Data Protection & Privacy Policy

Environmental Policy Consulting Ltd Data Protection & Privacy Policy
May 2018

1. Introduction
1.1. Author & Data Controller: Bruce Horton bruce@envpolconsulting.co.uk
1.2. Environmental Policy Consulting is a for profit limited company run by Bruce Horton.
1.3. This Data Protection Policy has been prepared to demonstrate how we are meeting the requirements of the General Data Protection Regulations (GDPR) in our routine communications and practice with contacts and clients.
1.4. This policy covers the main activities we undertake in organising the services provided by Environmental Policy Consulting which cover four main areas of work as follows:
• The monthly Climate Change and Water newsletter
• Accounting and financial dealings with clients purchasing our services
• Routine, day to day office activities and archive office procedures, contacts and clients
• Website
These sections are described in more detail below.
1.5. Overall policy
It has been and is our policy to conduct our activities in line with current data protection policies i.e. GDPR. Since we have to subscribe to a high standard of business accounting and the compliance standards imposed by credit card companies this approach extends to our financial transactions with business clients. It is our intention to make our data protection policy and process as transparent as possible.
1.6. Requirements of GDPR: Contact and client (data subjects) rights
We will seek to respond as soon as possible, but no longer than one month, to any inquiries about the new rights under the GDPR including:
• Your right of access to personal information records
• Your right to request and be given your Personal Data in machine readable format
• Your right to request correction of your Personal Data
• Your right to be forgotten, for your records to be deleted
• Your right to withdraw your consent for processing at any time
• The right to complain to the Information Commissioners Office

1.7. Security breach
The transmission of information via the internet is not entirely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data once transferred to us; any transmission is therefore at your own risk.
We will use strict procedures and security features to try to prevent unauthorised access. We will communicate with contacts or clients should we have a security breach.

2. Monthly newsletter & general contact
2.1. Introduction
Environmental Policy Consulting has been using its email contact list for over eight years to provide news and advertise conferences of interest to those involved in water and climate change. Since 2010, contacts have used the consent based opt-in system to join our mailing list.
2.3. Personal data held
For routine mailings using the emailing service, we hold the name, email address, telephone numbers and in some cases organisation details. Other details such as the date contacts subscribed (evidence of consent based opt-in), and mailing preferences are also held.
We do not hold postal address information for our email contacts.
It is our policy only to hold the personal data consistent with our current practice e.g. emailing. We will store and process Personal Data only for as long as is reasonably necessary for us to perform the services we are undertaking and to comply with our legal obligations.
2.4. Environmental Policy Consulting does not share or sell personal information about contacts or clients with third parties and outside agencies for the purposes of marketing, and will not share personal information unless we are required by law to do so, or we specifically obtain our contacts’ or clients’ consent to share their personal information such as name and email to a named third party for a specific, named purpose.
2.5. Risk Assessment
From our understanding of the GDPR regulations the data we hold with regard to our bulk emailing contacts would be a ‘low risk’ in relation to our contacts.
2.6. Consent based subscription and unsubscribing
We process this data on the basis of consent. We have the details of when contacts subscribed to the emailing service and since 2010 we have and continue to use a consent based opt-in approach.
We have no desire to send people unwanted emails. All emails carry an unsubscribe option or if you wish the data controller, Bruce Horton (bruce@envpolconsulting.co.uk) will remove and destroy your details. We will respond as soon as possible but no longer than one month after such request is received.




3. Accounting and financial dealings with clients
3.1. Introduction
Environmental Policy Consulting is a limited company. We maintain records of our financial transactions with clients as would any business. These are subject to standard accounting procedures not least the need to retain transaction/account records for seven years.
3.2 Personal Data held
For accounting and financial dealings with clients we hold transaction history and associated information required to complete financial transactions. We do not use credit card transactions and do not hold any credit card information relating to clients.

4. Routine, day to day office activities and archive office procedures
4.1. Introduction
Our business activities fall into two main categories: routine and day to day contacts with clients and business associates, and archive records that arise from the completion of projects. In this regard we follow procedures that ensure a high level of security on our computing activities as well as offline storage of information in locked cabinets.
The data involved is not used for any other purposes. We will therefore store and process Personal Data only for as long as is reasonably necessary for us to perform the services and activities we are undertaking and to comply with our legal obligations.
In the case of the Environmental Policy Consulting Ltd. ceasing to exist, all Personal Data and archive records will be deleted.

5. Website
www.envpolconsulting.co.uk/
5.1 Links to other websites
Our website may contain links to other websites of interest. If you follow a link to any of these websites, please note that we do not have any control over that other websites, which have their own private policies. Therefore, we do not accept any responsibility or liability for the protection and privacy of any information which you provide whilst visiting such sites. You should exercise caution and look at the privacy statement applicable to the website(s) in question.
5.2 Contacting Environmental Policy Consulting Ltd. through the website
If you contact us through our website we will store and manage your personal information in the manner described above (2)

6. Other Questions
Should you have any questions concerning our work and data protection issues please contact the data controller Bruce Horton (bruce@envpolconsulting.co.uk) and we will try our best to help.