Data Research Compliance Ltd is a company registered in England under company registration number 3753971. ICO registration number – Z4925148. We manage and make decisions about personally identifiable information we hold, as well as conducting specific activities using data provided by other individuals/companies, on their behalf.
We follow the necessary trace rules and regulations set out by the Financial Conduct Authority (FCA) and the Data Protection and Information Commissioners Office (ICO). We are ISO 27001:2013 certified.
Data Research Compliance Ltd is the owner of the information collected online and for the purpose of GDPR the Data ‘Controller.’ Data Research will also be the data ‘Processor’ of their Clients data when required under their direct instruction.
We complete Verified Tracing for our clients on their behalf, along with performing other services related to these matters. This often involves receiving personal information from our clients so that we can effectively carry out our services. We also process data through our credit bureau agency suppliers, specifically Experian and Equifax to enable us to build a profile of our client’s customers. This may involve the transfer of personal data for that purpose, this will always be completed via a secure encrypted method.
Data Research Compliance Ltd is based in England and is subject to law applicable in England & Wales. In the case of data protection, the primary legislation in effect from 25th May 2018 is Regulation EU 216/679 (the General Data Protection Regulation), as well as the Data Protection Act 2018.
Data Research stores and uses information that could be used to identify a living person. The purpose of this storage and use will vary depending on the area of the business that it is related to, though mainly for the benefit of identifying our clients customers whereabouts. Where consent is required or used as the basis for storage and use of personal information, this will be clearly communicated, and the person providing their consent has the right to withdraw it at any time.
We may store information relating to employees and contractors so that we have adequate records to be able to contact, manage and pay them, and meet our legal obligations as an employer. This information may be sent to another company working on our behalf, where the relationship is defined by a contract, and they are not permitted to use the information in any way we have not explicitly asked them to. Only certain authorised personnel within the company have access to this information.
We collect data concerning health relating to employees, so we can make any necessary adjustments for their benefit and so that we may pass relevant information on to emergency services and healthcare professionals in the event of an illness or accident at work in order to protect their vital interests.
We conduct direct marketing activities in order to obtain new and repeat business, and sometimes this requires that we store and use names and business contact details of specific people whom we know or believe to be the most appropriate recipient of our marketing communications. Since we obtain published or offered contact details for people in their business role and take steps to ensure that we and our suppliers are compliant with legal requirements such as the provision of a means of opting out of further marketing communications. This can be done by sending an email email@example.com or writing to the above address. We believe recipients’ privacy rights are balanced with our business interests.
From time to time we may store names and business contact details of individual people working for our suppliers’ business. This is necessary to ensure we can contact the relevant people and maintain a relationship to the benefit of both our and their business.
In order to deliver services to our clients, we also collect, store and use personally identifiable information including names, addresses, telephone numbers, email addresses and demographic information, as far as it is necessary for the provision of that service.
Sources of Personal Information
Information about individuals may originate from different sources, including being collected from the person themselves. We agree to disclose the source of any data we hold about a person upon their request, as long as there is no overriding legal requirement not to do so. Such requests should be directed to the Data Protection Officer at the above address or via email
The Right to Data Subjects Requests
People whose information we hold are called “data subjects”. Anyone wishing to make a request under their legal rights should contact our Data Protection Officer in the first instance via email. We will reply within the 30 days’ time limitations.
Where we are storing or using someone’s personal information because it has been provided to us by another company to use on their behalf, we will work with the other company to ensure data subjects’ rights are upheld. Where the data subject contacts us to make a request, we will help them to contact the relevant company who can deal with that request.
Anyone has the right to object to the use of their personal information for the purpose of direct marketing at any time, we will always respect such a decision, provided that it is communicated clearly and that we can verify the identity of the person making the request. This can be as simple as making the request from the same email address or telephone number that we associate with the person. We do not use data subject requests to collect further information about a person, and any additional contact details obtained in the course of such discussions are used only in connection with that request, so that we can maintain clear and informative communication with the person and ensure their needs and expectations are met.
If a data subject is unhappy with the way Data Research have collected, stored or used their personal information, or the way we have dealt with their request, we acknowledge that they have the right to lodge a complaint with the Information Commissioner’s Office in the United Kingdom. All necessary contact details will be provided upon request.
Data Storage and Security
All our companies’ data, clients data and their customers data is securely stored by Data Research Compliance Ltd in accordance with our ISO27001:2013 accreditation. All data is secured by encryption for storage and transport. We use Monitored Fire walls, Malware protection, backups and auditing for data integrity on a regular basis. It is our policy that data stored electronically is to be protected from unauthorised access, accidental deletion and malicious hacking attempts.
Data Breach reporting
In adherence to GDPR we will report certain types of personal data breach to the relevant supervisory authority. This will be completed within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform those individuals without undue delay. If acting on the behalf of a client, they will be informed within the above timescale if this effects their data directly.
We operate robust breach detection, investigation, and internal reporting procedures. This facilitates decision-making about whether to notify the relevant supervisory authority and the affected individuals.
A record of an incident of personal data breach will be kept by the company.
Data Research does not store personal information for any longer than is necessary for its defined purpose. Wherever an individual has expressed that they no longer wish to have information we hold about them used for the purpose under which we hold it, we may need to continue storing certain identifiers to ensure that person’s information does not re-enter our systems at a later date. This data is stored apart from data that is in current use, is clearly labelled and access to it is restricted.
Data we hold on behalf of our clients will be held for as long as is needed to complete the delivery of the service we have agreed to provide.
When data is no longer to be retained, its removal, deletion or erasure will be performed according to processes suitable for the medium, for example the secure shredding of paper documents, deletion from internal systems, or overwriting (wiping) of hard disks.
You can telephone our DPR directly on 01293 433444 or send an email to firstname.lastname@example.org
If you would prefer to write to us, our office address is: Data Research Compliance Ltd 13C Borers Yard, Borers Arms Road, Copthorne, West Sussex, RH10 3LH.
We always want to hear from our clients.
- Have any questions or feedback about this notice
- Would like us to stop using your information
- Want to exercise any of your rights as set out above; or
- Have a complaint
Please don’t hesitate to contact our team.
Policy last updated – 01/10/19