The IFA PA Privacy Statement
This privacy notice explains how The IFA PA will use any personal information we collect about you.
The IFA PA is registered with the Information Commissioners Office, registration number Z2706869 Nikki Coverdale is the Data Controller for all information collected.
Our core business is providing out-sourced Virtual Assistant Services and we therefore act as a Data Processor for the work we are requested to do. This Privacy Statement is therefore separated into two parts to describe how we collect, store and process:
1. Information that we collect as a Data Controller
2. Information that we receive from clients in our role as Data Processors.
1. DATA CONTROLLER
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
The IFA PA will collect information about you when you engage our Virtual Assistant Services. This information will relate to you and your business. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services.
We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice to meet our legal, statutory and contractual obligations.
The personal and confidential data that we may collect from you is: -
- Business Address
- Business Email
- Business Telephone Number
- Mobile Telephone Number
- Bank, credit or debit card details
We collect information in the below ways: -
- Telephone Enquiries
- Email Enquiries
- Face to Face meetings
- Website enquiries
WHY DO WE NEED TO COLLECT AND USE YOUR PERSONAL DATA?
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively.
Where special category data is required we’ll obtain your explicit consent in order to collect and process this information.
HOW WILL WE USE THE INFORMATION ABOUT YOU?
We take your privacy very seriously and will never share your data without your consent. We will never sell your data. We only retain your data for the purposes of:
- Carrying out our business with you as detailed in our Contract of Services and subsequent requests from you for us to complete tasks on your behalf
- Occasional email marketing highlighting services, offers or information that may be of interest to you.
You have the right to:
- Access any personal information that we retain about you. If you believe that any of this is incomplete or inaccurate, you have the right to ask us to correct and/or complete the information and we will update it as quickly as possible.
- Request erasure of your personal data
- Opt-out of any direct marketing from us
- If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
SHARING AND DISCLOSING YOUR PERSONAL INFORMATION
We do not share or disclose any of your personal information without your consent.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. The security measures in place include:
- Paper-based records are retained in a locked fire proof cabinet within The IFA PA office.
- Personal electronic records are stored within a password protected document held in Dropbox. Dropbox has a 2-step authentication process to access the files. This can be accessed from The IFA PA’s Mac desktop, laptop and mobile phone, all of which are encrypted, password or PIN protected. A full list of our devices and the relevant security measures in place are available on request.
CONSEQUENCES OF NOT PROVIDING YOUR DATA
You are not obligated to provide your personal information to The IFA PA, however we may not be able to fulfil our contractual obligations to you if this data is not provided.
HOW LONG WE KEEP YOUR DATA
Your personal data will not be held for longer than is required under the terms of our contract of services with you. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary.
All contact details are reviewed on a six-monthly basis and any inactive clients or contacts will be deleted from our system after 12 months from the end of service. All personal passwords will be deleted from our system within 1 month from the end of service.
You have the right to request deletion of your personal data. We’ll comply with this request within one month of your request being received.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
2. DATA PROCESSOR
In our role as a data processor for our clients, we recognise that we may be handling large amounts of Special Categories Data for certain sectors.
These will always be handled in-line within the clients’ data processing and confidentiality policies and it is the responsibility of the client as Data Controller to ensure that their systems and means of communicating this information is secure for the purposes of General Data Protection Regulations.
That being said, we recognise that there is a need to ensure the highest possible levels of security and confidentiality within The IFA PA and we handle this Special Categories Data accordingly.
DATA THAT WE RECEIVE AS DATA PROCESSORS
The IFA PA receive a wide range of personal information from third parties. This personal information has been collected by our clients from their clients with their consent and forwarded to us to complete administrative tasks within our contractual obligations.
The third party personal and confidential data that we may receive includes:
- Personal and Business addresses
- Personal and business emails
- Personal and business telephone numbers
- Mobile telephone numbers
- Bank debit and credit card details
- Bank log in details
- Information about family
- Health information
- Detailed financial information
This information is provided to us by our clients and is usually accessed via their own CRM systems or via protected emails. On some occasions the information is provided by telephone.
HOW WE PROCESS THIS DATA (LEGAL BASIS FOR PROCESSING)
The data is processed in-line with the work requested by our clients. This may involve:
- Updating personal records in secure CRM systems
- Contacting the individuals either by email or telephone
- Completing on-line application forms (for example mortgage applications or health insurance)
- Booking travel and accommodation online using the clients credit or debit card details.
Wherever possible we access all this information via the safe methods provided by our clients. We recognise however that there are times when we need to download the information provided either to read it or to upload forms to online systems.
We recognise that this is a particular risk to security and have put additional safeguards in place to reduce the risk of security breaches for this Special Categories Data. This includes:
• Ensuring that the information is deleted from computer downloads and the computer bin on a daily basis
• Not downloading the information onto mobile devices
• Shredding any personal information given over the telephone as soon as it has been used
• Not printing off any of the information
• Ensuring that any hard drives will be fully cleared before disposal and having certificates to prove this.
SUBJECT ACCESS REQUESTS
As a third party data processor we will work with our clients to comply with any requests by their clients to:
• Access and update the information held
• Erase personal data
• Opt-out of any direct marketing
It is the responsibility of the Data Processor to verify the identity of clients exercising these rights.
SHARING AND DISCLOSING PERSONAL INFORMATION
We will never share or disclose any of the third-party details with anyone other than those relevant to carry out the business. Any requests to share information must always be authorised by the Data Processor.
See section under Data Controller and How We Process This Data (Legal Basis for Processing)
Third-party information will only be kept by The IFA PA as long as it is necessary to carry out a piece of business. It is the responsibility of the Data Processor to store the information within their legal requirements. The IFA PA would recommend that only the relevant data is shared with us and only for as long as access is required to complete the contractual tasks.
WHAT CAN YOU DO IF YOU ARE UNHAPPY WITH HOW YOUR PERSONAL DATA IS PROCESSED?
You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:
Information Commissioners Office
0303 123 1113 (local rate)
HOW TO CONTACT US
Please contact Nikki Coverdale if you have any questions about our privacy statement or information we hold about you:
- By email at firstname.lastname@example.org
- By phone on 07790 005865
- In writing to 16 Coppice Close, Haxby, York, YO32 3RR