Who are we? 

We are Doherty IT Solutions Ltd, T/A Doherty Associates.  We secure and manage IT systems on behalf of our clients. Our Registered address is Darpen House, 3 Water Lane, Richmond, Surrey, TW9 1TJ. Our company number is: 02678057. 

Privacy Policy 

At Doherty Associates we are committed to protecting and respecting your privacy. 

This policy explains what personal information we collect from you and how we use it.  This personal data, whether it is held electronically or on paper is subject to certain safeguards that are specified under the EU General Data Protection Regulation (GDPR). The GDPR aims primarily to give control to citizens and residents over their personal data and puts a responsibility on us to keep it safe.  This policy says how we will do that.   

As well as your right to your data being safe, you can at any time you can unsubscribe from communications from Doherty Associates or request for your data to be deleted by visiting www.doherty.co.uk/hs/manage-preferences/unsubscribe.  Further details on data erasure are included in this policy. 

To obtain a copy of this policy please use our website at www.doherty.co.uk/privacy-policy, or contact our Data Protection Manager.  The contact details for the Data Protection Manager are below. 

Data Protection Manager 

Doherty Associates is the controller of information that we collect, you can find our contact details below.  Our Data Protection Manager is Owen Morris who can be contacted by phone on 0208 987 1150, email at dataprotection@doherty.co.uk, or by writing to our registered address.  They are authorised by us to be the contact point for any questions regarding data protection.  If you have any questions about this policy please contact the Data Protection Manager.   

If you need to have this information in another format please contact the Data Protection Manager. 

Who is affected by this policy 

This policy applies to: 

- Visitors to our website 
- People who download information from our website 
- People who attend our events 
- Our clients 
- Job applicants 
Current employees
- Former staff
- People who make enquiries or requests under the GDPR 

The data protection principles 

The GDPR requires that data is:

- Processed lawfully, fairly and in a transparent manner in relation to individuals 
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes 
- Adequate, relevant and limited to what is necessary for processing 
- Accurate and, where necessary, kept up to date 
- Not kept longer than is necessary  
- Processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures 

Our responsibilities 

To meet these requirements, we will: 

- Tell you what data we collect and how it will be used 
- Process personal data only as needed to fulfil operational or legal requirements 
- Keep your data up to date 
- Retain data for only as long as needed to fulfil the requirements 
- Ensure that the rights of data subjects can be fully exercised 
- Implement appropriate technological and organisational measures to safeguard personal data and ensure that personal data is not transferred abroad without suitable safeguards 

If you believe that we are not meeting these requirements, please tell us.  You also have the right to report any concerns to the Information Commissioner’s Office. 

Lawful Basis for Processing 

We collect your data based on a specific legal basis.  The data we collect is set out in the table below: 

Data Subject Basis of Processing Is the data shared and with whom? How long is it kept?
Visitors to our website N/A - no personal information held N/A N/A
People who download information from our website Consent No Two years of inactivity or until they unsubscribe
People who attend our events Consent Event locations Two years of inactivity or until they unsubscribe
Our clients Contract In order to provide services to our clients we may subcontract services on your behalf.  See Sub-Processors Depends on the service
Job applicants Legitimate interest No Minimum to process and review application
Current employees Legal requirement Payroll processing, DBS checks and HR outsourcing Information available internally
Former staff Legal requirement No As per legal requirements
People making requests Consent No Minimum to record Subject Access Request

Where we ask for your consent it can be withdrawn at any time. 

Exercising your rights under the GDPR 

In order to exercise your rights under the GDPR please contact the data protection manager either by writing, email or phone at the contact details above.  We will respond to requests as set out below.  For some requests, in order to ensure that we only provide information about you we will require you to identify yourself by supplying proof of identity. 

Your right to be informed 

You have a right to be informed as a data subject of the data we hold and process about you.  This policy is intended to describe how and why we do so.  If this policy does not deal with your concerns or questions please contact our Data Protection Manager on the contact details held above. 

Your right to access 

If we hold information about you we will: 

- Describe the information we are holding; 
- Tell you why we are holding it; 
- Tell you who it is shared with; 
- And, if possible, provide you a copy of the information.  Where this is not possible, for example, if it would infringe the rights of other data subjects, we may provide redacted information or access to the information at our premises or via screen sharing. 

Your right to rectification 

This is a right to ask us to correct any wrong data we hold about you.  You can ask us to correct any mistakes by contacting the Data Protection Manager. 

Your right to erasure 

This is a right to ask us to delete any data we hold about you.  You can ask us to do this by contacting the Data Protection Manager.  We may be unable to delete data for legal or regulatory reasons and we will explain if this happens.   

Your right to restrict processing 

This is a right to ask us to stop processing any data we hold about you.  You can ask us to do this by contacting the Data Protection Manager or by other technological means such as clicking unsubscribe links in emails.  Where we are unable to do this for legal or regulatory reasons we will explain why.  If this will affect the services we provide then we will explain this to you. 

Your right to data portability 

You have a right to ask for your information to be transferred to another organisation.  You can ask us to do this by contacting the Data Protection Manager.  Where we are unable to do this for legal or contractual reasons we will explain why. 

Your right to object 

If we process your data based on our legitimate interests, you have a right to object to that processing.  You can ask us to do this by contacting the Data Protection Manager. 

Your rights in relation to automated decision-making and profiling 

The GDPR grants rights in relation to automated decision-making and profiling.  We do not perform automated decision making or profiling on your data.