Overview and purpose
The Issured Privacy Notice explains our principles when it comes to the collection, processing, and storage of your information. This policy specifically explains how we hold and hold your information and for what purposes.
As a company we offer a range of products and services that specialise in independent programme assurance, business design and information system development, spanning the full development lifecycle. We provide Programme Design and Management, Business Architecture and Analysis, Information System Design, Business Change and Training Development and Information Assurance and Security Risk Management.
This notice applies to the interactions Issured has with you and the Issured products and service described below, as well as other Issured products that display this statement. Please also read the ‘Products provided to your organisation’ detailed in this privacy statement, which provide additional relevant information.
Who we are
This Privacy Notice applies to all products, applications and services offered by Issured Limited (a company registered in England and Wales (Registration number 08860437, VAT Number 185 801 589)) whose registered address is First Floor, Unit 18, Bradbourne Drive, Milton Keynes, MK7 8BE, United Kingdom) and its affiliates, but excludes any products applications or services that have separate privacy notices which do not incorporate this Privacy Notice.
We are registered with the Information Commissioners Office (ICO) as a data controller in the United Kingdom for the purposes of any UK Data Protection legislation resulting from EU General Data Protection Regulations (GDPR). (ICO registration number ZA220733). The Issured Data Protection Officers contact details can be found at the end of this document.
What personal information do we collect and why do we do it
Unless otherwise stated, the information we process is in relation to our employees, associates, clients and our client’s customers only (for Client customer data please see - Products provided by your organisation – notice to end users section). The following is captured when provided directly to us by
the data subject:
Special Category Data
We also process a small amount special category information, with regards to our employees and those associates that are contracted to Issured Limited. This is limited to:
Financial information – This is used initially to set up the payment for employees and contracted associated. After initial setup this information is not retained on the Issured infrastructure, but the responsibility remains as part of the management of each employee and associate whilst part of Issured Limited
Although we do not hold any additional special category information, due to the nature of our applications there may be instances where such data is requested as part of a ‘clients’ process or
requirement (e.g. interview process).
If this is the case the information will be captured within each specific contract (also see Products provided by your organisation – notice to end users section). We as an organisation are committed to
protect all information provided to us and through our applications, with all personal and special
category data compartmented and secured accordingly.
Cookie and Analytical data
Purpose this information is held, processed, used and disclosed
We hold, process, use and disclose your information:
To assess suitability for associate vacancies we judge maybe suitable for our associates job specification
To maintain our accounts and records to support and manage our employees and shareholders
To maintain account and access control for client or customer application access
To carry out obligations arising from any contracts entered into between you as the associate and us.
To carry out obligations arising from any contracts entered into between you as the customer or client and us.
In order to comply with any applicable law and regulatory requirements
Where data is contractually required for processing, Issured Limited may processes data without consent
In order to fulfil contractual obligations (bank details to process salary)In order to register with our accredited professional institution (CMI)
Our legal basis for processing for the personal data:
We shall ensure that processing remains lawful to the extent that:
The data subject has given consent to process their data for specific purposes detailed above
The processing is necessary for the performance of a contract or training course to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Processing is necessary for compliance with legal obligations to which the controller is subject, this could include for the purpose of detecting crime, fraud and in order to comply with any other applicable law.
Products provided by an organisation – notice to end users
As part of any contract between Issured and its client, if an organisation provides you with access to an Issured product, your use of this product is subject to that organisation's policies. Any privacy inquiries, including any requests to exercise your data protection rights, to the organisation’s administrator. Issured is not responsible for the privacy or security practices of our customers, which may differ from
those set forth in this privacy statement.
When you use an Issured product provided through an organisation, Issured’s processing of your personal data in connection with that product is governed by a contract between Issured and the organisation. Issured processes your personal data to provide the product to the organisation and you, and for Issured’s legitimate business operations related to providing the product.
