. Shows and Events – if you visit us at a stand/event or interact with us at a networking event we collect personal data you provide us in relation to our services and training courses.
c. Performance of a Contract – if we have entered into a contract either for our consulting or training services we collect personal data you provide as part of that contract.
d. Open Sources – where information is made public, we may collect that data for business and marketing purposes.
e. Website – information may be collected through your interaction with the site, comments you make, and through our contact us form.
f. Social Media – if you like and follow us on Social Media or comment on any of our posts we may collect personal data about you.
4. Why do we collect your personal data?
We collect your personal information for the purposes of advertising/marketing our services and training courses. To facilitate the delivery of those services and courses and to provide you with updates that you may find important or interesting.
5. Who do we share your personal data with?
Government Departments: if we have a legal obligation (i.e., to ensure you pay the appropriate amount of Tax) then we will share your data with the appropriate Government Department.
WordPress: if you request a password reset, your IP address will be included in the reset email.
Third-Parties: we may share your information with other individuals or organisations we have contracted with to provide our services and training courses (i.e., when you purchase an IAPP training course we need to provide your personal information so that they can activate your membership and provision your account and exam voucher).
We will never sell your personal data for commercial gain. If we partner or merge with another organisation or sell the company we will let you know.
6. What legal bases do we have?
a. Consent – this is when you’ve given clear and informed consent for us to process your personal data.
b. Contact – where we need to process personal data for entering into or performance of a contract (i.e., when you purchase a course or service from us).
c. Legal Obligation – where we have a legal obligation to process your personal data (i.e., for tax purposes).
d. Legitimate Interest – where we have identified a legitimate business need to process your personal data.
7. How do we store your personal data?
Your data is stored electronically on our software and systems. We ensure that the data is encrypted at rest and in transit for your protection. Data is stored in the UK/EEA mainly, however, it may be stored overseas if needed. When this is the case, we ensure that the country of residence either has an Adequacy decision, or an appropriate safeguard to ensure the protection of your personal data and your rights.
8. How long do we retain your personal data
We retain your data personal data in accordance with our Data Retention Schedule which details the statutory retention timelines that we must meet. Data that is not subject to regulatory retention timelines is held only as long as is necessary for us to meet our aims and objectives in terms of training course and service delivery or for the purposes of associated activities.
Data on our website:
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
9. How do we destroy your personal data?
All personal data held by Principle Defence is stored electronically (we do not hold paper records). When we destroy data the record is deleted from the device/system/storage solution. When we decommission a device it is securely wiped and the data is destroyed beyond recovery.
10. What are my data protection rights?
Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Under data protection regulations, you have the following rights:
b. Right of Access – you have the right to ask us for copies of your personal information.
c. Right to Rectification – you have the right to ask us to rectify any inaccurate, or complete any incomplete data we hold about you.
d. Right to Erasure – you have the right to ask us to erase your personal information, in certain circumstances.
e. Right to Restrict Processing – you have the right, in certain circumstances, to ask us to restrict our processing of your personal information.
f. Right to Object to Processing – you have the right, in certain circumstances, to object to the processing of your personal information.
g. Right to Data Portability – you have the right, in certain circumstances, to ask that we transfer your personal information to you or another organisation.
h. Rights in Relation to Automated Decision Making and Profiling – you have the right not to be subject automated decision making and profiling, unless:
- It is necessary for entering into or performance of a contract between us and yourself.
- It is authorised by law (for example, for the purposes of fraud or tax evasion); or
- Based on your explicit consent.
11. How do I enact my data protection rights?
To enact any of your rights, we ask that you please contact us on the details at the top of this Privacy Notice.
However, you may enact your rights through any contact method you deem appropriate (i.e., via phone, web request, etc).
12. What happens when I enact my data protection rights?
a. How long will it take?
We must respond, without undue delay, and within one month; we work on a 28-day period. However, we may need to extend the response time by up to two months if the request is complex or you have submitted multiple requests. We will respond within the first month to confirm if we need to extend and we will explain why.
- We may need to verify your identity, either directly or through a third party you engage. We need to be reasonably sure of your identity before we take actions on your data. The response time counts down from when we have validated your identity; in most cases this will be reasonably straight forward.
- We will typically send responses to you via encrypted email. If you ask us to send it to you in another format (i.e., in the mail) we will send it to you via a reputable courier via tracked delivery.
c. Will I be charged?
In most circumstances we will not charge you, however, we have the right to charge an admin fee if your request is deemed to be manifestly unfounded or excessive, or you have requested further copies of your data following an initial request.
13. How do I make a complaint?
If you have a complaint about how we have handled your personal data or in response to your data protection rights, we ask that you contact us using the contact details within this document.
However, you have the right to complain directly to the Information Commissioner’s Office (ICO), you can do so using these details:
Information Commissioner’s Office
0303 123 1113
We may update this Privacy Notice, the most up to date version will always be published on the website.