1.0 Policy Statement

Innvotek is committed to the highest professional standards.  Data we collect is relevant and necessary for us to deliver the best possible service. We recognise the need to treat all personal data in an appropriate and lawful manner, in accordance with the Data Protection Act 2018 and the General Data Protection Regulation, collectively referred to as the ‘Data Protection Requirements (GDPR).

This Policy sets out our data protection responsibilities and obligations.  Any questions about this Policy or data protection concerns should be referred to our Data Protection Officer (DPO).  The DPO is currently Hassam Miabhoy hassam.miabhoy@innvotek.com

2.0 Collection of Personal Information

Information we may collect about you will be specific to the need, for example this could include the job applicant’s name, address, email, contact number.   Information processed and stored will be for legitimate interest only.

Enquiries through our website will collect your name, email and company details.  Our Contact Page provides consent to receive future information about our services.  There is also an option to ‘opt out’ in future via our Contact Page.

Personal data we hold will be accurate and kept up to date.  We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.

We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

2.1 Cookies – Website

Our website uses Cookies.  This logs access to the site, storing your I.P. address and basic browser information, as well as pages visited in addition to analytics about the use of our site.

2.2 How this Information is Used

Information we collect is used to ensure that we provide you with the most appropriate service and to keep you informed of services or information relevant to you.

Where relevant, we will also use contact details to inform you of relevant information as appropriate.

3.0 Storage, Processing and Retention of Information

Personal details (name, address, phone contact, email address), are held securely electronically.

3.1 Data Retention Period

Retention of data is in line with regulatory requirements, detailed within our Retention Policy, available upon request from the DPO.

3.2 How & When we Share Personal Information

We do not share personal data with third parties, unless required by law to disclose such information.  If information is shared, this is done so electronically to the specific individual highlighting confidentiality.

4.0 Your Rights

Innvotek is committed to protecting your Right to Privacy.  These rights include:

• Right to be informed about what we do with your personal data
• Right to have a copy of all the personal information we process about you
• Right to rectification of any inaccurate data we process
• Right to be forgotten and personal data destroyed
• Right to restrict the processing of your personal data
• Right to object to the processing we carry out based on our legitimate interest

4.1 Information Commissioner’s Office

Matters of concern about the processing of personal information can be raised with our DPO.  If any review conducted by us is not to your satisfaction, you can raise your complaint with the Information Commissioners Office (ICO). www.ico.org.uk  Telephone: 0303 123 1113

5.0 Data Breach

If there is a personal data breach, Innvotek will report this immediately, truthfully and in full.

The DPO is responsible for handling data breaches and will evaluate what the breach is, how it occurred and the associated risk to data subjects.

If there is a risk to data subjects, the breach will be reported to the Information Commissioners Office within 72 hours.  Where the risk to data subjects is high, the breach must be reported to them individually where possible.

The DPO will inform the ICO how the breach occurred, what steps are being taken to reduce the risk and how a similar breach is to be avoided in future.  The DPO reserves the right to obtain legal advice before submitting the initial and any subsequent reports.

Investigation and corrective action will be undertaken, to reduce the risks to data subjects arising from any breach, and to prevent similar recurrence.  Where a breach of a computer system is suspected, the DPO may engage the support of IT support, to better understand the nature of the breach.

The theft of data, whether as a result of shortcomings in the physical security arrangements on the premises, or the hacking and penetration of computer systems, or theft by a member of staff, will be reported immediately to the police.  The breach, investigation and corrective actions will be documented and filed as appropriate by the DPO and in line with our best company practice.

All personal data breaches, however minor, and whether reportable or not, will be recorded and held by the DPO.

6.0 Security

Our security measures regarding personal data are in line with security requirements of the General Data Protection Regulation, also the rights to privacy of data subjects are protected.

6.1 Security Measures

Innvotek have implemented appropriate physical, organisational and technical measures to ensure a level of security appropriate to the risk:

• Hard copy material containing personal data is stored securely and locked in filing cabinets in the office at night.
• Electronic data is encrypted with restricted access.
• Email addresses will not be shared unless specific to requirement of all concerned parties.
• Shredding of confidential information is carried out securely.
• We will not disclose personal data unless lawfully entitled to such information.
• Mobile equipment such as laptops will be encrypted and locked away when not in use.
• Data stored on any redundant electronic equipment will be disposed of securely.
• Anti-virus and anti-spyware tools will be installed on computers with regular scans performed.
• All computers will be password protected.

7.0 Policy Changes

We reserve the right to change this Policy at any time.