Data Protection Management Policy
The Board of Totally plc recognises the significance of data protection. The purpose of this policy is to protect all personal information controlled or processed by the organisation, and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Totally plc.
Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.
Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are monitored, reviewed and improved by the Board to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory and contractual requirements.
In particular, Totally plc is committed to compliance with data protection requirements and good practice to include:
- Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes;
- Processing only the minimum personal information required for these purposes;
- Providing clear information to natural persons (including children) about how their personal information can be used and by whom;
- Only processing relevant and adequate personal information;
- Processing personal information fairly and lawfully;
- Maintaining a documented inventory of the categories of personal information processed by the organisation;
- Keeping personal information accurate and, where necessary, up-to-date;
- Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal;
- Respecting natural persons rights in relation to their personal information;
- Keeping all personal information secure;
- Only transferring personal information outside the UK in circumstances where it can be adequately protected;
- Developing and implementing the BMS to enable the data protection policy to be implemented;
- Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisations BMS;
- Identify workers with specific responsibility and accountability for the BMS;
- Maintain records of processing of personal information.
Our Data Protection Policy Awareness Program is incorporated in our staff induction and training program. The Data Protection policy is readily accessible internally and presented to existing and prospective clients. In addition to employees; suppliers, contractors and sub-contractors of Totally plc are expected to adhere to our Data Protection Policy.
Totally plc is committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.
Through compliance to applicable statutory, regulatory and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Totally plc will demonstrate confidence, integrity and credibility both internally and externally.
Chief Executive Officer
14th May 2018
Any questions relating to Data Privacy with Totally plc or this Policy should be sent by email to put firstname.lastname@example.org , or by writing to Totally Plc Hamilton House Mabledon Place London. WC1H 9BB.
Alternatively, you can call our Data Protection Officer on 020 3866 6486
What personal Information is held
We may collect and process the following data from you:
- Information you consent to provide Totally plc that is required to carry out our obligations arising from any contracts entered between you and us, or potential contracts that may be in liaison between you and us.
- Information that you consent to provide by filling in forms on our website, or as part of any direct marketing or sales activities. This includes and is not limited to personal information about you such as your name, telephone contact number, geographical address/location, email address and interests.
Note: Clear consent information is supplied at point of collection to provide information on the use of data; and a record of the consent is taken at point of collection.
- If you contact us by telephone or in writing, we may keep a copy of your correspondence or communication.
If you have provided us with the personal data of another person, there is a clear requirement imposed by Totally plc for you to confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a Data Controller and the nature of the processing taking place.
Records will be retained as evidence of this consent.
How will we use the information we hold about you?
We use information held about you in the following ways:
Performance of a contract – We use information held about you to carry out our obligations arising from any contracts entered into between you and us; and to notify you about changes to our services.
Legitimate Interests – We use information held about you to provide you with information, products and/or services that you request from us or which we feel may interest you if relevant to the products or services currently being supplied as part of a contract with Totally plc, or in relation to a previous contract with Totally plc whereby you are happy to continue to receive such information;
Consent (Direct Marketing)- We use information held about you to provide you with information on products and/or services that you request from us, or which we feel may interest you where you have consented to be contacted for such purposes. Where consent has been provided to Totally plc, it is a recognised right of the Data Subject that this consent can also be withdrawn.
Should you wish to withdraw consent, please email email@example.com , or by writing to Totally Plc Hamilton House Mabledon Place London. WC1H 9BB.
Alternatively you can call our Data Protection Officer on 020 3866 6486
We will not share your data with third parties for other marketing purposes unless we have your express consent to do so.
Your rights relating to Personal Data
You have the right to ask us to cease processing your personal data for marketing purposes. We will seek consent (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your data to any third party for such purposes. You can also exercise your right to prevent such processing by contacting us at firstname.lastname@example.org.
GDPR gives you the right to access information held about you. Your right of access can be exercised at any time. Totally plc operate both a Data Subjects Rights procedure and a Subject Access Rights Procedure to ensure that all rights exercised by data subjects relating to personal data are managed appropriately.
From time to time, our website may contain links to and from our strategic partner(s), partner network(s), strategic sponsor(s), advertiser(s) and affiliate(s). If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Retention of your information
We take appropriate measures to ensure that any information collected from you is kept secure. Totally plc holds UKAS accredited certification to ISO 27001:2013, and is subject to both internal and external audits to ensure that information security is upheld.
Totally plc operate a clear Retention policy and associated Retention Schedule to ensure personal data is kept only for so long as is necessary for the purpose for which such information is used.
If any of your personal data changes, or if you have any questions about how we use data which relates to you, please contact us by email at email@example.com. We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, strategic partner(s) or strategic sponsor(s) our ultimate holding company and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.
As part of our GDPR compliance obligations, we are duty bound to check when personal data may be shared with third parties to ensure that they apply the same or greater controls in terms of data protection. The use of non-disclosure agreements form part of our third-party data sharing controls.
We may disclose your personal information to third parties
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by it about our customers will be one of the transferred assets; or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply other agreements; or
- to protect the rights, property or safety of Totally plc, our customers or others.
Totally plc has risk assessed where personal information may be transferred outside the EEA. As part of our own due diligence we have identified that personal data held for and by Totally plc resides in the EU. Totally plc will continue to monitor this for Totally plc considering any 3rd party provider changes in the future. Should a requirement for data to be transferred outside of the EU in future, Totally plc will implement controls and safeguards to ensure that equal to or greater data protection measures are enforced and records retained to evidence this.
This policy covers all data that is shared by a visitor with us whether directly viahttp://www.totallyplc.com/ and http://www.totallyhealth.com/ or via email. This policy is occasionally updated by us so we suggest you re-review from time to time.
This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website or via email.
Certain businesses are required under the data protection act to have a Data Protection Officer. For the purpose of the Data Protection Act 1998 our Data Protection Officer can be contacted on 020 3866 6486 or emailed at firstname.lastname@example.org
- Information we collect
In operating our Website we may collect and process the following data about you:
1.1 Details of your visits to our Website and the resources that you access including, but not limited to, traffic data, location data, weblog statistics and other communication data.
1.2 Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter or contact us via the contact us page.
1.3 Information provided to us when you communicate with us for any reason.
On occasion, we may gather information about your computer for our services, and to provide statistical information regarding the use of our Website to our advertisers.
Such information will not identify you personally, it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with the Website so that we can continue to develop and improve this Website.
We may gather information about your general Internet use by using a cookie file that is downloaded to your computer. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computers hard drive. They help us to improve our Website and the service that we provide to you.
All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular areas of our Website.
Any advertising featured on this Website may also incorporate cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.
For more information on cookies you can read the guidance at All About Cookies.
- Contacting us
We welcome any queries, comments or requests you may have regarding this policy please do not hesitate to contact us at email@example.com.
If you would prefer to write to us then our contact address is