Policy key definitions:
• “I”, “our”, “us”, or “we” refer to the business PHC Digital Ltd, 7 The Close, Norwich, Norfolk NR1 4DJ.
• GDPR means General Data Protection Act.
• ICO means Information Commissioner’s Office.
We are registered with the ICO under the Data Protection Register number: ZA337228
Overview
We develop and maintain web applications, websites as well as provide general IT consultancy.
This policy is publicly accessible and is to inform individuals, customers, suppliers, staff and contractors that we may share your details with third-parties.
We may share your details with third-parties for the purposes of the day-to-day running of our business.
We will never share your details for marketing purposes.
Who we may share your data with
For the successful running of our business we use cloud accounts software, accountants, solicitors and other similar professional businesses and we may share your details with them for the purposes inferred by the professional used. For example, we will enter your contact details onto our Cloud accounts system (Xero) so that we may invoice you. Our accountants (M and A Partners) will have the personal details of our staff members for Payroll.
We feel that these are reasonable expectations for the use of your data.
Staff Training
PHC Digital Ltd and its staff will never share your data outside of the scope of the above paragraph and all staff have training to be aware when it is/isn’t appropriate and legal to share your data. All staff are aware of the best practices for encrypting data and this is documented in the internal Data Protection Policy, Processes and Procedure documentation.
As part of ongoing work we provide training to our staff about when it is and isn’t appropriate to share details of individuals and organisations that we work with, either as customers, suppliers, staff or contractors.
Data Sharing Agreements
If we are processing any data on your behalf then we will require a DPA (Data Processing Agreement) to be in place. This will either be stand alone or normally part of the larger contract in place between us.
Data Protection Impact Assessments
If we are developing software on your behalf, then it is your responsibility to ensure that appropriate Data Protection Impact Assessments have been undertaken.
GDPR compliance
In line with our GDPR Data Protection Policy we have procedures in place to protect individual data in transit. We confirm to using the highest level of encryption that is practical for data transfer.
In line with our GDPR Data Protection Policy we have procedures in place to deal with requests for personal data requests (Subject Access Requests), as well the other rights given under GDPR, and have internal processes to track these through from being received to completion.