DRB Privacy Policy

Privacy Notice

This Privacy Notice is issued, whether you are a client or supplier, or other individual about whom we control data, to provide you with information about what data we hold and process and what we do with that data. As a data subject, you have the right to be informed about how we process the data we collect from/about you. As a data controller, we are obliged to process data in a way which is fair and transparent.

This Privacy Notice explains clearly how we collect, process, store and share your data in line with our legal obligations under the UK GDPR and EU GDPR (referred to in this notice collectively a GDPR). If you have any questions about this notice, or the way in which we process your data, please do not hesitate to contact us using the details in the ‘How To Contact Us’ section.

Overview Of This Privacy Notice

Section	What It Tells You
Your Right To Be Informed	Our obligations to you in respect of the fair and transparent processing of your data.
Who We Are	Our details as the Data Controller.
How To Contact Us	Our full contact details.
Data We Hold	Explains what types of personal data we collect from you.
Special Category Data (SCD)	SCD is treated differently to personal data under GDPR, this section explains what SCD is and how we process it.
What We Do With Your Data	We may process your data in different ways, this section explains how we will use the data you provide.
Lawful Basis For Processing	Under the GDPR, we are required to have a lawful basis for processing your data. We may have more than one lawful basis so this section explains which bases may be used.
Marketing	This section contains information about how we will market to you and our lawful basis for doing so.
Sharing Your Information	It may be necessary for us to share your personal information, for us to provide our services to you. This section explains if we share your data, and who with.
Transfer of Personal Data Outside the UK	It may be necessary to transfer your personal data outside the UK. This section explains what happens when this is the case.
How Long We Retain Data	The retention period for the data we hold will depend on the type of data and how it has been processed. In all cases, we will not retain data for longer than is necessary. This section outlines our retention periods.
Your Data Protection Rights	The GDPR enshrines the rights of the data subject into law. This section outlines what rights you have as a data subject.
How To Make A Complaint	If you are unhappy with the way in which we process your data, please refer to this section as it outlines how you can make a complaint.
Cookies	Our website uses cookies. This means that certain data is collected by us, about you, when you visit our website. This section provides you with more information on cookies and the data collected.

Your Right To Be Informed

The UK GDPR requires that we inform you about how we use the data we collect from/about you. We aim to process your data in a way which is lawful, fair and transparent.

Under Article 14 of UK GDPR, we must advise you where we have obtained your data from a third party. Before obtaining your data, we will take all reasonable steps to ensure that the party providing your data to us, has a lawful basis for doing so. Details of the third party who provide us with your data are available on request. Should you have any queries in respect of their data protection practices, you should contact them directly.

This Privacy Notice is designed to help you understand how we use information about you that we obtain via a third party, in addition to information that you provide us with directly.

If you have any questions, queries or require any further information, please do not hesitate to get in touch with us. Our full contact details are below.

Who We Are

DRB Compliance Limited Ltd (including the trading names of DRB Protect and DRBISO) (referred to hereafter as We or Us). For the purposes of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018, we are data controllers.

DRB Compliance Limited is registered in England No 12518851. We are registered with the Information Commissioner’s Office Number ZA746475

How To Contact Us

The Studio
65 Colchester Road
Halstead
Essex
CO9 2EN

E – rhian@drbcompliance.com
T – 01787 476929
W – www.drbcompliance.com

Data We Hold

We collect personal data. Personal data is any information that may identify a living individual.

Our Clients

We collect personal information depending on the nature of the consultancy services we are providing to you. This will include:

Name
Address
E-Mail Address
Telephone Number

The types of data we process will vary between our clients and may include detailed data about our clients’ businesses, including personal data about directors, partners, Appointed Representatives and personnel within Data Processors they have engaged, in addition to other third parties who interact with us. We may record full names, contact details, and associated personal data.

The data may include information that is supplied to the UK government and/or regulatory authorities such as the Information Commissioner’s Office and Financial Conduct Authority, in relation to the authorisation and on-going supervision of our clients’ businesses. This is likely to include the education, employment, financial and social background of their senior staff.

The provision of our consultancy services may necessitate us processing some personal data in respect of customers and/or employees of our clients.

We may obtain personal data directly from the individuals concerned, from our clients, potential clients, from third parties involved in matters we act on for our clients, and from other third parties (which may include publicly available information).

