privacy

Data Protection & Confidentiality Policy  

W2W Solutions Ltd is committed to implementing the General Data Protection Regulation (GDPR), EU Regulation 2016/679, to protect the privacy and data of our customers. We will:
  • Process personal data fairly and lawfully.
  • Only collect personal data for specified and legitimate purposes, and only process data in a way that is compatible with those purposes. 
  • Make sure that personal data held and processed is adequate, relevant and only limited to what is necessary. 
  • Take steps to ensure that personal data is accurate and kept up to date. 
  • Not keep personal data for longer than is necessary for the intended purposes. 
  • Process personal data in line with the rights of data subjects under the GDPR. 
  • Take suitable measures against unauthorised or unlawful processing, and against accidental loss or destruction of, or damage to, personal data. 
  • Not transfer personal data to a country or territory outside the European Economic Area.

Click here for the definitions of data, personal data, sensitive data and processing.  All employees and others who process or use personal information are expected to adhere to this Policy at all times.  

Data we collect

Data collected by W2W Solutions Ltd may include, depending on our relationship with an individual:
  • Name
  • Date of birth
  • Nationality
  • Contact details (address, email, telephone)
  • Job role within an organisation
  • Bank details
  • Special categories of data such as ethnicity, health status and criminal record

Personal details (including sensitive data) about our customer's services users may be accessed and processed as part of our consultancy services e.g. to develop and implement new systems, deliver staff training or undertake other relevant activities. This data will be accessed via secure platforms, and normally processed within the customers’ IT systems. It is the policy of W2W Solutions Ltd to use such data only for the intended purpose, and to not retain or process this outside of the terms of our Consultancy Agreement.

We do not collect personal information from children under 18.

How we collect and use data

Employees will provide personal data as part of the recruitment process.

We collect customer data through:
  • completion of our website contact form by potential customers
  • email or telephone queries
  • in the course of the delivery of our service
  • data already published in the public domain (websites, publicity, social media)

We will use individual's data to ensure effective delivery of the service that has been requested from us, within the terms of the relevant Agreements; to respond to requests for information; to manage our relationship with individuals including communicating about our activities via email and telephone; to inform people about services and activities that may interest them; and to meet our legal obligations. 

The legal bases for collecting, using, storing and transferring data are as follows:
  1. Processing is necessary for the performance of a contract to which the individual is party or in order to take steps at the request of the individual prior to entering into a contract.
  2. Processing is necessary for compliance with a legal obligation to which the data controller is subject.
  3. Consent of the individual.
  4. Legitimate interests in relation to direct marketing.

In some limited circumstances, we are legally required to share certain personal data if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority. 

Cookies

Our website uses cookies (small text files placed in your web browser) to assist in the effective running of the website. Visitors can opt out of cookies using their browser settings – this does not impact on their ability to navigate and use our site; and individuals cannot be identified personally from the information collected. We do not use third-party cookies and do not collect any personally identifiable information about website visitors.

Sometimes we have to use external web services, mostly to display content within our website, such as YouTube. We cannot prevent these sites, or external domains from collecting information on your usage of this embedded content. If you are not logged in to these external services, then they will not know who you are, but they will still be able to gather anonymous information during any session on our website.

If you would like to find out more about cookies visit www.aboutcookies.org for detailed guidance.

Data Security

New paragraph
Personal data collected by us will be stored electronically in an encrypted, password-protected IT system which is only available to the data controller and authorised personnel. We will take all reasonable steps to minimise the risk of accidental loss or theft of computer equipment containing personal data. Appropriate virus and security protection will be installed to ensure the integrity of the system as far as possible.  

Where manual records are held these will held in a secure, locked filing system, accessible only to the data controller and authorised personnel. The retention of manual records by employees working off site will be discouraged and kept to a minimum. Where this is necessary, secure storage systems will be made available.

In all cases the IT systems of employees will be regularly monitored by the data controller to ensure that data held is relevant to the individual’s job role and not retained beyond the time necessary to fulfil the intended purpose. All employees will take all reasonable steps to minimise the risk of accidental loss or theft of computer equipment containing personal data. IT systems will be backed up regularly and backup up files retained on an independent secure electronic system to ensure business continuity in the event of original data being lost.  
 

Rights of Data Subjects

Under the GDPR individuals have the right to:
  1. be informed about our collection and use of their personal data. This policy should tell individuals everything they need to know, but contact us for more information.
  2. access the data we hold. Individuals can request a copy of the personal data we hold about them to check it is correct and that we are processing it legally.
  3. correct any information we hold about them.
  4. ask us to erase your data where there is no good reason for us to hold it.
  5. restrict processing of their data e.g. we can continue to store it but not process it.
  6. data portability. Individuals can request that we transmit their personal data to themselves or to a third party in a commonly used and machine readable form e.g. CSV files, enabling other organisations to easily use their data.
  7. object to us processing their personal data based on legitimate interests (including direct marketing and research) or the performance of a task in the public interest/exercise of official authority. 

If individuals wish to exercise any of these rights please email: info@w2wsolutions.co.uk

Individuals will not have to pay a fee to access their personal data (or to exercise any of the other rights). For security purposes we may need to request specific information to help us confirm identity and ensure an individual's right to access the personal data. We will respond to all legitimate requests within one month.

Where data subjects advise W2W Solutions Ltd in writing that they do not wish to be contacted for direct marketing purposes, the individual will be added to our suppression list to make sure this request is actioned.

Confidentiality

Outside of personal information covered by the GDPR, this policy also covers confidential information.  

Confidential Information is considered by be all information concerning the business affairs of either W2W Solutions Ltd or our customers that is not in the public domain and that is gained through work undertaken in a specified contract. This includes, but is not limited to, all information relating to, and included in all processing and analysing of customer data, business policies, sales and marketing data, computer systems and software, research, and any other confidential information in any media used by, or the property of, either party.
 
W2W Solutions Ltd will use confidential information only to ensure the proper provision of the goods or services agreed and for no other purpose whatsoever. Only authorised employees or associates will have access to the information.  

We will maintain the confidentiality of the information and not disclose or communicate this to other parties without our customer’s consent. We further undertake to not use, reproduce, transform, or store any of the confidential information outside of our business premises unless required in delivery of the agreed service.

Retention & Disposal

Data and confidential information will be retained as long as is necessary to fulfil the purpose for which it was gained, and to meet our legal and fiscal obligations. Information will be retained in a secure manner to prevent access by any unauthorised third party and will be returned to the customer upon completion of the activity or otherwise destroyed. All manual records containing personal or sensitive data will be shredded to ensure confidentiality.  

Where IT equipment is redundant, hard disks will be wiped clean before disposal.  

Monitoring & Review

The Director will monitor implementation of the Policy on an ongoing basis and take action to make sure it remains relevant and effective. Where an employee is found to have breached this Policy, disciplinary action will be taken in line with company procedures. The Director will update this Policy when changes to the business or changes to legislation make this necessary.

Updated: November 2019
Share by: