Prepared by:
Enhance Support Solutions Limited
31 High Street
Winslow,
Buckingham
MK18 3HE
Company Number: 06314634
ICO Registration Number: ZA127339
For simplicity, through this document Enhance Support Solutions Limited is referred to as ‘Enhance’, ‘we’, ‘us’
or ‘our’.
25 May 2018
Enhance Support Solutions Limited: Privacy Notice – May 2018
PRIVACY NOTICE:
ENHANCE SUPPORT SOLUTIONS LIMITED
Introduction
The purpose of this notice is to provide information regarding the types of personal data collected by Enhance
and the way in which we use, share and store that information.
Enhance is a compliance, technical support and training consultancy that provides services to financial
services businesses, primarily but not exclusively, those involved with administering pension schemes. As such
data, some of which is personal data, is captured by us ordinarily in the following ways:
1) Visitors to our website;
2) Through holding details of the individuals within businesses that use our services, or have enquired about
using our services;
3) In connection with the services we provide to our clients, being sent details of their clients; and,
4) Details of people who are not clients of Enhance but to whom we may invite to information seminar
events;
Each of these is covered in more detail below. For each category, we explain as applicable whether personal
data is held and in what form, what the data is used for, with whom it may be shared, how the data is
protected, the legal bases relied on for holding the data and how long we will retain the data.
We also cover any international aspects of holding personal data and who to complain to should you need to.
If there are any questions arising from any of these, please do get in touch.
Visitors to our website
When someone visits enhancesolutions.co.uk certain non-identifiable information is collected to allow analysis
about the number of visitors to the website and their behaviour patterns once there – for example, what pages
were visited and for how long. No personal data is saved within the website. Where someone wishes to
contact us via the website, an email is triggered to an Enhance ‘enquiries’ email address. This data is stored
within our email system, rather than within the website.
| Data item | Description |
|---|---|
| Is personal data held, if so in what form? | No personal data is held |
| What is the data used for? | To analyse the visitor activity to our website |
| With whom may it be shared? | Any (non-personal) data collected is not shared |
| How is the data protected? | Not applicable as not personal data |
| The legal bases relied on for holding the data. |
Not applicable as not personal data. |
| How long is the data retained for? |
Not applicable as not personal data |
Our cookie policy can be found at our website enhancesolutions.co.uk
Our clients and potential clients
Enhance provides services to business (‘our clients’) rather than to consumers. Consequently, much of the
data we hold on our clients, or potential clients enquiring about our services, relates to their business rather
than personal data. However, in order to communicate with our clients via email, we will hold personal data in
the form of email addresses, in particular where the email address identifies an individual (as opposed to a
more general ‘enquiries’ email address).
| Data item | Description |
|---|---|
| Is personal data held, if so in what form? |
Yes, personal data is held in respect of email addresses that identifies an individual. This is in respect of existing and potential clients |
| What is the data used for? | The data is used for communicating with our clients. Communication includes responding to email enquiries from our clients and for sending information, such as updates, invites to events or briefings, as part of the service provided to our clients |
| With whom may it be shared? | We do not ordinarily share our clients email addresses with anyone else save for where, as part of our services to our clients, we share these email addresses with a partner where, for example, we are jointly organising a seminar |
| How is the data protected? | As per our Client Agreement, we take client confidentiality seriously. Any devices used by Enhance personnel where data is held are password protected. The email system we use is hosted by Zen Internet, a well respected and established provider, using a Linux web-hosting account, with inherent ecurity protocols embedded. Data is also stored within: • Dropbox (Business/Team version), the security protocols for which can be found at https://www.dropbox.com/business/trust/security • Solve360 - a CRM system supplied by the Norada Corporation - which is password protected - their data safeguarding protocols can be found at https://solve360.com/data-protection/ • Xero, our accounting software system, which is a well-known and established accounting software package from which invoices are issued to our clients. This too is password protected - their security policy can be found at https://www.xero.com/uk/about/security/ |
| The legal bases relied on for holding the data. |
We hold client data for the purpose of performing a contract. For prospective clients who have enquired about our services, we hold the data on the basis of this being a specific step (i.e. preparing and communicating a proposal), which may result in a contract being performed. We may also retain data on a ‘legitimate interest’ basis, for example but not exclusively, where we no longer have contractual obligations with a client, however there may be a reason why we would like to get in touch or there is some other reason why we should retain the personal data |
| How long is the data retained for? |
Unless there is a legitimate reason for us to retain personal data, we will use reasonable endeavours to delete data six years after the contractual obligation has ended. |
Personal data held by our clients
Through the provision of services to our clients, there will be times when their clients’ personal data is viewed
by or provided to Enhance. Examples include, but not restricted to, where Enhance undertakes client file
reviews as part of an audit or where an Enhance client has a query relating to one of their clients.
As a general protocol in light of General Data Protection Protocols, in such cases Enhance’s practice is to try
and avoid holding personal data in such cases by taking steps to anonymise the data through simply referring
to a surname only and where a client reference number is present, ensuring that not all digits are shown.
