Black Sheep Compliance collects and processes personal data relating to its customers. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
Black Sheep Compliance collects the following data from its customers:
- Company Name
- Phone Number
- Email Address
- Information required to complete internal audits: These may include site/Venue Information including information required to complete Surveys, Assignment Instructions, Risk Assessments, emergency contact information and signed contracts, records of incidents and issues, records of complaints.
- Company confidential information required for assessment.
This data will be stored on our internal server in a secure location, password protected if relevant and backed up. Data will not be held longer than is necessary, and in line with our document control procedure.
Why does the organisation process personal data?
Black Sheep Compliance processes personal data to provide compliance services to a wide range of business, with the permission of the customer.
Who has access to data?
- Your information is shared with Black Sheep Compliance staff to enable the provision of a compliance service.
- All staff employed by Black Sheep Compliance are DBS checked.
- Where necessary the organisation will share your data with specific third parties, such as the assessing body to enable the provision of a compliance service.
Black Sheep Compliance will not share your personal data with any other third party without your express permission.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
For how long does the organisation keep data?
Personal data, such as contact details, will be kept for the duration of the client contract plus a further 3 years, in line with our data retention procedure.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data; and
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing.
If you would like to exercise any of these rights, please contact the Data Controller as detailed below. Where we will respond within 30 days. If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
The personal data is required to enable Black Sheep Compliance to provide a Compliance Service. All personal data provided is done by the customer’s consent. Failure to provide the data required would greatly hinder the ability of Black Sheep Compliance to provide this service.