BUSINESS CONTACT/ASSOCIATE/CONSULTANT PRIVACY NOTICE
BUSINESS CONTACT/ASSOCIATE/CONSULTANT PRIVACY NOTICE
| Title | Business Contact/Associate/Consultant GDPR | Date Issued: May-18 |
| Owner | The Data Protection Officer | Date Reviewed: Oct-21 |
| Scope | This privacy notice applies to representatives of prospective or active OSP Group Limited clients and associates/consultants of OSP Group Limited. The information in this Privacy Notice should be provided at the point of data capture or upon the first contact with the individual. |
About Us
Operational Security Professionals Group Limited (OSP) (or ‘Us’) is registered in England and Wales, with the trading name OSP Cyber Academy and trading address: 109 Forest Avenue, Aberdeen AB15 4TN. For the purposes of the UK General Data Protection Regulation (GDPR), OSP Group Ltd is a data controller with respect to the personal data that you provide to us.
OSP is committed to respecting and protecting your privacy. Questions and comments about this privacy notice are welcomed. These, and any enquiries about the processing of your personal data should be directed to [email protected] in the first instance.
What is Personal Data?
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to data items such as: name, contact details, unique identification numbers, location data or online identifiers.
How OSP uses your information
To maintain business to business relationships, OSP needs to collect personal data about you. This is required for the legitimate interests of OSP – for correspondence purposes and/or detailed service provision where a contract exists between OSP and the organisation that you work for.
OSP will process – that means collect, store and use – the information you provide in a manner that is compatible with the GDPR. OSP will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances, the law sets the length of time information must be kept, but in most cases, OSP uses a set of retention rules to ensure that data is not retained any longer than to fulfil the purpose for which is has been collected.
How long will OSP retain my personal data
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for legal and tax purposes. In some circumstances you can ask us to delete your data. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
The aim is not to be intrusive, and OSP will not ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Operational Security Professionals Group Limited
UK Head Registered Office: 1st Floor, 2 Woodberry Grove, Finchley, London N12 0DR Company Number 10611951 VAT Number 271 121 346 – https://ospcyberacademy.com
What information OSP may collect from you
OSP needs to collect personal data for legitimate interests – for correspondence purposes and/or detailed service provision where a contract exists between OSP and the organisation that you work for or as an affiliate, Associate or Consultant. Categories of the type of information we may need from you are:
- Name and contact details
- Company and Associated information
- Job title and position
- Head shot photographs (for promotional materials)
- Business activity and preferences
- Financial and banking details A description of these legitimate interests:
- To enable an up-to-date record of your details for business correspondence and contact
- To enable us to be responsive to business needs and associated risks
- To issue promotional and marketing materials for events, training courses you may be involved in
- To enable your attendance at events or training courses or facilitate administration of courses for your organisation
- For crisis communications or correspondence in the event of a security incident
- To understand client operations and facilitate effective stakeholder management
- To appropriately address business related documentation such as purchase orders or invoices to the correct contacts If you have given OSP consent to use your personal information for marketing and communications purposes, you may withdraw this consent at any time, simply by emailing [email protected]. We will immediately withdraw your name from our marketing lists. In addition to this, all our electronic marketing material carries an unsubscribe option, so you can also unsubscribe at any time. During the processing of your information, no automated profiling or decision making takes place. Disclosure of your personal data OSP will never disclose your data to other parties for their own use. Your personal data may be processed by a limited number of service providers for example the company that provides and supports our Information Management system. These parties are contracted to OSP, are obliged to keep your details secure and use them for no other purpose than to fulfil the service that they provide to us. Your rights You have the right to access information held about you. You have a right to request a copy of the personal data you have provided, to be sent to you or other parties in machine readable format (data portability). Where there are any changes to the purposes for which your data is processed, or any
Operational Security Professionals Group Limited
UK Head Registered Office: 1st Floor, 2 Woodberry Grove, Finchley, London N12 0DR Company Number 10611951 VAT Number 271 121 346 – https://ospcyberacademy.com
changes to the way in which your personal data is disclosed, you have a right to be informed of these changes. OSP will do this by contacting you with the relevant information in a timely and transparent manner.
You have the right to ask for your personal data to be rectified where there is an inaccuracy and you have the right to ask for your personal data to be erased, where there is no overriding legal basis for it to be retained. You have the right to ask for your data not to be processed for marketing purposes and where any processing of personal data is carried out based on your consent, you have the right to withdraw that consent as easily as it was given.
You have the right to object to decisions OSP has taken about the processing of your personal data and where you believe OSP has contravened the UK General Data Protection Regulations, you have the right to lodge a complaint with the Information Commissioner’s Office.
You have the right to request that processing of your personal data is restricted, where there is an objection or request for rectification pending, or where you require data that would otherwise be deleted to be retained, for example for the defence of legal claims.
For any questions about, or to exercise any of your rights as a data subject, please contact [email protected].
