Privacy Policy

Last Updated: 22nd May 2018

RPS is committed to protecting your privacy. Before providing us with any of your details, you must read the following important information which sets out the basis on which any personal data we collect from you or that you provide to us, will be processed, stored and/or transferred by us.

Data Controller

RPS ('we', 'us', 'organisation') is the Data Controller for the information you provide to us. If you have any questions about the process, please contact us at:

RPS, 20 Milton Park, Abingdon, Oxfordshire OX14 4SH (FAO: Data Controller)

dataprotection@rpsgroup.com

RPS is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information does the organisation collect?

The organisation may collect and process a range of information about you, for particular services that we may offer through numerous divisions. This will depend on the nature of our relationship with you.

• your name, address and contact details, including email address and telephone numbers;
• any other personal information you submit or provide to the organisation

The organisation will only seek information from third parties with your consent.

Specific privacy notices are available at the point of collection from any of our websites or where processing of personal data takes place.

On what legal basis does the organisation process personal data?

Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing, more than one legal ground may be relevant (except where we rely on a consent). We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• Where we need to perform the contract, we have entered into with you.
• Where we need to comply with a legal obligation.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest [or for official purposes].

Who has access to data?

Your information may be shared for the purposes of processing on specific service(s) you have entered into with the organisation. Information may be shared with the following parties, including (but not limited to):

• managers, project team members, sales teams & consultants across the organisation
• third parties to whom we choose to sell, transfer, or merge parts of our business or our assets
• third party suppliers to us, including (for example) insurance providers, brokers, client entities

More information can be found for the specific services we offer, at the point of collection from the organisations websites.

IT staff may also be required to access your data, if it is necessary for the performance of their roles, routine administration and in the management of our internal IT systems.

RPS will not share your data with third parties, unless there is a requirement to do so.

For how long does the organisation keep data?

We keep your personal data for the period necessary to fulfil the purposes for which it has been collected and to comply with our legal obligations.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once this data is no longer required we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Your rights

Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them, we will explain at that time if they are engaged or not.

• The right to be informed about your processing of your personal information;
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
• The right to object to processing of your personal information;
• The right to restrict processing of your personal information;
• The right to have your personal information erased (the “right to be forgotten”);
• The right to request access to your personal information and to obtain information about how we process it (see below for further details);
• The right to move, copy or transfer your personal information ("data portability");
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.

Access to personal data

In the first instance, you should make any request for access to your data via dataprotection@rpsgroup.com.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, and in exceptional circumstances only, we may refuse to comply with the request in such circumstances.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to RPS. However, if you do not provide the information necessary, then the organisation may not be able to provide the necessary services to fulfil any contractual duties we engage in.

How we protect and store your personal data

The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Data will be stored in a range of different places within the organisation's IT systems (including the organisation's email system).

Is personal data transferred outside the UK or the EEA?

Your personal information may be transferred outside the UK or the European Economic Area. If it is processed within Europe or other parts of the European Economic Area (EEA), then it is protected by European data protection standards. Some countries outside the EEA do also have adequate protection for personal information under laws that apply to us. We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA that do not have adequate protection under laws that apply to us, except in cases where what are called "derogations" apply.

Automated decision-making

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Changes to this Privacy Notice

Any changes we may make to our privacy notice in the future will be representative of the effective date confirmed above.

Cookies

For more information please see our Cookies Policy.

Contact

If you have any queries about this privacy notice or in general about the personal data which we may hold about you, please contact: - dataprotection@rpsgroup.com