Our GDPR Statement of Compliance
At Rejus, we understand the importance of you having confidence in us, to do the right thing. Giving you peace of mind that we do everything with the utmost professionalism, discretion, and integrity is part of our values.
With this in mind and in line with the new EU General Data Protection Regulation (GDPR), we would like to share our Privacy Policy with you, which includes details about how we look after the personal data that you provide us in the course of your relationship with us and what we do with it. It tells you how we process this, who we share it with, and how we dispose of it. It also informs you of your rights and how to exercise these and also refers you to our other relevant data protection policies in how we keep your data secure and safeguard your privacy.
HOW WE OBTAIN YOUR PERSONAL DATA
Information provided by you
You provide us with personal data via online queries through our website, over the telephone, face to face, by email, or by paper documents that you complete. This includes but isn’t limited to, name, address, email address, personal telephone numbers, and bank details. We use this information to provide quotations, manage contracts, or deliver a service. Our legal basis for collecting and processing this data is therefore for the performance of a contract.
We may also keep information in any correspondence you may have with us by post or via email.
The provision of this information is subject to you giving us express consent. If we do not receive this consent from you, then we may be unable to consider providing you with a quotation or service.
Information we obtain from other sources
We may obtain information from third parties if this is permitted by law, or use legal public sources to obtain information about you, for example, to verify your identity. This includes but isn’t limited to, companies such as Euler Hermes.
This information shall only be obtained from companies that we are satisfied meet the requirements of GDPR.
HOW WE USE YOUR PERSONAL DATA
We use your personal data to manage and administer your contracts or services. We undertake at all times to protect your personal data, including any financial details, in a manner that is consistent and in line with GDPR concerning data protection. We also take reasonable security measures to protect your personal data in storage. For further information on the organisational and system measures taken to safeguard your data, please refer to our Information Security Policy.
Do we use your personal data for marketing purposes?
We may use your personal data to share email updates about our services, relevant blogs, and invitations to our events. You have the right to opt out at any point. At no point will Rejus share or sell your data to third party marketing companies.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We will keep information about you confidential and may also share information to satisfy compliance or audit requirements. This may include allowing regulatory companies, such as the ISO or the FCA, temporary access to personal data. Rejus will ensure that any access is limited and under strict supervision.
We will not share your information without obtaining your express consent except with the following third parties where we need to share this in our role as intermediary and to satisfy our contract with you:
- Any contractor and/or adviser that provide a service for us or act as our agent on the understanding that they collect and process data in line with Rejus standards and that we are satisfied with all requirements of the GDPR
- Anyone to whom we transfer our rights and duties under any agreement we have with you
- Any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do
All Rejus employees have received training on protecting personal data and are duty bound as part of their contract of employment to confidentiality and data protection. A summary of our rules and procedures in respect of IT use and the protection of personal data is contained in our Acceptable Use Policy
Transfer of your personal data outside of the European Economic Area
We do not transfer your personal data outside of the EEA.
How long do we keep this information about you?
Our data retention periods are in line with the amount of time we need to keep your personal information in order to manage and administer your services. We will also retain your personal data to comply with any legal, statutory, and regulatory obligations. More information about this can be found in our Data Retention Policy. In all cases, our need to keep your personal data will be reassessed on a regular basis, and information that is no longer required will be disposed of permanently and confidentially.
Where your data is kept
Your personal data is kept on our Company IT systems, the security of which is governed by our Information Security Policy.
DATA SUBJECT RIGHTS
Subject access requests
You have the right to access personal data that we hold about you. This is referred to as a subject access request. In order to make a subject access request please write to the Data Protection Lead at Rejus Ltd, Fitzwilliam House, Middle Bank, Doncaster, DN4 5NG, or email accounts@rejus.co.uk.
Our response to a formal request shall include details of the personal data we hold about you, including the following:
- Sources from which we acquired the information
- The purpose for processing the information
- Persons or entities with whom we are sharing the information
Right to rectification
You have the right, without undue delay, to have any personal information about you which is not accurate, corrected. You also have the right to any incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have a right to request for us to erase personal data concerning you, without delay. This refers only to data that we are not legally required or entitled to keep for a specified length of time in order to comply with any legal, statutory, and regulatory obligations.
Right to the restriction of processing
Subject to exemptions, you have the right to restrict the processing of your personal data when:
- You are contesting the accuracy of the data, and restrict the processing until the accuracy of the data has been verified
- The processing is unlawful and you oppose the erasure of the personal data but instead request the restriction in its
- We no longer need the personal data for processing, but it is required by you for the establishment, exercise or defence of claims
- You object to the processing of your personal data pending the verification of whether there are legitimate grounds for us to override these
We shall communicate any rectification or erasure of personal data as described above to each recipient to whom the personal data has been disclosed unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format, and have the right to transmit this data to another controller without hindrance from us.
Right to object
You have the right to object on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to necessary processing for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights, and freedoms of you, or in the establishment, exercise, and defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us please write to the Data Protection Lead at Rejus Ltd, Fitzwilliam House, Middle Bank, Doncaster, DN4 5NG, or email accounts@rejus.co.uk.
Accuracy of information
In order to provide the highest level of customer service, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of personal data or sensitive information we obtain. We ensure that the source of any personal or sensitive data is clear. We will consider when it is necessary to update the information, such as names and/or addresses and you can help us by informing us when these changes occur.
IMPORTANT INFORMATION
Queries
If you have any queries which are not answered by this Privacy Policy or have any concerns about how we use the personal data we hold, please write to the Data Protection Lead at Rejus Ltd, Fitzwilliam House, Middle Bank, Doncaster, DN4 5NG or email accounts@rejus.co.uk.
Policy changes
Rejus Ltd will review this policy regularly to make sure we meet the highest standards and the protection of your information. We reserve the right to update this policy at any time. We will not significantly change how we use data given by you to us, without your prior agreement.
Complaints
If you have a complaint please write to the Data Protection Lead at Rejus Ltd, Fitzwilliam House, Middle Bank, Doncaster, DN4 5NG, or email accounts@rejus.co.uk.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 0303 123 1113. You also have the right to a judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.