Clear 7 Consultancy Limited takes the privacy and security of your information very seriously. This privacy policy explains how we use any personal information we collect about you when you use our products and services.
What information do we collect about you?
We collect customer information when you request a quotation or place an order for services:
- Name (First and last name),
- School/Academy name,
- Contact information (email address, phone number and school address).
How will we use information about you?
We collect customer information so that we can process your request and manage your account (including invoicing).
Unless we are obliged or permitted by law to do so, and subject to any third-party disclosures specifically set out in this policy, your data will not be disclosed to third parties.
How long will we store this data for and how?
We hold your information for as long as the contract is in place, plus seven years following the end of the contract in order to comply with financial accounting regulations.
We store this information in a variety of places including our financial accounting software, our customer database and within the Clear 7 Consultancy Ltd cloud based storage system.
What about information provided by schools/academies to access Clear 7 Consultancy Ltd services?
Schools/academies maintain their stakeholder’s information on the GDPR portal provided by Clear 7 Consultancy Ltd. This includes adding, editing and deleting records. For example:
- GDPR training record: Staff/governor name, school email address.
- SAR record: Name/age of data subject, name/contact details of requestor, details of information requested.
- Data breach records.
The portal is protected by role-based access, passwords and two factor authentication. Data is fully encrypted at rest and in transit. Servers are located in the UK.
Documents provided as part of a Subject Access Request are fully deleted from Clear 7 Consultancy Ltd systems once downloaded by the requestor.
Documents provided following a data breach are fully deleted from Clear 7 Consultancy Ltd systems once the breach is contained and necessary actions completed.
On termination of Clear 7 Consultancy services all information held on the GDPR portal is fully deleted within one calendar month.
What is the legal basis for us using your data?
We will only use your data to fulfil the contract we are about to or have entered into with you or where we need to comply with a legal or regulatory obligation.
How can you access your information?
You have the right to request a copy of the information that we hold about you. If you would like some or all of your personal information, please email us on [email protected].
We want to ensure that your personal data is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate.
If you have a concern about the way we are collecting or using your personal data, we ask that you raise it with us in the first instance. Alternatively, you can contact the Information Commissioners’ Officer at https://ico.org.uk/concerns/