Who are we?
We are Doherty IT Solutions Ltd, T/A Doherty Associates. We secure and manage IT systems on behalf of our clients. Our Registered address is Darpen House, 3 Water Lane, Richmond, Surrey, TW9 1TJ. Our company number is: 02678057.
At Doherty Associates we are committed to protecting and respecting your privacy.
This policy explains what personal information we collect from you and how we use it. This personal data, whether it is held electronically or on paper is subject to certain safeguards that are specified under the EU General Data Protection Regulation (GDPR). The GDPR aims primarily to give control to citizens and residents over their personal data and puts a responsibility on us to keep it safe. This policy says how we will do that.
As well as your right to your data being safe, you can at any time you can unsubscribe from communications from Doherty Associates or request for your data to be deleted by visiting www.doherty.co.uk/hs/manage-preferences/unsubscribe. Further details on data erasure are included in this policy.
To obtain a copy of this policy please use our website at www.doherty.co.uk/privacy-policy, or contact our Data Protection Manager. The contact details for the Data Protection Manager are below.
Data Protection Manager
Doherty Associates is the controller of information that we collect, you can find our contact details below. Our Data Protection Manager is Owen Morris who can be contacted by phone on 0208 987 1150, email at firstname.lastname@example.org, or by writing to our registered address. They are authorised by us to be the contact point for any questions regarding data protection. If you have any questions about this policy please contact the Data Protection Manager.
If you need to have this information in another format please contact the Data Protection Manager.
Who is affected by this policy
This policy applies to:
- Visitors to our website
- People who download information from our website
- People who attend our events
- Our clients
- Job applicants
- Current employees
- Former staff
- People who make enquiries or requests under the GDPR
The data protection principles
The GDPR requires that data is:- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary for processing
- Accurate and, where necessary, kept up to date
- Not kept longer than is necessary
- Processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures
To meet these requirements, we will:
- Tell you what data we collect and how it will be used
- Process personal data only as needed to fulfil operational or legal requirements
- Keep your data up to date
- Retain data for only as long as needed to fulfil the requirements
- Ensure that the rights of data subjects can be fully exercised
- Implement appropriate technological and organisational measures to safeguard personal data and ensure that personal data is not transferred abroad without suitable safeguards
If you believe that we are not meeting these requirements, please tell us. You also have the right to report any concerns to the Information Commissioner’s Office.
Lawful Basis for Processing
We collect your data based on a specific legal basis. The data we collect is set out in the table below:
|Data Subject||Basis of Processing||Is the data shared and with whom?||How long is it kept?|
|Visitors to our website||N/A - no personal information held||N/A||N/A|
|People who download information from our website||Consent||No||Two years of inactivity or until they unsubscribe|
|People who attend our events||Consent||Event locations||Two years of inactivity or until they unsubscribe|
|Our clients||Contract||In order to provide services to our clients we may subcontract services on your behalf. See Sub-Processors||Depends on the service|
|Job applicants||Legitimate interest||No||Minimum to process and review application|
|Current employees||Legal requirement||Payroll processing, DBS checks and HR outsourcing||Information available internally|
|Former staff||Legal requirement||No||As per legal requirements|
|People making requests||Consent||No||
Minimum to record Subject Access Request
|Prospective customer communication||Legitimate Interest||In order to provide services to our clients we may subcontract services on your behalf. See Sub-Processors||
Two years of inactivity
Where we ask for your consent it can be withdrawn at any time.
Exercising your rights under the GDPR
In order to exercise your rights under the GDPR please contact the data protection manager either by writing, email or phone at the contact details above. We will respond to requests as set out below. For some requests, in order to ensure that we only provide information about you we will require you to identify yourself by supplying proof of identity.
Your right to be informed
You have a right to be informed as a data subject of the data we hold and process about you. This policy is intended to describe how and why we do so. If this policy does not deal with your concerns or questions please contact our Data Protection Manager on the contact details held above.
Your right to access
If we hold information about you we will:- Describe the information we are holding;
- Tell you why we are holding it;
- Tell you who it is shared with;
- And, if possible, provide you a copy of the information. Where this is not possible, for example, if it would infringe the rights of other data subjects, we may provide redacted information or access to the information at our premises or via screen sharing.
Your right to rectification
This is a right to ask us to correct any wrong data we hold about you. You can ask us to correct any mistakes by contacting the Data Protection Manager.
Your right to erasure
This is a right to ask us to delete any data we hold about you. You can ask us to do this by contacting the Data Protection Manager. We may be unable to delete data for legal or regulatory reasons and we will explain if this happens.
Your right to restrict processing
This is a right to ask us to stop processing any data we hold about you. You can ask us to do this by contacting the Data Protection Manager or by other technological means such as clicking unsubscribe links in emails. Where we are unable to do this for legal or regulatory reasons we will explain why. If this will affect the services we provide then we will explain this to you.
Your right to data portability
You have a right to ask for your information to be transferred to another organisation. You can ask us to do this by contacting the Data Protection Manager. Where we are unable to do this for legal or contractual reasons we will explain why.
Your right to object
If we process your data based on our legitimate interests, you have a right to object to that processing. You can ask us to do this by contacting the Data Protection Manager.
Your rights in relation to automated decision-making and profiling
The GDPR grants rights in relation to automated decision-making and profiling. We do not perform automated decision making or profiling on your data.