GDPR PRIVACY NOTICE
CoventBridge (Europe) Ltd is committed to protecting the privacy and security of those with whom we interact. This privacy statement explains how we use and treat personal information provided to us within client instructions. It also identifies additional information that the company may obtain tom reach a successful investigative conclusion together with demonstrating how we protect data to ensure that it is secure at all times.
CoventBridge (Europe) Limited maintains security policies and practices within facilities and systems to protect information from unauthorised access and inappropriate disclosure, alteration and destruction. Security includes, but is not limited to, encryption, physical access security and other appropriate technologies.
The Company makes use of both session and persistent cookies on websites it owns and operates directly or indirectly through a third-party partner. Cookies are small pieces of data that are stored by the user’s Web browser. They are used by websites to enhance user experience and remember information such as user name, language, viewing preferences, shortcut navigation and other user preferences.
Server & Application Logging
CoventBridge Web Servers automatically collect internet protocol (IP) addresses which are used solely for reporting demographic information, number of visits and in communications trouble-shooting. Authentication credentials are also recorded to comply with auditing requirements and assist with investigation of client requirements. As the Company enhances, modifies or maintains its’ systems. services and processes, modifications may be made to this policy.
Obtaining & Sharing Information
The Company is authorised by clients to act as their representative in obtaining information on living individuals. The company respects the privacy of individuals while obtaining information for legitimate businesses that can demonstrate an appropriate need for this information. As part of individual investigations, we will from time to time perform intelligence research as part of our provisional inquiries. These checks are lawful and are all made using publicly available sources which include but may not be limited to:
- Social media – multiple
- Companies House
- Electoral roll
- Subscription databases
The company will not share personal data with any third parties unless the data needs to be shared to meet legal or statutory requirements. We will not pass on data to third parties for marketing and promotions activity, nor will the company pass on any information for profiling purposes.
If the instruction we receive including personal details of the subject / claimant and any ancillary information relating to the instruction is sent using our GlobalTrak platform, a case file is opened, and the details entered.
If the instruction is received outside the GlobalTrak platform by email or hard copy, a case file is opened on GlobalTrak, the information is entered, and the instruction received is destroyed by shredding.
How We Use the Instruction Data
The information provided is used solely for carrying out the instruction requirements. The Company continually reviews and enhances security systems as necessary and does not;
- Provide private information to the public.
- Compile or distribute mailing lists or consumer marketing data from information received from clients.
- Modify or correct information obtained from other persons or organisations since this information is not prepared by the Company
Data Processing & Storage
No data processing takes place outside of the EEA.
Subject Access Requests
Data will be shared with a third party if we receive a formal Subject Access Request, which forms part of the General Data Protection Regulations. However, if CoventBridge (Europe) Ltd receives a request for subject data from the subject or a third party acting on their behalf, we will notify our client in advance of compliance with the subject access request.
If CoventBridge (Europe) Ltd are asked to provide any personal data relating to the subject of an instruction by an authorised body such as the police, the security services or HMRC, it will do so, and the client will be informed.
Retention of Records
- CoventBridge (Europe) Ltd will securely maintain personal data it processes for a period that the original purpose for processing it continues.
We accept that evidence we obtain through certain types of investigation may be called upon as expert witness evidence including attendance at court and therefore cannot place a defined time frame on a standard data deletion process.
- When assessing data retention periods, CoventBridge (Europe) Ltd will consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- CoventBridge (Europe) Ltd acknowledges our clients retain the position of Data Controller within the data relationship hierarchy and expects to be informed when a claim settles on a case where the company holds relevant personal data. This will allow data to be deleted permanently.
QCD 073 Issue 03, 9th September 2019 Page 3 of 3
- To ensure data is not retained beyond a period that is necessary for the purpose it was processed; once the seven-year anniversary of CoventBridge’s last work activity is reached and providing the company have not been contacted by the client confirming settlement has been reached, we will assume settlement did conclude and without notice, automatically permanently delete all data. All clients are encouraged to contact the company periodically on individual cases if deferment of standard data destruction timeframes is considered appropriate.
All enquiries concerning this Privacy Notice and related issues should be directed to our Data Protection Officer, Mr Colin Towers.
Mr Colin Towers – CoventBridge (Europe) Ltd, Liberty House, Greenham Business Park, Newbury, Berkshire, RG19 6HW.