’We’ as Acumen will be fully compliant with GDPR when it becomes enforceable on the 25th May 2018. We are committed to safeguarding the privacy of our mystery visitors together with our clients and any users of our website. Please read the following carefully to understand our practices regarding your personal data and how we will control it.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new law coming into effect from the 25th May 2018 to protect the data of the citizens within the European Union. The GDPR is a move by The Council of the European Union, European Parliament and European Commission to provide citizens with a greater level of control over their personal data.
Who will be affected by the GDPR?
The GDPR has important implications for all citizens of the European Union and businesses operating within the EU, regardless of physical location. If businesses aim to provide goods or services to citizens of the EU, they will be subject to the regulations imposed by the GDPR. In addition, any business that stores personal data of EU citizens can be held accountable under the GDPR.
The data must be;
- Processed transparently, fairly and lawfully
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary for processing
- Accurate and only kept for as long as necessary within legal obligations
- Processed in an appropriate manner to maintain security where possible
The data we hold
By visiting and using our website, either with your specific log in details using email address and password or making an enquiry, you are agreeing for us to process your data (in line with GDPR requirements).
This includes but is not exclusive to telephone correspondence, email or visiting and using our website. This includes data you provide when you register to be a mystery visitor, making an enquiry via our website or on the phone, and/or using our Contact Us service on our website. The data that you give us may include your bank or invoice details, phone number/s, address, date of birth, gender, ethnicity and email address.
We will hold your personal data for an ongoing period of time whilst you are continuing to carry out mystery visits for us. You may at any time reserve the right to terminate the agreement of being a mystery visitor for Acumen Ltd without reason or cause. If you terminate your association with Acumen Ltd we will keep some restricted personal data in regards to legal obligation, proof of financial transactions, to respond to any enquiries or to support or defend any claims. Any personal data that is not required will be erased. We have the right to keep non-personal forms of data for analytical purposes with no fixed time limit if we have a lawful and legitimate reason to retain this information.
We may also store some or all of the following information in order to facilitate operation of our web platform and your security:
- The Internet protocol (IP) address used to connect your computer to the Internet
- Date and time of logins
- Browser software and operating system used
- Time and date of any password changes
- Data relating to transactions may be stored. This may include receipts and/or services that you enter into with us and/or through our website, payroll system, or any other communication correspondence. The data may include your contact details and your card details and/or invoicing/bank details. The data may be processed for the purpose of keeping proper records of those transactions.
We may retain information from correspondence via email, telephone or via our website. All information is backed up via cloud storage and through manual back-ups via hard drives at regular intervals and stored in two separate locations within the EU at all times, as per recommended guidelines. This information is held within our back-ups and storage of data. We have two separate back up locations in Surrey, UK, as well as our processor located in Brighton.
Access and Erasure
You may access your personal data held by us, Acumen Ltd, at any time via a SAR (subject access request). When you log into our website using your personal secure log in details and password, you are able to see 99% of the information we hold and we will be able to provide full transparency on request of an SAR.
All users of our website will have their information securely stored, non-visible to third parties. Any information given via an SAR will be provided on proof of identity.
We may share your information with any prospective buyer of our business of assets, any professionals such as legal advisors, insurers and our website processor for the purpose of maintaining legal requirements or obligations, settling any claims or disputes, or in the interest of protecting your data from unlawful third parties.
We do not share your personal data with any third parties for marketing purposes without express written permission. We do not discriminate in any way over age, gender, sexual orientation, ethnicity, religious or philosophical beliefs.
If a data breach should occur the GDPR specifies that companies must provide an adequate notification. In the unlikely event of a data breach, Acumen Ltd has strict procedures in place to report this to the affected individual/s and the ICO within 72 hours of discovery.
We aim to provide SSL and HTTPS secure website with regular security and software maintenance.
There is a system log which provides an overview of activity on the website and database for auditing and security purposes.
Unfortunately, the information on the internet is not completely secure. Although we aim to provide a secure protection for your personal data, we cannot guarantee the security of your data fully. Any information provided by you onto our website is at your own risk. We enforce strict security policies and aim to prevent any unauthorised access within the ICO guidelines.
Therefore, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of your rights.