Furthermore, within reviews of personal data conducted by Enhance – typically onsite compliance reviews – our
preferred methodology is to simply access our clients’ systems, rather than being sent details of personal data
for us to review. This means that personal data of our clients’ clients remains onsite and within their data
control environment.
| Data item | Description |
|---|---|
| Is personal data held, if so in what form? |
Personal data in respect of one of our clients’ clients may be held by us where details are sent to Enhance by our client in line with their data sharing policy. As per the commentary above, our preference is to avoid us holding such data. |
| What is the data used for? | The personal data may be shared with Enhance by one of our clients in espect of the services we provide. Examples include, but are not limited o, where we are asked to review a client file for compliance purposes or to provide technical support. Enhance does not ‘process’ this data. |
| With whom may it be shared? | We will not share such ‘third-party’ data. The only exception to this is where we are asked to share such data by our client under their role as data controller. An example of this is where we have been asked to comment on a complaint case and our client asks us to share this with their lawyers and/or insurers |
| How is the data protected? | As stated in the introductory narrative to this section, our preference is for us not to hold personal data of our clients’ clients. As per our Client Agreement, we take client confidentiality seriously. Any devices used by Enhance personnel where data is held are password protected. The email system we use is hosted by Zen Internet, a well respected and established provider, using a Linux web-hosting account, with inherent security protocols embedded. Data is also stored within: • Dropbox (Business/Team version), the security protocols for which can be found at https://www.dropbox.com/business/trust/security • Solve360 - a CRM system supplied by the Norada Corporation - which is password protected - their data safeguarding protocols can be found at https://solve360.com/data-protection/ • Xero, our accounting software system, which is a well known and established accounting software package from which invoices are issued to our clients. This too is password protected - their security policy can be found at https://www.xero.com/uk/about/security/ |
| The legal bases relied on for holding the data. |
Any personal data referred to in this section supplied to Enhance by one of our clients, will be subject to our clients’ lawful bases for holding and sharing that data, in their capacity of data controller |
| How long is the data retained for? |
Unless there is a legitimate reason for us to retain personal data forwarded to us, we will delete such data once the reason for using it has concluded. For example, if a new business spreadsheet or client illustration is sent to us as part of a compliance review, once we have reviewed that document, it will be deleted from our system. |
Individuals who are not clients of Enhance with whom we may wish to communicate
From time to time, there may be occasions where we wish to communicate with individuals who are not clients
of Enhance and therefore do not fall within the categories above. For example, we may be involved with
facilitating an industry-specific seminar to which we would like to invite clients and non-clients.
| Data item | Description |
|---|---|
| Is personal data held, if so in what form? |
Yes, personal data is held in respect of email addresses that identifies an individual. Such data is likely to be held in a spreadsheet or our email system if we communicate with you |
| What is the data used for? | The data is used for communicating with our individuals who are not clients of Enhance. Communication includes sending information, such as invites to events or briefings, to people who we think may be interested |
| With whom may it be may it be shared? |
We may share these email addresses with a partner where, for example, we are jointly organising a seminar. |
| How is the data protected? | We take client confidentiality seriously. Any devices used by Enhance personnel where data is held are password protected. The email system we use is hosted by Zen Internet, a well respected and established provider, using a Linux web-hosting account, with inherent security protocols embedded. Data is also stored within: Dropbox (Business/Team version), the security protocols for which can be found at https://www.dropbox.com/business/ rust/security |
| The legal bases relied on for holding the data. |
Data is retained on a ‘legitimate interest’ basis on the basis that we believe that the individuals whose data we hold may be interested in the information we wish to send them |
| How long is the data retained for? |
We will retain the data for as long as we believe there is a legitimate interest to hold the data. Any individual to whom we communicate to on this basis can ask for their data to be removed (subject to there being no other contractual or legitimate reason to retain the data within the previous sections of this privacy notice). |
Individuals rights (right of access, right to rectification, right to erasure and right to object)
You have a right to request a copy of the data that we hold about you. You also have the right to request that
information we hold about you which may be incorrect, or which has changed since you first told us, is
updated.
You can ask us, via the contact details below, to limit the way in which we are using your information; or,
object to certain types of processing; or to request that we erase the personal data we hold for you. We will do
our best to comply with your request unless we have to use the information for legitimate business or legal
purposes.
International matters
We do not transfer data outside of the UK.
Questions, concerns or complaints
We hope this Privacy Notice has been helpful in setting out how we hold and use your data.
If you have any questions, concerns or complaints regarding how we hold or use your data then please
contact kevin.jack@enhancesolutions.co.uk
If you feel that we have not handled any concerns or complaints adequately or you feel we have not handled
your data correctly, you can lodge a complaint with the Information Commissioners Office.
You can contact them:
• By calling 0303 123 1113; or,
• Online at www.ico.org.uk/concerns
Enhance Support Solutions Limited: Privacy Notice – May 2018
Enhance Support Solutions Limited: Privacy Notice – May 2018