If a client is sharing personal information about an employee or one of their clients, it is their responsibility to make the individual aware of this beforehand.

On occasion, we may be required to process data relating to customers of our clients or other individuals with whom our clients interact, when conducting audits or file reviews for example. In these circumstances, when it is necessary for us to do so, this Privacy Notice will apply to the individuals concerned.

Our Employees

We will collect:

Name
Address
E-Mail Address
Telephone Number
Bank Details
References
Evidence of Qualifications
NI and UTR Number
Evidence of Right To Work In the UK

We may also collect information about next of kin in case of an emergency during your employment. This information will be limited to a name and contact telephone number. It is your responsibility to inform your next of kin that you are sharing their data with us, prior to you providing their information. Next of kin data will be destroyed upon termination of your employment with us.

Such information will only be processed when strictly necessary for the provision of an employment contract. We will inform you when we intend to process any special category data.

Our Suppliers

We will collect in the process of making orders and engaging our services, in order that we may operate our business.

This data includes:

Name
Address
E-Mail Address
Telephone Number
Bank Details

Special Category Data

Special category data includes information about criminal convictions, race or ethnic origin, political or religious beliefs, health, genetic or biometric data, sex life and sexual orientation, trade union membership and philosophical beliefs of an individual.

We do not routinely collect special category data. However, there may be occasion, when working on behalf of a client, that such processing may be necessary, in particular relating to :

Medical Conditions
Criminal Convictions

When processing special category data, we will do so with the utmost care and process the data in strict accordance with the legal requirements.

Where necessary, the express consent of the data subject will be obtained permitting us to process such data.

What We Do With Your Data

All the data we hold will be processed for the purposes of providing our compliance services to our clients.

In addition, this data may be used for our own general business purposes to facilitate:

Administration of our clients’ accounts
Credit checks, invoicing, credit control and debt collection
Advertising and marketing (where necessary your consent to receive marketing will be obtained)
Management information necessary to assess how we are performing as a business and client satisfaction with our services
Anti-money laundering, fraud prevention, anti-bribery and for the detection and prevention of financial crime
Health and safety requirements to ensure the safety and security of our people and premises
Disclosure of information to our own professional and legal advisors
Data collection in respect of traffic on and activity on our website

Lawful Basis For Processing

It is a requirement of the General Data Protection Regulations that data is processed only when there is a lawful basis for doing so.

DRB Compliance Limited’s legal basis for processing data will include one or more of the following:

the processing of data is necessary for the performance of a contract to which you are a party or when taking steps in order to enter into a contract at your request
processing is necessary for our compliance with our legal obligations
processing is necessary for the purposes of pursuing our legitimate interest (including carrying out our business of providing compliance consultancy services to clients and prospective clients and pursuing our general business interest)
the processing is necessary for the establishment, exercise or defence of legal claims

Additionally, in some circumstances we may process personal data on the basis that an individual has provided their express consent, for example, for marketing to an individual by email or SMS or for the processing of special category data.

Please note that consent provided by an individual may be withdrawn by that individual at any time by contacting us using the contact details above.

Marketing

We may wish to send marketing materials to you on the basis of our legitimate interests or, where necessary, having obtained the consent of the individual concerned, provided it is permissible for us to do so by law. It is the right of individuals to opt-out of or unsubscribe from any marketing material. Full details of how this can be done will be included within each marketing communication. You may also opt-out by contacting us at the above address.

Where we advertise via Facebook, we use a Facebook Pixel on our website. The Facebook Pixel is a piece of code on our website that lets us measure, optimise and build audience information to help with future campaigns. It acts as an analytics tool that allows us to measure the effectiveness of our advertising and understand the actions people have taken on the website. This data will not be used to contact people directly for marketing purposes.

Sharing Your Information

In order to provide our services to you and comply with our legal obligations, it may be necessary for us to share the personal data we hold, insofar as we are obliged or allowed by law to do so, with third parties including the following:

financial organisations, debt collection, credit reference and tracing agencies
suppliers and service providers used by us in order to deliver our services to you. This may include, including document storage facilities, IT service providers such as cloud providers of software, data room providers and providers of our IT servers
our own legal and other professional advisors
government agencies, regulators, the police/law enforcement agencies and other authorities (including the Information Commissioner and Financial Services Ombudsman, HMRC)

With your consent, we may also share your personal data with anyone you have authorised to deal with us on your behalf.

