Recordsure is committed to your privacy and adheres to the General Data Protection Regulations (GDPR). This statement sets out how we use your personal data and your rights.
Your personal information will be held by Recordsure, registered as Record Sure Limited for the purpose of the EU General Data Protection Regulation (GDPR).
Recordsure is the Controller of personal data relating to the professional individuals within its client or prospective client firms, for the purposes of relationship management, marketing and business development. This statement relates to this data only.
Personal Data We Collect
Recordsure collects your personal data, including information provided in various ways. Some of this data is gained directly from you, including:
- In emails, during telephone calls and conversations, from business cards, when registering for services, when participating in surveys, and when using Recordsure’s websites.
- Some personal data may also be gained indirectly, such as:
- Information gained through other organisations (for example LinkedIn) whether or not this is in the course of providing services to you.
- Information we gather from your use of, and interaction with, our website and the devices you use to access them, using technology such as cookies.
The data that we collect will depend upon our interactions with you, the privacy settings and features that you choose. The personal data we collect may include:
- Email address
- Job title
- IP address
- Phone numbers
How we use Personal Data
Recordsure will only process your data where it has a legal basis for doing so. Recordsure uses the data collected to communicate with you and to offer you our services and/or services related to our associated company The Consulting Consortium Limited (under the trading name TCC), which offers consultancy services that may be complementary to the services provided by Recordsure. We will also use your data to improve or maintain the services we offer to you and our website. We will never share your data with any other third party, other than those stated in this policy, nor use your data for any other purpose, unless we firstly gain your consent to do so.
We may use your data for profiling in the context of segmentation and targeting for marketing purposes. We may use personal data such as job title, sector, company and your previous activity on our website or with our marketing communications. This enables us to provide you with information and promotions that are likely to be relevant to you. We may also use data such as your name and job title to personalise communications you receive from Recordsure and our website.
You have the right to access, rectify, erase, object and restrict the processing of your personal data, with the ability to choose which promotional communications you wish to receive and how you would like to receive them. You also have the right to opt-out of receiving our marketing communications at any time. To manage your subscriptions or personal data, please see the Your Rights section.
What this means
How you can exercise
The right to access
You have the right to request from us:
You can request this information at no charge from Recordsure by emailing firstname.lastname@example.org.
The right to rectification
You have the right to request that we change or update your personal information if it is incorrect
You can request an update or change to your information by mailing email@example.com. Recordsure will update your details within one month of your request.
The right to erasure
You have the right to have your data erased from our systems when:
As set out in ‘retention period’, your data will be erased when it is no longer necessary for the purpose it was originally processed or after 12 months.
The right to restrict processing
You have a right to restrict us processing your data if:
You can request restriction of your personal data by emailing firstname.lastname@example.org
The right to object
We use legitimate interest for direct marketing. You have a right to object to us using your personal information for these purposes.
To object to Recordsure using your personal data for direct marketing contact email@example.com
Our legal basis for processing personal data
Our legal basis for processing your personal data may rely upon our Legitimate Interest or Legal Obligation.
As a data subject on which we process personal data, you have various rights that you can exercise:
Recordsure relies upon the following legal bases for processing the personal data obtained from the practices outlined in Personal Data we Collect.
‘Legitimate Interest’ means the interests of our company in conducting and managing our business to enable us to give you the best services and experience. For example, we have an interest in making sure our services are relevant for you, so we may process your personal data to contact you by telephone with discussions tailored to your interests.
When we process your personal information for our legitimate interests, we make sure to consider the balance and any potential impact on you (both positive and negative) and your rights under the data protection regulation. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Our legitimate business interests may include some or all of the following:
- For evidential purposes to effectively manage and maintain records of our relationships/communications with you;
- For business development related activity such as contacting you by telephone or email to arrange meetings with our experts in relation to work or knowledge sharing;
- To enhance, modify, personalise or otherwise improve our services and communications for the benefit of you;
- To better understand how you interact with our website and content in order to enhance your customer experience;
- To determine the effectiveness of promotional campaigns to inform marketing strategy.
Recipients of Personal Data
When Recordsure uses third party systems to process data, the data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA. Third party systems are used in:
- Business development
- Customer delivery
To request a list of third parties supporting these categories, please contact firstname.lastname@example.org
Recordsure will ensure that any third-party processor has adequate data protection measures in place that align with the requirements of the GDPR by conducting periodic due diligence. Recordsure will not share your data with any third-party processor outside of the UK, EU or USA.
Recordsure does not sell your personal data or other information to any third-party.
Recordsure stores personal information on a secure database which is shared with our associated company TCC.
Although data is stored centrally, all communication is segmented between the separate companies. Signing up to either mailing list for example will provide content from the relevant company, and subscribers can opt in or out of the respective mailing lists on an individual basis. We may on occasion share content between companies when we believe the information will be relevant and valuable.
Once Recordsure has received your information Recordsure is committed to ensuring it has all necessary technical and organisational controls in place to keep your information secure. In order to prevent unauthorised access or disclosure Recordsure has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information Recordsure collects.
Recordsure will only keep your personal data for as long as necessary for the purposes for which it was gained. Personal data will be retained for the purposes of direct marketing, relationship management and business development, or where we have another legal basis for processing (such as your consent or a contract with you). Recordsure will review the personal data we hold on you every 12 months to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, in line with our GDPR Policy. If your data becomes inaccurate, we will update it accordingly.
The exception is information collected from surveys, feedback and questionnaires, which are held only for the duration of its usefulness i.e. the duration of a campaign. The data is then anonymised and retained for internal evidential purposes, or deleted.
Recordsure will help you should you have any complaints about the processing of your personal data. Under the GDPR, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissioner’s Office (ICO), who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: ico.org.uk or through their helpline: 0303 123 1113.
Changes to this Privacy Statement
We reserve the right to change this statement. Changes will be published on our website www.recordsure.com/privacy-policy/ and previous versions will continue to be available here. We will notify you of any material changes to this statement via email (where possible) but recommend that you also check this statement regularly, so that you are informed of any changes.
Version 4.0 | 20th Jan 2020