Data Protection and Privacy Policy Statement

IDDQD Limited is committed to compliance with all national and international data protection laws and regulations, and maintaining appropriate procedures and work instructions.

IDDQD Limited shall not cause or permit any Personal Data belonging to an EEA or UK resident to be transferred outside of the EEA or UK unless such transfer is necessary for the purposes IDDQD Limited carrying out its obligations.

If an EEA or UK resident’s Personal Data is to be processed outside of the EEA, IDDQD Limited agrees to provide and maintain appropriate safeguards as set out in GDPR to lawfully transfer the Personal Data to a third country. These safeguards may include:

The requirement for IDDQD to execute or procure that the Subprocessor execute to the benefit of the Client Group standard contractual clauses approved by the EU authorities under EU Data Protection Laws. The requirement for the Subprocessor to be certified under the an International Data Protection Framework. IDDQD Limited will not process personally identifiable information (PII) under contract for any purpose other than that instructed by the customer. Personal data provided by customers will not be used for marketing or advertising purposes without first being provided evidence of the PII principals’ express consent.

IDDQD Limited will provide systems to enable customers to fulfil their obligations in respect of the exercise of PII principals’ rights.

IDDQD Limited will inform customers of any legally binding request for disclosure of PII by a law enforcement authority, except in cases where the disclosure of that information is otherwise prohibited. Where not prohibited by law, IDDQD Limited will consult the relevant customer before making a disclosure of PII. IDDQD Limited will accept any contractually agreed requests for PII disclosure that are authorised by the relevant customer, except where such disclosure is prohibited by law.

IDDQD Limited will ensure that any processing of PII carried out by sub-contractors is contractually agreed with the customer and will inform the customer of any intended changes to the contractually agreed arrangements in sufficient time to allow objection or renegotiation of contract.

PII is classified as all names, addresses (when linked to a person), usernames and other online identifiers that could be used to identify a person. Address queries submitted to our services, when not linked to identifiable individuals, are not considered PII.

The policy applies to all PII held by IDDQD Limited, including on wireless notebook computers, personal digital assistants and mobile telephones, and to PII held by other organisations on IDDQD Limited's behalf.

All Staff are provided with training to ensure that they understand IDDQD Limited’s policy and the procedures it has put in place to implement that policy.

The disciplinary process will be invoked in circumstances where this policy may have been transgressed.

Previous
Data Processing Agreement
Next
Data Processing Agreement