This notice sets out how the Euro-Tec organisation seeks to protect personal data collected and processed during an investigation. It covers all aspects relevant to our business as set out in General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). This notice informs clients and other affected parties in understanding how we process personal data, along with the rights of individuals to be informed who may wish to query what data is held about them.
Reasons/purposes for processing information
We process personal information to enable us to provide investigatory services to government departments and the legal profession, also to maintain our own accounts and records.
Type/classes/categories of information processed
We process information relating to the above reasons/purposes. This information could include:
We also process sensitive data/special categories of information that could include:
Who the information is processed about
Lawful Basis for processing
Euro-Tec processes all personal data lawfully, fairly and in a transparent manner when providing investigatory services under the following lawful basis stated in The General Data Protection Regulation:
Article 6(1)(f) Necessary for the purposes of legitimate interests pursued by the controller or a third party
Where Legitimate Interests is relied upon as a legal basis we conduct a Legitimate Interest Assessment.
Euro-Tec processes all special categories data lawfully, fairly and in a transparent manner when providing investigatory services under the following lawful bases stated in the General Data Protection Regulation:
Article 9(2)(e) processing relates to personal data which are manifestly made public by the data subject.
Article 9(2)(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
Source of personal data
The data we process originates from legally compliant publicly available and open source information, and personal data manifestly made public by the data subject. In addition it is supplied by Clients under the lawful basis of Legitimate Interests.
Automated decision making and profiling
Euro-Tec does not utilise automated decision making and profiling as stated in GDPR and DPA.
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the GDPR and DPA. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where necessary or required we share information with:
Prior to any business relationship we will request from Clients personal information such as name, address, telephone number and email. We also obtain consent to process said information to confirm the accuracy of such details. In the event we do not proceed with an assignment the information will immediately be destroyed.
Transfer of data to third countries
The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by the GDPR is not undermined. It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the GDPR and DPA.
Handling of personal data - Security, Protection and Retention
Euro-Tec adheres to the requirements and individual's rights contained in GDPR and DPA and ensures that personal data is:
Fairly and lawfully processed;
Processed for limited purposes;
Adequate, relevant and not excessive;
Accurate and up to date;
Not kept for longer than is necessary;
Processed in line with your rights;
Not transferred to other countries without adequate protection
Euro-Tec takes all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information. We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed including the following by way of example:
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, please submit your request in writing to: The Data Controller, Euro-Tec Investigation Service, The Malthouse, off Hummer Road, Egham, Surrey TW20 9BD. Please note Under the DPA & GDPR Euro-Tec are required to verify the identity of the person submitting an objection, therefore all such requests must include the individual's full name, address and telephone number. The sender may also be requested to supply paper evidence of their identity.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
The data controller responsible for your personal data is Euro-Tec Investigation Service. Our data protection registration number is Z5102686. If you have any questions about this privacy notice or how we handle your personal information, please contact The Data Controller, Euro-Tec Investigation Service, The Malthouse, off Hummer Road, Egham, Surrey TW20 9BD.
Right to complain
You have right to lodge a complaint with the Information Commissioner’s Officer (ICO). The ICO can be contacted by telephone on 0303 123 113 - Monday to Friday, between 9am and 5pm - or by email at firstname.lastname@example.org. You can also visit the ICO’s website by following this link: https://ico.org.uk/.
Last updated May 2018