UPDATED MAY 2018
The importance of data security and privacy can never be underestimated.
We will only ever request information from you which is relevant to our needs and will never sell, share or use your personal information other than as described within this document.
Who we are
This policy is designed to describe your relationship with FIX8Group (Manchester) Ltd.
The business is registered in England
(registration number (5473649) and the data controller contact is Mark Porter, Business and Finance Director.
You can get in touch with us via:
Telephone: (+44) 161 480 8881
Or write to us at:
Alactraz Building, Hallam Mill, Hallam Street, Stockport, SK2 6PT
As a business we will strive to operate in line with GDPR (General Data Protection Regulations) and take those responsibilities seriously.
We will endeavour to maintain your personal rights, allowing the data subject to change or withdraw their consent to use and hold data at any time. We will also provide assistance if you wish to complain to the Information Commissioners Office if you feel your information request has not been addressed in the correct manner.
Information classed as sensitive
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
What this policy applies to
This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with, or that you allow us to collect. This includes:
Scope of consent
By submitting your personal data, you are affirming your explicit consent for such information to be used in line with our policy.
The consent you give can be withdrawn at any time by contacting the Data Controller via the details stated previously.
Storing and processing data
We will retain any personal data for only as long as necessary to fulfil the initial purposes of collection.
In considering the time frame we will take account of the amount of data, nature and sensitivity, the purpose of processing and if it can be done via any other means.
In line with HMRC guidelines, we will retain any customer or supplier information for 7 years after ceasing to trade with FIX8Group.
Data will be held securely in an encrypted and backed-up media. This data may include financial transactions, contact, identity and transaction listings.
Information is held on local servers and backed up on Dropbox, who are a recognised IT support services provider.
Should you request data to be erased, if there are open transactions then this cannot be completed and will be reviewed when all transactions are complete.
With Suppliers and Customers we only collect the basic information which is relevant to the matter we are dealing with. We may collect:
• Personal details (name, address, email and phone number)
• Financial and bank details
• Business activities
The most common uses of personal data, which will be processed in a legally permitted way may include:
• Securing a contract between both parties
• Where we need to comply with a legal or regulatory obligation
• Where necessary for our legitimate interests
We will comply with the Data Protection Act 1998 and the GDPR  in the way we use and share your personal data.
Amongst other things, this means that we will only use your personal data:
• Fairly and lawfully
• As set out in the legislation and this policy
• To the extent necessary for these purposes
We will process your personal data ourselves as the data processor. We will take reasonable precautions to safeguard the personal information that you supply.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours.
How we use your data
We use your data to process and manage orders and enquiries, necessary for the performance of the contract between us.
With your permission, we will contact you via email or phone. Occasionally we may even send a good, old fashioned letter. We only email business email addresses and will only contact you if:
1) You have asked us to; or 2) We genuinely believe you have a legitimate need for our services and we deem this to represent a legitimate interest in line with the ICO’s guidance.
If at any point you decide you would prefer us not to contact you, let us know and we won’t.
We may also use your personal data for:
1) Administering any accounts; 2) Processing your bank/credit card details in order to obtain payment; 3) Market research; 4) Our own internal marketing; and 5) Credit reference checks (where appropriate).
We will only use your data where we’re allowed to by law, e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it.
We do not use your data for automated decision making or profiling.
Who data is shared with
We may have to share your data with certain third parties for example:
• Service providers who provide IT and system admin services
• Professional advisors including lawyers, auditors, accountants, insurers
• HM Revenue and Customs and other authorities acting as processors or joint controllers
• Internal within FIX8 to other employees, but constantly ensuring data required is used in line with GDPR purposes and significant security is maintained
• Applicable to Freelance personnel, we may request full names, dates of birth and passport information is supplied. This is to be used for the booking of flights and accommodation on your behalf. This information, may, at time, be shared with a third-party provider who books hotels and accommodation, but only third parties whom FIX8Group has a trusted working relationship with.
Where data is shared, we respect third parties to respect the security of your data and use it in accordance with he law. We do not allow any third-party service to use your personal data for their own purposes and only permit them to process data for specified purposes in accordance with our instructions.
Data is not shared outside the European Economic Area (EEA)
You are allowed to opt out of consent for holding and using data at any time. Any information then held about you will be deleted promptly (within 14 days in most circumstances).
You have the rights to:
• Request access to the personal data which we hold
• Request data be corrected if you believe it to be incorrect
• Request your personal data to be erased
• Object to personal data being processed
• Request for the processing of your data to be restricted
Should you wish to exercise these rights, please get in contact with us.
Should you wish to access your personal data then there may be a fee if the request is excessive, repetitive or unfounded. There is also the right for the business to refuse access in these circumstances.
We endeavour to provide all information within 30 days of a request, pending sourcing and verifying all data for completeness.