This Privacy Information Notice was last updated on 13th August 2021.
Who we are
We are Communication Inclusion People.
Company number SC649461 registered in Scotland at 33 Esplanade Terrace, Edinburgh, Scotland, EH15 2ES.
We’re committed to protecting
We promise to keep the information we have about you private.
We will only share information we have about you with someone else if you say we can.
Collection, processing and storage of personal data
Communication Inclusion People collects, processes and stores personal data so we can do our business.
This Privacy Information Notice details
- what personal data we collect – that is the information about you we collect and keep,
- how we collect it,
- why we collect it,
- the lawful basis for processing or using it,
- where we store it and
- how long we store it for.
It also tells you
- how to request, change or remove your personal data from our records and
- how to contact us with any questions about our data protection policies or procedures.
How we collect personal data
We do not collect, process or store any special categories of personal data such as
- race,
- ethnic origin,
- politics,
- religion,
- trade union membership,
- genetics,
- biometrics,
- health,
- sex life or sexual orientation,
- or criminal offence data.
Cookies
Cookies are small files that are placed on your computer by websites that you visit. They
- make websites work, or work better and
- give information to the owners of the site.
How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings.
To find out more about cookies visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
To stop being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout.
Retention and deletion of personal data
We delete personal data in our possession when it is no longer needed by us to do business unless we have to keep it for legal or security reasons.
What we need to keep
UK government regulations require us to keep certain types of data like payroll, accounts and VAT records for 7 years at least.
We need to keep details of the fulfilment of business contracts for several years after completion of a contract as part of our professional indemnity insurance.
We regularly delete most other data, including emails, in batches after 8-9 years have elapsed. We keep some accounting and archival data indefinitely.
When deleting personal data, we take steps to delete all copies beyond reasonable possibility of restoration, including copies on backups.
Who do we share your personal data with?
We share personal data among Communication Inclusion People staff.
It is sometimes necessary to share your personal data with other businesses we work with.
We may pass your information to other businesses we work with, their agents, subcontractors and other associated organisations so that they can complete tasks and provide services to you on our behalf (for example to process payment and send you mailings).
When we use third party service providers, we only give them the personal information that is necessary to deliver the service. We always have a contract or agreement in place that requires them to keep your information secure and not to use it for their own marketing purposes.
We will not sell or rent your information to any one else.
It may be necessary to share your personal data where there is a legal requirement to do so.
Your legal rights in relation to personal data and how Communication Inclusion People addresses these
How we protect your personal data
We maintain a high level of physical and electronic security in relation to the collection, storage and disclosure of your information.
We take reasonable steps to ensure that any information we hold about you is protected.
We use Secure Socket Layer (SSL), which encrypts information given over the internet to protect all personal data.
Internally Communication Inclusion People uses password managers so that passwords can be administered securely. We use and enforce strong passwords and where we store data we encrypt it.
What data breach procedures we have in place
We will write a report about any personal data breaches, which gives
- the facts relating to the personal data breach,
- its effects and
- action taken to put things right and stop any more breaches.
We will notify the Information Commissioner Office (ICO) no later than 3 days after the breach if the breach is likely to result in a risk to the rights and freedoms of a person or people in accordance with Article 55.
When the personal data breach is likely to result in a high risk to the rights and freedoms of a person or people, we will tell the person or people concerned immediately.
We will tell the person or people concerned clearly
- what has happened with their personal data
- the name and contact details of the data protection officer or other contact point where more information can be obtained;
- what is likely to happen because of the personal data breach;
- what action we have taken or plan to take to address the personal data breach, including, where appropriate, actions to prevent or reduce possible bad effects on them.
This communication is not required if the conditions in Article 34 – 3a), b) or c) – are met.:
- the controller takes action, such as encryption, so no one who does not have permission can access it;
- the controller takes action which ensures that the high risk to the rights and freedoms of data subjects is no longer likely to happen;
- it would involve more effort than the risk of problems merits. If this is the case Communication inclusion People will produce a public statement so anyone and everyone, including the people concerned, are informed in a way that works for everyone.
What third parties we receive data from
We do not buy or receive personal data from anyone else.
What automated decision making and/or profiling we do with personal data
We do not use automated decision making or undertake profiling with personal data.
Privacy Notice updates
By using our website, you’re agreeing to be bound by this Policy.
This Privacy Information Notice was last updated on 13th August 2021.
We may change this Policy from time to time.
Please check this page occasionally to ensure that you’re happy with any changes.
How to contact us
We are registered with the Information Commissioner’s Office (ICO) in the UK:
Communication Inclusion People on the ICO register number ZA771310.
If you are unhappy with the way we handle your personal data and we have not been able to resolve it, you have the right to lodge a complaint with the ICO.
If you have any questions about this Policy and our privacy practices please
- Email to info@communicationinclusionpeople.com or
- Write to Communication Inclusion People, 33 Esplanade Terrace, Edinburgh, Scotland, EH15 2ES.