Privacy Policy

1. INTRODUCTION

Rock Compliance Limited is located at:

Unit 2, 10 Tything Road West, Arden Forest Industrial Estate, Alcester, Warwickshire, B49 6EP.

Company Registration no. 02902353

ICO Registration: ZA 569994

Our data protection representative can be contacted by email on: dpo@rockcompliance.co.uk

This privacy notice describes how we collect, use and store personal information about you during and after your business relationship with us, in accordance with the General Data Protection Regulation (EU 2016/679) (GDPR) and Data Protection Act 2018 (DPA)

Rock Compliance Limited is a “data controller”. This means that we are responsible for deciding how we hold and use and store personal information about you. We are required under the GDPR / DPA to notify you of the information contained in this privacy notice.

We may update this notice at any time. If relevant (and feasible), we will notify you.

It is important that you read this notice, together with any other privacy notices we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your personal information.

2. DATA PROTECTION PRINCIPLES

We will comply with all relevant data protection law (including the GDPR/DPA). This requires that the personal information we hold about you must be:

• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
• Relevant to the purposes we have told you about and limited only to those purposes
• Accurate and kept up to date
• Kept only as long as necessary for the purposes we have told you about
• Kept securely

3. THE KIND OF INFORMATION WE COLLECT & HOLD ABOUT YOU

Personal data means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where an individual cannot be identified (anonymous data).

We collect personal data across the business:

• Client / Prospect: includes full name, postal address, email address, contact telephone numbers
• Employee / Contractor: Full name, postal address, email address, contact telephone number, bank and national insurance details

Personal data is collected through the contact form on our website (https://www.rockcompliance.co.uk/contact-us/), publicly accessible sources (social media and other digital platforms), professional directories, professional third-party data bases, documentation provided to us by clients, suppliers, employees and prospective employees.

This personal data is shared with external organisations who support our business operation. These organisations include:

• Microsoft (software vendor)
• Sage (software vendor)
• iTransition Group Ltd (software development)

Personal data is stored on our Microsoft Office 365 suite. Access to personal data on this is permission-based.

Please see our cookie notice for details of how cookies are used.

4. HOW WE USE WILL INFORMATION ABOUT YOU

We will only use your personal information in the ways the law allows. Most commonly, we will use your personal information in the following circumstances:

• Where you have provided your data in a landing page form fill or other enquiry. We will use legitimate interest to contact you off the back of this submission
• Where processing is required for the performance of a contract either party have entered – in this respect, where you have engaged with us and paid for our service
• Where processing is necessary for compliance with a legal obligation – such as retaining records for HMRC purposes, or to prove your right to work and your ability to fulfil a job brief

5. SITUATIONS IN WHICH WE WILL USE YOUR PERSONAL INFORMATION

We need all the categories of information detailed above, primarily to allow us to contact you following your enquiry on one of our landing pages.

If you are a client or supplier, then we will need to process your data in line with our legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below:

• Administration of a contract we have entered with you and providing our products and services to you
• Business management and planning, including accounting and auditing. In these instances, we will share your personal data with our accountants
• Planning for the termination of our contracting relationship
• Dealing with legal disputes involving you, or any disputes that may arise under the contract that we have with you or the way in which we provide our products and services to you

Some of the above grounds for processing will overlap and there may be several grounds that justify our use of your personal information.

6. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7. RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your Rights

Subject access request – this enables you to receive a copy of the personal information we hold about you. To action this request, please email the data protection contact: dpo@rockcompliance.co.uk. We require a suitable form of identification and under normal circumstances, we will supply this to you within one calendar month of your request and identification being received. No fee is usually payable; however, we may apply an appropriate fee if the request is deemed to be excessive, or repetitive.

Request correction – this enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure – this enables you to delete or remove personal information when there is no good reason for us to continue processing it.

Object to processing – in certain circumstances, you have the right to request we suspend the processing of your data. Please contact us if you require more information on this.

Request the transfer – you have the right to request the transfer of your personal data to a third party. Please contact us if you require more information on this.

Right to withdraw consent – where we rely on consent to process your data, you have the right to withdraw this at any time, without giving reason. To withdraw your consent, please contact the data protection officer. Once received, we will not process your data for the reasons you have agreed to, unless we have another legal basis for doing so.

Right to complain – you have the right to complain at any time to the Information Commissioners’ Office (ICO) regarding data protection issues – https://ico.org.uk

We reserve the right to update this privacy notice at any time. If you have any questions about it, please contact us at dpo@rockcompliance.co.uk