We collect and process personal data for a number of purposes relating to our provision of products or services to you, each justified by a GDPR lawful basis for processing.
At LBS, we are committed to maintaining the trust and confidence of those we interact with. We don't just do this to comply with GDPR, but because we actually believe it's the right thing to do. We only collect personal data so we can properly deliver our own services, not as an end in itself.
So, in order to be totally transparent, these privacy notices spell out exactly when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep it secure. To make it easier to understand how we handle your privacy, we've created a number of privacy notices, each one focussing on a specific way in which we interact with you.
We take the security of your data extremely seriously. We use a combination of staff training, good working practices, security policies, passwords, encryption, and physical security to prevent unauthorised access. We aim to retain your data for the minimum time necessary.
Internally, we use RAID storage systems, and onsite/offsite backups to protect your data from corruption or accidental deletion. All our computer systems are password protected, and we aim to restrict employee access to your data to the minimum level possible. All laptops and removable media are encrypted. All IT equipment that we dispose of is securely wiped or physically destroyed, so as to make data recovery impossible.
We aim to minimise the amount of personal data included in email bodies, and pseudonymise it wherever possible. All email attached files containing personal data are encrypted.
We aim to minimise the amount of hard copy printouts of personal data that we generate. Any that we do produce are securely stored, kept for the minimum amount of time possible, and shredded once no longer required.
We aim to minimise the storage of your data on third party systems, and only do so when there is a legitimate business reason to. We only use third party systems that we consider to be secure and GDPR compliant. We aim to pseudonymise data as much as possible, particularly when it is stored on third party systems.
In the unlikely event that we do suffer a breach affecting your data, we will inform you as soon as we are aware of it, and work with you to identify the scope and minimise the impact.
For accounting, audit, and liability management purposes we are likely to retain data for up to six years relating to any work we carry out for you.
We regularly audit our systems to ensure that data is stored with the minimum possible access rights whilst in use, and removed as soon as it is no longer required.
You have certain GDPR rights to access, restrict, amend, or delete any personal data that we, or our third-party data processors, hold about you.
Likewise, if we are processing data on your behalf, we will support such requests from your own data subjects.
If you'd like to do either of these, please let us know.
Privacy Notice Updates
These privacy notices will be updated from time to time in order to improve transparency or make it easier to understand, and also whenever we introduce a new personal data capture or analysis process.
We actually want you to understand how we're handling your privacy, so we've tried explain everything in a straightforward way, whilst at the same time still making sure we've covered all the important technical details.
If there are any parts that don't make sense to you, or if you feel that any information is missing, please let us know so we can fix things!
These privacy notices were last updated on 18 June 2018.