SYSC326 may acquire sensitive information concerning your business or affairs in the course of delivering Services. We maintain strict controls over access to information and comply with obligations imposed by The Data Protection Act (DPA) 2018, as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (providing alignment with requirements of the EU General Data Protection Regulation ('GDPR')).
General
This policy relates to personal data provided to SYSC326:
Enquiries
For all data protection enquiries, including Subject Access Request ('SAR'), please contact our Data Protection Officer ('DPO'):
What is personal data?
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What does processing mean?
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Confidentiality
SYSC326 takes privacy seriously and is committed to protecting your data:
Where we store personal data
Information is stored securely and usually on encrypted media:
Personal data you provide
This relates to information about you (provided voluntarily), such as, via:
Personal data received from other sources
We might receive personal data from a third party or open source:
Others who might receive or access personal data
We might disclose personal data to a third party, agent, or sub-contractor, where relevant and reasonable:
Retention period of personal data before disposal
The following is a general guide. Details applicable to a particular client engagement may differ:
Accessing your personal information
Data protection law entitles you to ask to see a copy of the personal data that we hold about you, via a Subject Access Request ('SAR') - See above link
Who can submit a SAR
To ensure we only disclose details of data held to the Data Subject (or appointed representatve), applications must be accompanied by proof of identity and address.