Aversus Ltd Privacy Notice

Version 1.0
Date: 16/12/19

Introduction
The intention of this policy is to clearly define to any individual how Aversus Ltd processes ‘Personal data’ for which it has responsibility. 

The definition of ‘Personal data’ is that as defined by the Data Protection Act 2018 / GDPR, this is primarily pieces of data that identify you as an individual.

In circumstances where any individual supplies ‘Personal data’ about themselves to Aversus Ltd, we will become responsible for it legally as the ‘Data Controller’ and will process your data in accordance with the Principles and legal requirements of the Data Protection Act 2018 / GDPR. 

In circumstances where data is supplied to Aversus Ltd about individuals by another party who is legally the ‘Data Controller’, we will legally have responsibility as the ‘Data Processor’ and conduct processing of that data under a legal contract with the Data Controller. 

The definition of a ‘Data Controller’ or ‘Data Processor‘ is that as defined by the Data Protection Act 2018 / GDPR.

Company Contact Details
Aversus Limited
11, The Glebe, Atcham, Shrewsbury, Shropshire. SY5 6QL
Contact: enquiries@aversus.co.uk
The appointed Data Protection Officer is: Martin Ruston – Director

Why do we need your data?
We require Personal data from you to be able to supply any products or services which you have requested from us or provide information about them. 

We will only ask for and keep the data needed to ensure we provide you with an efficient level of service and support and any legal commitments we have as a business. 

We may also use Personal data we have gathered to contact and inform you of products and services which we believe will be of genuine interest to you and/or your organisation. 

The Privacy Notice Matrix at the end of this policy gives details of what types of data we may store about you and the lawful basis for this. 

What do we do with your data?
We have a responsibility to protect data we hold about you and ensure it is not accessed by anyone who is not authorised to use it for the reasons we legitimately hold it. We also have a responsibility to ensure that your data is accurate, retrievable and is not kept any longer than is necessary or legally required. 

We have assessed the risks to the security of your data and implemented appropriate levels of Technical and Organisational measures to protect it. We will not store your data outside of the European Union. 

Access to your data will be limited to only those who need it to provide you with the services you have requested or consented to receiving or have legal authority to request access to it. We will ensure that we have in place a Confidentiality Agreement with anyone having access to your data. 

We may need to pass your data to other parties (businesses) sometimes, who we use for specific parts of supplying services to you or provide us with related services. These third parties will only receive your data from us when we have assessed the risks in giving them access to it, are assured they have an adequate level of data security and have agreed a legal contract detailing how they should protect your data. They will not be permitted to store your data outside of the European Union. 

We will not pass your data to third parties to use for marketing of their own services. 

The Privacy Notice Matrix at the end of this policy gives details of how long we may need to keep your data. 

What happens if we lose your data or it is accessed by unauthorised persons?
If we detect that ‘Personal data’ we are holding as a Data Controller has been lost or accessed by unauthorised persons (a Data Breach) and that this will potentially infringe your rights or cause you harm; we will inform you immediately of the data breach. 

We will also be required legally to inform the Information Commissioners Office (the Government’s data protection regulator) within 72 hours of detecting the breach; who may then investigate our compliance with data protection legislation and effectiveness of our controls.

What rights do you have?
Data protection regulations give you a legal right to:
A) request information on what data is held about you.
B) have your data changed or deleted from our records.
C) withdraw any consent given.
D) have your data transferred.
E) restrict processing of your data and/or objection to its processing. To make a request under these rights please use enquiries@aversus.co.uk. Under normal circumstances we will not charge you for processing these requests and will respond to you within 30 working days. If we believe your request is complex and will be chargeable; we will first contact you before proceeding. 
F) To lodge a complaint with the Information Commissioner’s Office. To make a complaint to the ICO (Information Commissioners Office) visit their website or call their hotline on 0303 123 1113.

General Enquiries
If you would like to make any general enquiries about our data protection policies please use enquiries@aversus.co.uk

Links to other websites
Our website may contain links to other websites of interest. You should note that we do not have any control over those websites, and so cannot be responsible for the protection and privacy of any information which you provide whilst visiting them.

Use of Cookies on our Website
A cookie is a small file sent to your computer’s hard drive by a web page that you visit. Cookies allow web applications to recognise your device (IP Address), as you move from one page on the site to another, or if you revisit the site within a certain period of time. If you express a preference on a web page, for instance, that preference can then be recalled in the future. A cookie in no way gives us access to other files on your computer or to any other of your device’s functions.

We use traffic log cookies to compile statistics about the popularity of pages on our site and about how people have arrived here. This helps us improve our website. We only use this information for statistical purposes.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, however, you can usually modify your browser settings to decline or block cookies if you prefer.

Acceptance of these terms
By using our website and/or our services, which require the use of your personal data; you signify your acceptance of the terms of our privacy policy. 

Please do not proceed if you do not agree to the terms of our privacy policy and/or wish to enquire further about them. 

We reserve the right to make changes to this privacy notice at any time.

Privacy Notice Matrix

Please note this matrix is best viewed on larger screen formats like tablet or desktop computer

Processing activityPersonal data required or held Retention time Lawful basis for processing  
Supply of servicesName, phone number(s), work or home address, job title, email address(es)Seven yearsContractual – in order to provide the services we have both agreed.
MarketingName, email address(es), job title, business name & profile of contact historyUntil notified to stop marketing by youLegitimate Interest – we will provide information which we believe is of genuine interest to you and based on previous transactions.
Marketing News & UpdatesName, phone number(s), work or home address, job title, email address(es)Until consent withdrawn by youConsent – you have given your consent to receive information about our services or subscribed to our news update.
Website browsing Internet Protocol Address (IP address)     Seven yearsConsent– you have read & accepted our website policies which explain the use of cookies on the website you visited
Third party contractorsName, phone number(s), work or home address(es), job title, email address(es)Retained until the service has been completed or as agreed with youContractual – in order to provide the services we have agreed.
Consent – you have agreed with the third party they may retain your data.