This notice sets out how the Euro-Tec organisation seeks to protect personal data collected and processed during an investigation. It covers all aspects relevant to our business as set out in the Data Protection Act 1998 and the soon to be introduced General Data Protection Regulation (GDPR) on 25 May 2018. This notice informs clients and other affected parties in understanding how we process personal data, along with the rights of individuals to be informed who may wish to query what data is held about them.
Reasons/purposes for processing information
We process personal information to enable us to provide investigatory services to government departments and the legal profession, also to maintain our own accounts and records.
Type/classes/categories of information processed
We process information relating to the above reasons/purposes. This information could include:
We also process sensitive data/special categories of information that could include:
Who the information is processed about
Lawful Basis for processing
Euro-Tec processes all personal data lawfully, fairly and in a transparent manner when providing investigatory services under the following lawful bases stated in the Data Protection Act and The General Data Protection Regulation GDPR:
Data Protection Act
2.6(1) Legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed
Secondary (where appropriate)
2.3 Compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.
2.5(a) The processing is necessary for the administration of justice.
2.5(b) The processing is necessary for the exercise of any functions conferred on any person by or under any enactment.
2.5(c) The processing is necessary for the exercise of any functions of the Crown, a Minister of the Crown or a government department.
Necessary for the purposes of legitimate interests pursued by the controller or a third party
Secondary (where appropriate)
Article 6(1)(c) Processing is necessary for compliance with a legal obligation
Euro-Tec processes all sensitive data/special categories data lawfully, fairly and in a transparent manner when providing investigatory services under the following lawful bases stated in the Data Protection Act and the General Data Protection Regulation:
Data Protection Act (sensitive data)
GDPR (special categories)
3.5 The information contained in the personal data has been made public as a result of steps deliberately taken by the data subject.
3.6.(a) The processing is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings),
3.6.(b) The processing is necessary for the purpose of obtaining legal advice, or
3.6.(c) The processing is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
processing relates to personal data which are manifestly made public by the data subject.
Article 9(2)(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Where Legitimate Interests is relied upon as a lawful basis a Legitimate Interest Assessment is conducted.
Source of personal data
The data we process originates from legally compliant publicly available and open source information, and personal data manifestly made public by the data subject. In addition it is supplied by Clients under the lawful basis of Legitimate Interests.
Automated decision making and profiling
Euro-Tec does not utilise automated decision making and profiling as stated in DPA and GDPR.
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where necessary or required we share information with:
Prior to any business relationship we will request from Clients personal information such as name, address, telephone number and email. We also obtain consent to process said information to confirm the accuracy of such details. In the event we do not proceed with an assignment the information will immediately be destroyed.
Transfer of data to third countries
The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by the GDPR is not undermined. It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act and GDPR.
Handling of personal data - Security, Protection and Retention
Euro-Tec adheres to the requirements and individual's rights contained in The Data Protection Act 1998 and The General Data Protection Regulation 2018, and ensures that personal data is:
Fairly and lawfully processed;
Processed for limited purposes;
Adequate, relevant and not excessive;
Accurate and up to date;
Not kept for longer than is necessary;
Processed in line with your rights;
Not transferred to other countries without adequate protection
Euro-Tec takes all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information. We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed including the following by way of example:
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, please submit your request in writing to: The Data Controller, Euro-Tec Investigation Service, The Malthouse, off Hummer Road, Egham, Surrey TW20 9BD. Please note Under the DPA & GDPR Euro-Tec are required to verify the identity of the person submitting an objection, therefore all such requests must include the individual's full name, address and telephone number. The sender may also be requested to supply paper evidence of their identity.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
The data controller responsible for your personal data is Euro-Tec Investigation Service. Our data protection registration number is Z5102686. If you have any questions about this privacy notice or how we handle your personal information, please contact The Data Controller, Euro-Tec Investigation Service, The Malthouse, off Hummer Road, Egham, Surrey TW20 9BD.
Right to complain
You have right to lodge a complaint with the Information Commissioner’s Officer (ICO). The ICO can be contacted by telephone on 0303 123 113 - Monday to Friday, between 9am and 5pm - or by email at firstname.lastname@example.org. You can also visit the ICO’s website by following this link: https://ico.org.uk/.
Last update 15.3.2018