General Data Protection Regulations
Notice regarding personal details held in relation to our trading relationship
On 25 May 2018 the UK enacts the General Data Protection Regulation which provides a much stronger regulatory environment over the protection of Personal Data held by businesses.
Personal Data of your Employees, held by ourselves
We, RIF Worldwide Plc, acting as a Data Controller, hold Personal Data originating from your entity in relation to our business relationship. This Personal Data takes the form of contact names, e-mail addresses, telephone numbers and / or other contact details and we hold them to maintain our business relationship with you, which we believe constitutes a legitimate business interest.
Our business interest does not over-ride your rights and freedoms should you object to our holding of this data. Should you wish to object or use any of your other personal data rights (such as the right to rectification, the right of access or the right to erasure) then please contact the person named on this letter, or any other RIF Worldwide Plc contact that you may have and we will act accordingly, without delay.
Where such a request leads to an erasure or restriction to processing, and where we believe a business contact is essential to maintain our business relationship we may request an alternative contact be provided, with such Personal Data also to be covered by this statement.
Personal Data of this sort held within our business is covered by our Data Protection Policy and specifically by an internal Personal Data Process which has an owner within the relevant business department and ensures that an adequate level of protection is held over the Personal Data stored.
The Personal Data will not be shared with third parties or stored outside of the UK or your home country, but may be passed to other RIF Worldwide Plc colleagues relevant to the business relationship. It will not be used for any other reason than maintenance of our business relationship and will only be kept whilst that relationship is ongoing and for a short period (up to one year) afterwards, whilst queries may arise, unless you authorise us to keep it for longer.
If you feel we are using your Personal Data incorrectly, then please contact us directly and we will aim to rectify this, or you can complain directly to the information commissioner (www.ico.org.uk)
Personal Data of our employees held by yourself
We expect that you will hold personal names and contact details for employees of RIF Worldwide Plc in the course of our business relationship with yourself.
In such a case, we consider that you are the Controller for the data passed to you, and where the data is passed by a third party or alternative RIF Worldwide Plc contact that you immediately notify the RIF Worldwide Plc employee to state that you are holding their data in relation to our business relationship.
We expect that you will abide by the regulations of the General Data Protection Regulation and reserve the right to request details regarding your policies on retention of our employee’s data, the security under which it is held or any other information on your compliance activities.
Strictly, we insist that none of the data relating to RIF Worldwide Plc employees is passed on to third parties, stored in countries outside the EU, the UK or your home country, or subjected to automated processing.
Where a RIF Worldwide Plc employee exercises their rights under the GDPR, we expect that you will react accordingly, particularly in reference to the Rights of Access, Erasure and Rectification.
On our part we will endeavour to ensure that you have up to date details and are informed of employees that leave the organisation, and therefore whose details are no longer required to maintain the business relationship.
We reserve the right to complain to the Information Commissioner, and/or end our business relationship should any failure to protect Personal Data for RIF Worldwide Plc employees occur.
On behalf of the Directors of RIF Worldwide Plc