Company registered in England and Wales, registration number 8684334
Scott Evans Associates Ltd is an appointed representative of Messels Ltd which is authorised and regulated by the Financial Conduct Authority
Scott Evans Associates Ltd
.Data Protection Policy
Organisation The Data Controller is Scott Evans Associates Limited ("SEAL"), a limited company registered in England and Wales (registration number 8684334) the registered office of which is at Hillfield, Haw Lane, Bledlow Ridge, HP14 4AH, United Kingdom. You can contact the data controller by writing to SEAL, Hillfield, Haw Lane, Bledlow Ridge, HP14 4AH, United Kingdom. or sending an email to email@example.com
SEAL has no Data Processors, in relation to personal data i.e. any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Policy operational date
Policy prepared by
Scott Evans, the Data Protection Officer.
The European General Data Protection Regulation, came into force on 25th May 2018 and is the basis of this Data Protection Policy.
Purpose of policy
This Data Protection Policy sets out how we, SEAL, collect, store and use information about you when you use our website, and where we otherwise obtain or collect information about you.
The reasons for the policy are to comply with the law, follow good practice, to protect clients, staff and other individuals and to protect the company.
Types of data
We collect individual information from our company staff and individual and company information from consumers of our research.
This Data Protection Policy complies with both the law and good practice and respects individuals' rights. The company will be open and honest with individuals whose data is held and provide training and support for staff who handle personal data, so that they can act confidently and consistently.
In the event of data breaches the Supervisory Authority (the ICO) will be notified within 72 hours. In addition, for major breaches the data subjects will be notified without delay. A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
The Board / Company Directors
The Board has overall responsibility for ensuring that the organisation complies with its legal obligations.
Data Protection Officer
The Data Protection Officer is Scott Evans, CEO, SEAL. His responsibilities include:
o Briefing the Board on Data Protection responsibilities
o Reviewing Data Protection and related policies
o Advising other staff on Data Protection issues
o Ensuring that Data Protection induction and training takes place
o Notification to the ICO if required
o Handling subject access requests
o Approving unusual or controversial disclosures of personal data
o Approving contracts with Data Processors
All staff should read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.
Types of information collected
We record the names and contact details of the individuals within institutions to whom we distribute research.
Business name and contact details
We record the names, 'know your client' information and contact details of the institutions to whom we distribute research.
We have a regular cycle of checking, updating or discarding old data on our staff and research clients.
Lawful basis for processing information
The lawful basis for the personal data processed is one or more of the following, described in Article 6 (1) of the General Data Protection Regulation:
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone's life.
(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.)
Data collected from our research clients is on the basis of (b) Research contracts or (f) Our legitimate interests.
Once given, consent can be withdrawn, but not retrospectively. There may be occasions where SEAL has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn.
How information is collected and stored
We collect and store emails on our email server in the United Kingdom. Information is not transferred outside the EEA. Our CRM provider is a cloud based service called LACRM.
Hard drive and back ups
We store information using cloud servers provided by Dropbox, Office 365 and Google cloud-
Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means) you do so entirely at your own risk.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
We do not record conversations.
Information from compliance procedures, such as on-
Disclosure and use of information
SEAL is committed to ensuring that Data Subjects are aware that their data is being processed and
o for what purpose it is being processed
o what types of disclosure are likely, and
o how to exercise their rights in relation to the data
We retain contact details of research clients so that we can provide them with research products
Your rights in relation to your information
Your rights in relation to information
Subject to certain limitations on certain rights, you have the following rights in relation to your information, which you can exercise by contacting the Data Protection Officer by email at firstname.lastname@example.org, in writing to: SEAL, Hillfield, Haw Lane, Bledlow Ridge, HP14 4AH, United Kingdom. or by phone on 07703570018:
The controller will provide information on action taken on request to the data subject without undue delay and in any event within one month of receipt of the request.
In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, which is the Information Commissioner's Office (ICO), whose website is below.
Employee training & acceptance of responsibilities
All employees of SEAL and those who have access to any kind of personal data will have their responsibilities outlined during their induction procedures.
Data Protection issues will be covered during employee training, team meetings, supervisions, etc.
For more information https://ico.org.uk/for-