Transfer of personal data outside the UK

We do not routinely transfer personal data outside of the EU or EEA. We primarily use cloud-based Microsoft 365 based programs with UK based data centres. Occasionally, data we collect may be transferred to, and stored at, a country outside of the European Economic Area (EEA). This means it might also be processed by staff operating outside of the EEA who work for one of our suppliers.

Where information is provided to a Third Party, either in or outside the EEA, we will ensure that it and any of its agents and/or suppliers take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Fair Processing Notice.

How Long We Retain Data

In line with the requirements of GDPR we will retain any personal data we hold for no longer than is necessary for the purpose for which it was provided unless we are required by law, unless we have another legitimate reasons to keep it for longer (for example if necessary for any legal proceedings).

The data retention period will depend on the nature of the data and the relationship with the individual involved.

In general, this will mean that data will be retained during the business relationship between Us and our client and for a period of up to two years once the relationship ceases.

We will keep employee data for a period of six years after termination of employment. Details of next of kin will be destroyed immediately you cease to work for our organisation.

How Long We Retain Data

The data retention period will depend on the nature of the data and the relationship with the individual involved.

In general, this will mean that data will be retained during the business relationship between Us and our client and for a period of up to two years once the relationship ceases.

We will keep employee data for a period of six years after termination of employment. Details of next of kin will be destroyed immediately you cease to work for our organisation.

How Long We Retain Data

The data retention period will depend on the nature of the data and the relationship with the individual involved.

In general, this will mean that data will be retained during the business relationship between Us and our client and for a period of up to two years once the relationship ceases.

We will keep employee data for a period of six years after termination of employment. Details of next of kin will be destroyed immediately you cease to work for our organisation.

Your Data Protection Rights

The data protection regulations and UK law seeks to protect your rights as follows:

The right to be Individuals have the right to be told what personal data is collected about them, why, who is collecting the data, how long it will be held, how they can file a complaint and with whom your data will be shared.
The right of Individuals have the right to access the personal information and organisation holds about them. To request a copy of this information you must make a subject access request by contacting us using the contact details above.
The right of rectification. Individuals may ask an organisation to correct any inaccurate or incomplete data within one
The right to Individuals have the right to have your personal data erased and to prevent processing except where we have a legal obligation to process your personal information. You should bear in mind that by exercising this right you may hinder or prevent our ability to provide products and services.
Right to restrict processing. Individuals can request that an organisation limits the way it uses their personal data. This means that an organisation is not obligated to delete the data, but they have to refrain from processing it.
The right to data portability. On your request, we will provide you with your personal data in a structured
The right to Allows individuals to object to the processing of personal data at any time, in certain situations and will depend on the purpose of processing and the lawful basis for processing.
Rights in relation to automated decision making and profiling. You have particular rights in relation to automated decision making and profiling to reduce the risk that a potentially damaging decision is taken without human You can object to your personal data being used for profiling, direct marketing or research purposes.

You may invoke any of these rights at any time by contacting us on the details given at the beginning of this Privacy Notice.

How To Make A Complaint

In addition to the rights listed above, any person about whom we hold personal data, also known as data subjects have the right to make a complaint to the Information Commissioner with regard our processing of their personal data or any breach of their rights.

Information of how you can complain can be found at www.ico.org.uk/for-the-public/

Our Website & Cookies

Cookies are small files downloaded to your computer or other devices when you view or access certain websites.

In general, a Cookie will use your IP address to identify you but will not collect further information about your identify. If you would like more information about cookies please visit www.allaboutcookies.org

Cookies enable us to distinguish you from other users of our website and help us to provide you with a good experience when you browse our website and allows us to improve our website. We use Cookies for the purposes of:

understanding what brought you to our website and what pages you visited
remembering you when you return to our website
providing you with safe restricted access areas

If you wish to change or manage Cookies, this can be done by changing your browser settings to delete or block cookies.

However, if you chose to block all Cookies, this may result in you being unable to fully access and enjoy our website.

We use an automated spam detection service for comments and forms on our website.