DH Clamp Consulting
A Leading International Risk Management Consultancy

Data Protection

Data Protection and Privacy Policy

 Written: July 2023        Next Review date: July 2024

DH Clamp Consulting Ltd takes privacy and data protection very seriously. This privacy statement explains how DHC collects, stores and uses personal data when clients engage with our services. This policy will be kept under review and will be revised when required; notification of updates will be made on our website and all other marketing channels.

This is fully compliant with the UK General Data Protection Regulation (UK GDPR). The policy about personal data collection is written within the framework of the 6 data protection principles set out in the GDPR: 1. Lawfulness, fairness and transparency; 2. Purpose Limitation;3. Data Minimisation; 4. Accuracy; 5. Storage Limitation; 6. Integrity and confidentiality.

Definitions

When reading this statement, please note that the terms ‘DHC’, ‘We’, ‘Us’ and ‘Our’ refer to DH Clamp Consulting Ltd. The terms ‘You’, ‘Your’, ‘Customer’ and ‘Client’ refer to anyone who pays for and engages in the use of our services.

 ‘Personal data’ refers to any information that directly or indirectly identifies a person (a ‘natural person’ as defined by the UK GDPR) including name, address, email, phone number, job title and employer information.

‘Special category data’ refers to the UK GDPR definition which is any information concerning race, ethnic origin, religion, politics, trade union membership, genetics, biometrics, health and sexual orientation.

The use of the term ‘Data Controller’ in this policy refers to DH Clamp Consulting. The term ‘Data Processor’ refers only to the services we use for payment processing, IT service providers and online survey software services.

Your Personal Data

When engaging in any of our services you will be asked to voluntarily provide only the personal data that is necessary to ensure accurate project outputs.

What data do we collect?

In the course of our work, the personal data we collect include names, email addresses, telephone numbers, job titles and invoicing contact details of key contact people within the client’s organisation. We may also collect survey data about individual employees as part of surveys, for instance during Security Risk Management Reviews. 

Special category data

It may be possible that during surveys or training individuals disclose details of their lives that are relevant to the subject being discussed.  These interviews are confidential and the contents are not disclosed.   The data is disposed of securely after the work is completed.

Why do we collect it?

We collect names, contact details, job titles and employer names in order to maintain our roster of consultants, and of business contacts. 

Invoicing contact details: In order to process fees for our services, we require the contact details of any person responsible for the payment of invoices. The details required are a contact name, email and billing address.

Who do we share it with?

DHC uses a small number of carefully selected third parties to help provide our services. These act as ‘Data Processors’ as defined by the UK GDPR.  Examples of the services we use are payment processing, IT service providers and online survey software services. In choosing to work with any such Data Processors, we will always ensure that the security policies and confidentiality arrangements and UK GDPR compliance of those third parties adhere to the same requirements. No ownership rights to the data will be transferred to any third party.

The data that we collect from you will not generally be transferred outside the European Economic Area ("EEA"). The only circumstance where this may occur is for training courses outside the EEA when we give accommodation providers a participant name, for booking purposes only. By submitting your data, you agree to this transfer, storing or processing. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy.

Data Retention

DHC endeavours to minimise the retention of data as much as reasonably possible.

Security

All reasonable steps have been taken to ensure the security of personal data through the minimisation of collection, IT security measures and best practice in handling data both digitally, and on paper. Our IT system meets UK GDPR requirements, including hard drive encryption and the most up to date security software.

Data breach

In the event of a data breach, DHC will start the following process

o     DHC becomes aware of a data breach

o     DHC creates an investigation log to determine scale of the breach eg timeline, what happened, how many people were impacted and actions taken

o     DHC attempts to recover any data lost and to protect anyone impacted, including any partner organisation impacted, assesses the risk of harm to anyone affected and acts to protect them if necessary

o     As a UK Limited Company, DHC reports any personal data breach to the ICO within 72 hours

Access

If you would like to get in touch with us regarding any of your personal data access rights, or in the event of a data breach, please contact us immediately: contact@dhclamp.com  or at +44 (0) 1737 761269.