Data Protection Policy
Izy Solutions receives, uses, and stores personal information about our customers and suppliers. It is important
that this information is handled lawfully and appropriately, with due consideration for the requirements of the
General Data Protection Regulations. We take our Data Protection duties seriously because we respect the
trust that is being placed in us to use personal information appropriately and responsibly.
This Policy and any other documents referred to in it sets out the basis on which we will process any personal
data. Any questions about the operation of this Policy, or any concerns that the Policy has not been followed,
should be referred in the first instance to the owner of Izy Solutions, Izchel Boyd.
Personal Data means data (whether stored electronically or in hard copy) that relates a living individual who
can be identified directly or indirectly from that data.
Data Processing is any activity that involves the use of personal data, including: obtaining, recording, holding,
organising, amending, retrieving, using, disclosing, erasing, or destroying the data.
When we process Personal Data, we ensure that it is:
- Processed fairly, lawfully, and in a transparent manner.
- Collected for specified, explicit, and legitimate purposes, and that any further processing is limited to
- Adequate, relevant, and limited to what is necessary for the intended purposes.
- Accurate, and where necessary, kept up-to-date.
- Kept for no longer than necessary for the intended purposes.
- Processed in-line with the individual’s rights, and in a manner that ensures appropriate security including
protection against: unauthorised access, unlawful processing, accidental loss, destruction, or damage,
using appropriate technical or organisational protection measures.
- Not transferred to third parties, or to people or organisations situated in countries without adequate
protection, without firstly having advised the individual.
In accordance with the General Data Protection Regulations, we only process Personal Data where a lawful
basis applies. The lawful bases are: where the individual has given their consent, where the processing is
necessary for the performance of a contract, for compliance with a legal obligation, for the legitimate interest
of the business, for a vital interest, or for the performance of a public task.
In the course of our business, we may collect and process Personal Data. This may include data we receive
directly from a Data Subject (for example, by completing forms or by corresponding with us by mail, telephone,
email, or otherwise) and Personal Data we receive from other sources (for example, location data, data from
business partners or sub-contractors, and credit reference agencies, etc.).
We process all Personal Data in-line with Data Subjects’ rights, in particular their right to:
- Confirmation as to whether or not their Personal Data is being processed.
- Request access to any data we hold about them.
- Request rectification, erasure, or restriction on the processing of their Personal Data.
- Lodge a complaint with a supervisory authority.
- Data portability.
- Object to processing, including for direct marketing purposes.
- Not be subject to automated decision making, including profiling in certain circumstances.
We take appropriate security measures to protect Personal Data from unauthorised access, unlawful
processing, accidental loss or destruction, alteration, and unauthorised disclosure. This includes appropriate
procedures and technologies to maintain the confidentiality, integrity, and availability of the data:
- Confidentiality means that only people who are authorised to use the data can access it.
- Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users are able to access the data if they need it for authorised
purposes. Personal Data will therefore be stored on Clarity Consultancy’s central computer system.
Our protection methods include:
- Passwords – all hardware/software is appropriately password protected to prevent unauthorised access.
- Secure and lockable desks and cupboards – desks and cupboards containing Personal Data are kept
locked at all times, with access restricted to authorised users.
- Minimisation – only data that the business has a legitimate interest in retaining is maintained. All other
data deemed no longer necessary is securely deleted or destroyed.
- Disposal – hard copy documents are shredded or destroyed. Digital storage devices are physically
destroyed when they are no longer required.
- Restriction – we do not share Personal Data with any third parties without the Data Subject’s knowledge.
Subject Access Requests
Individuals must make a formal request, in writing, to obtain a copy of the information we hold about them.
Where a request is made electronically, data will be provided electronically, where possible. We will make
every effort to check the identity of the individual before releasing information. Subject Access Requests may
be sent to firstname.lastname@example.org
We reserve the right to change this Policy at any time. Where appropriate, we will notify individuals of changes
by mail or email.
Version 2.0 June 2018