Our GDPR pledge
The new General Data Protection Regulation (GDPR) came into effect on 25th May 2018 and is the biggest change in data protection laws in 20 years. The legislation is intended to put the data subject (you and I) in control of their data and give you greater visibility and control over how your data is accessed and by whom.
aql takes its responsibilities towards data protection extremely seriously and sees the GDPR as a positive step forward in the fight against online cyber crime.
Our pledge to you, the consumer, is that we will always strive to protect your rights as the data owner and put measures in place to protect the data you entrust us with.
So, what have we done?
Our people are our greatest asset, and they help us ensure data is protected in a variety of ways. But it all starts with training and awareness. Therefore, we ensure all our staff understand the importance of good security, within their roles and actions they need to take should they have any security concerns.
We have invested heavily in physical security controls, so that we know what records we hold, where they are held and who has access to them. By conducting ‘data audits’, we know where our records are and have put in place significant physical controls to protect them. These controls are sometimes very visible (e.g. security officers, gates, alarms) and other times less so.
We have analysed our processes against the backdrop of the GDPR to ensure we are only processing data we have a legal reason to do so. This means understanding where data comes from, why we need it and how it is managed, and helps us put in place protective measures to keep this information safe. These measures are sometimes technical, and sometimes operational, but our overriding concern is always to ensure data is protected.
Of course, aql relies heavily on its systems and understands the importance of confidentiality and integrity, in relation to the technical infrastructure we use to support your business. This is why we have invested in achieving the quality standard for Information Security, ISO 27001:2013 and Cyber Essentials. These two standards are externally assessed, so that we can offer you greater assurances that your data is in safe hands.
We will continue to invest in technical and organisational measures to protect the data you have shared with us. This is because we know that the protection of data has never been more important, and, in fact, we believe GDPR simply means Giving Data Proper Respect. Something which we have always done, and we commit to continuing into the future.
Please note that our website and other digital platforms may contain links to third-party websites/digital platforms which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms. We recommend you check the privacy and security policies and procedures of each and every other website/digital platform you visit.
You also have the right to complain to the Supervisory Authority (The Information Commissioner’s Office at www.ico.org.uk) about our data processing activities.
What information do we collect?
When using the site, you will encounter areas such as contact, registration and newsletter sign-up forms. In order to use these services, you may be asked to enter personal data including (but not limited to) your name, address, email address and telephone number.
How we use the information you provide
We may also create an individual profile for you so that we can inform you of services, products, events or special information that may be of interest to you. We may use your personal data to analyse customer/user behaviour and characteristics in order to measure interest in, and use of, the various areas of the site with a view to improving and/or altering the site. We may provide only aggregated (and therefore anonymous) data to third parties for this purpose (if applicable). In order to assist us in processing your personal data, we may engage with third-party companies who provide us with services that can assist us in doing so. Where your data is processed in this manner, you will see additional data protection notices accordingly.
Categories of personal data include: Name, Organisation, Email, Contact Number and details of your enquiry.
Who we share your information with
For the purpose of providing our services to you we may share your personally identifiable information with:
- Organisations which provide a service to us or act on our behalf, on the understanding that they will keep the information confidential, for example, our IT providers, accountants and other technical experts. If they are located in another country (which may be outside the European Economic Area) we will make sure that they agree to apply the same levels of protection that we are required to apply to information held in the UK and to use your information only for the purpose of providing the service to us.
- Any third party to whom we have a duty to do so in order to satisfy any legal or regulatory requirements, such as the Solicitors’ Regulatory Authority, the Legal Ombudsman, HMRC and HM Courts and Tribunal Service.
When you provide personally identifiable information to us, we use it solely for the purposes for which it was provided, in accordance with this notice. Our policy is not to share personally identifiable information with third parties, unless required by law, as required to perform our obligations to you or as necessary as described.
The personal information you provide to us will be retained only for as long as necessary to fulfil the purposes for which the information was collected or as required by law.
Under the General Data Protection Regulations, you have a number of ‘rights’, to ensure that your personal information is being managed appropriately. For example, you have the right to prevent marketing information being sent direct to you. If you prefer not to receive marketing information from us (or any other organisation to which we may disclose your personal data), you can opt out of further marketing by writing to us by mail or email (see below contact details).
Specifically, you have the right:
- To be informed (how we use your information)
- Of access (to your information)
- To rectification (of any errors on information we hold on you)
- To erasure (of information we hold)
- To restrict processing (of the information we hold to a specific purpose)
- To object (to the ongoing processing of information)
- To be aware of any processing where automated decision-making and profiling (using your information) takes place
As stated above, you have the right to object to your data being used for Direct Marketing purposes, and you can be removed from our marketing database at any time by clicking ‘unsubscribe’ at the bottom of our e-bulletins. Please note, however, that if you do opt out we (and/or they) will be unable to keep you informed of new services, products, events or special information that may interest you.
How long we hold this information
Once you have provided this information to us, we will look to make contact with you and your information will be retained indefinitely, until such time that you wish to ‘unsubscribe’ or request for your information to be erased.
At aql, we take information security extremely seriously and have invested in both technical and physical security controls. We are certified to the international standards on information security, ISO27001:2013 and Cyber Essentials. Whist we will ensure that appropriate technical and organisational security measures are put in place to protect the personal data you provide, you should remember that concerns still exist in relation to the general security of the internet. By using this site, you accept that we cannot be held responsible in the event of a breach of security unless this is due to our negligence or wilful neglect.
Where to make a complaint
Information Commissioner's Office
You can also contact the Information Commissioner’s Office using their online form: https://ico.org.uk/global/contact-us/email/