If you have questions about Issured’s processing of your personal data in connection with the provided product to an organisation, please contact the organisation. If you have questions about Issured’s legitimate business operations in connection with the provided product to an organisation then please contact Issured as described in the ‘How to contact us’ section.
Where our processing is based on consent, our controller shall be able to demonstrate that the data subject has consented to the processing of their personal and special category data.
Consent is required for us to process both personal and special category data, but it must be explicitly given. Where and if we are asking you for special category data, we will always tell you why and how the
information will be used and stored.
specifically for the purposes identified.
You may withdraw consent at any time by contacting our Data Protection Officer and stating:
“I, [data subject name], withdraw my consent to process my personal data from Issured Limited. Issured Limited no longer has my consent to process my personal data for the purpose of [specify legitimate reason of processing personal data], which was previously granted”.
Once received we shall adhere to the data protection requirements and cease processing your information in line with Article 6, 1 a-f of the lawfulness of processing principle.
Where there is a contractual obligation to process personal information all data processing is carried out in accordance with the handling requirements detailed within each specific contract, with deletion and
return of personal data captured as part of the contract.
In addition, where you have provided your details to allow us to contact you regarding services, we believe will be of interest to you, this marketing communication will also contain instructions to "opt-out" or “unsubscribe” of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or wish to have your name deleted from our mailing lists, contact us as indicated above.
Issured Limited WILL NOT pass on your personal data to any third parties without first obtaining your consent.
With respect to the registration to an approved CMI training course we will request on the application form that your data can be passed on to CMI for use in registering you on the approved training course.
COVID and Homeworking - where there is a requirement to send items directly to an employee’s address from a third-party supplier, we will request on the application that this information only be used for a single delivery and removed from their system on completion of the order. Any further or ongoing correspondence will take place between the supplier and Issured.
We implement a Retention, Review and Disposal (RRD) process for all our information not just personal data, with Information Asset Owners (IAO) consulted with regards to suitable retention periods for information assets.
For the purpose of process personal data, the following applies:
Our staff/employees, and any contracted associates, data we will be retained during the term of their employment and for 7 years thereafter.
Our associates not contracted through us, CV’s shall be removed after a 12-month period, with each associate given the option to update their CV or removed their personal information altogether.
For information provided as part of the “leave us a message” contact/customer information, the request of name, email, phone and message are only retained to allow a response to the data subject. This information is only retained for a maximum of 30 days and then removed from the Issured system.
For information provided as part of the “Join Us / Come Work With Us” information, the requested First Name, Surname, Email address and LinkedIn Profile are retained to allow a response to the data subject. Depending on the outcome of the request will determine the length of time the information is held. If an individual is taken on as an employee, their information will be retained for 7 years as per above. If interviewed, but not successful information will be retained for 12 months then removed and if information is simply for information, details will be held for 30 days as per the leave us a message.
For information provided as part of the “Issured Brochure” information, the requested Name, Organisation and Email address will be held on our Issured database until instructed to be removed via the ‘opt-out’ or ‘unsubscribe’ process detailed in our Consent section above.
If there is a business requirement to retain the “leave a message” information, i.e. services are requested and/or a contract agreed, then the information will be retained and agreed as part of that contract.
At the end of the agreed retention period your information will be securely and confidentially destroyed.
Where there is contractual obligation to process personal information, the retention period of this information will be in line with the contract specification. All personal information will be deleted or returned as per the requirements captured within each contract.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or access in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breaches and will notify you and any applicable regulator where we are legally required to do so.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have
the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review: in the event that Issured Limited refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in complaints clause below.
All our employees or associates who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
Complaints or concerns
If you wish to exercise your rights or raise a complaint or have any concerns with the way we have
handled your personal data, you can contact us through:
Issured Data Protection Officer First Floor Office Suite,
In addition, if you are not satisfied with our response or any of our data protection activities, you can
make a complaint to the Information Commissioners Office at: