Privacy Policy – Impact Professional Services

We take our duty to safeguard your data seriously. Our Privacy Policy sets out our privacy commitment to you and explains your rights.

Who we are

We’re a friendly team of seasoned and successful compliance and risk experts, proudly based in the Isle of Man. Our highly qualified professionals can offer you the skills, knowledge, and connections to protect and grow you and your business.

Where we collect personal information from

You may have supplied your personal data to us through:

emails and letters
phone
by consent through our marketing campaigns

Your personal data

‘Personal data’ means any information that can be used to identify an individual person. This means information that could identify you directly or indirectly. The only information we will request from you prior to entering any contract for services will be:

your name, address (company or personal whichever you provide to us), email address, location data.

As required under the regulations the information we collect will be adequate, relevant, and limited to what is necessary for the purpose the information is being collected.

All personal data we collect, and hold will be processed lawfully, fairly and in a transparent manner in relation to you as our data subject.

Sensitive data?

We will never collect sensitive personal data from you.

However, if you make any of your sensitive personal data public such as putting information on social media, we may process that data as this information will already be in the public domain.

How we use your personal information

Our core activities are that of a consultancy business, mainly operating on a business-to-business basis, providing consultancy services to professional entities. Therefore, personal data collection will only be processed:

a) to keep you informed of any marketing activities and initiatives of our business

b) carrying out anti money laundering and conflict of interest checks for the prevention of financial crime or fraud prior to entering into a contractual relationship with you

c) exercising and defending our legal rights, complying with regulatory authorities and legislation

d) for audits by national and regulatory enforcement.

We will ensure your personal data is processed in a manner that is appropriately secure and we will protect your information against unauthorised or unlawful processing, accidental loss, destruction, or damage. We will do this with the implementation of internal policies, procedures, encryption of emails and staff training therefore treating your personal data with integrity and with the utmost confidence.

Your data will not be further processed in a manner that is incompatible with the above purposes. We will never sell your data onwards to any third-party.

How the law protects you

Data Protection law allows Impact to process and retain your personal information only if we have a good reason to do so. We must have one or more of the following reasons to process and retain your data:

To fulfil a contract, we have with you
When it is our legal duty
When it is in our legitimate interest
When you consent to it. (When you give your consent, it should be given freely by you along with an informed indication of your wishes which signifies your agreement of your personal data being processed).

The processing of your information is done so within the legitimate interests of business or commercial activities (these are not overridden by prejudice to your privacy rights). For Impact to comply with applicable regulations it will be necessary, in some cases, to disclose your personal details which would be classed as a legal duty.

Third party data processing for administration purposes

We will not provide your information to any third parties. Where we are appointed to provide outsourced consultancy services to you, we will abide by and comply with your data protection and privacy notices.

Sending data outside the European Economic Area (EEA)

As our services are available world-wide if you are operating in a country outside of the EEA the level of GDPR protection in your country may not be classed as equivalent to the Isle of Man. In such instances we will ensure the transfer of any personal data is protected by a data transfer agreement.

To ensure we are only transferring data to countries which have the correct adequacy ratings we regularly check the EU website.

Automated decision making

Impact does not use automated decision-making processes.

If you choose not to give personal information

Impact may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to provide your personal data, it may delay or prevent us from meeting our obligations. It may mean that we cannot perform services to run your contracts which could result in a need to cancel a contract or service you have with us.

Any data collection that is optional would be made clear at the point of collection.

How long we keep your personal information

We will retain your personal data in a form which can identify you for six years after our relationship with you has ended. Reasons to retain data can include:

Respond to questions or complaints you may have in relation to the services we provided to you
To demonstrate we treated you fairly
Maintain records according to rules that apply to us in our jurisdiction.

Should you wish to have a look at our document retention schedule stating what documents are kept and for how long please contact our DPO who can give you a copy of our document retention schedule.

We may extend retention periods if we are required to preserve personal data in connection with investigations, proceedings, and litigation.

How to obtain a copy of your personal information

You have a right of access to your information completely free of charge (if it is a simple request). If we do need to charge you, we will confirm what the charge is and why it is necessary to charge you. Usually, we will only charge if the information is clearly unfounded or excessive. Therefore, if you keep requesting information then it may be necessary to charge you. We will take into consideration the cost of obtaining your information and the length of time it will take to respond to your request. We may charge for any additional copies if you request them.

Should you wish to have access to your personal data you can write to the DPO to request copies. This is called a subject access request. If you wish to have more details as to how this works, please contact our DPO.

If you request information that is too much or if we hold a lot of information about you, we will ask you to be specific about the information you are looking for in order that we can locate it and get it to you.

If we consider that you are asking for too much information, we do have the right to say no. If we do consider your request to be excessive, we will send you a letter or an email setting out why.

For your protection we may ask for identification confirming that it is you asking for the information. If you request copies of your information, we must provide you with your information within one month from the date we receive your identification documents. However, in exceptional circumstances, for example if your request is very complex, we can extend the time we have to respond to you, by a maximum of a further two months. We will let you know if we need to extend the deadline and reasons for doing so, by the end of the first month.

You have a right to an electronic copy of your personal data which we can send to you encrypted.

If your request to have a copy of your personal data adversely affects the rights and freedoms of others, we will not be able to provide this however we will send a letter to you confirming this.

Letting us know if your personal information is incorrect

You have the right to question any information we have about you that you think is wrong or incomplete.

We will endeavour to ensure that all information we retain for you is accurate, complete, and up to date. Please do let us know if you have a change of personal details such as surname or contact details and help us keep your details up to date. If you become aware that the information, we hold is incorrect and have let us know we will take every reasonable step to ensure that your personal data is rectified without delay. It is a good idea to regularly check the information we have for you.

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information. This is your ‘right to object’ or ‘right to be forgotten’. However, in doing so this may stop us being able to provide you with your contract or disrupt our service levels to you.

There may be circumstances where we are able to restrict the use of your data, i.e. restrict its use to certain things, such as legal claims or to exercise legal rights. In these circumstances, we would not use or share your information for other purposes while restricted.

Restriction of processing can be requested when:

It is not accurate
It has been used unlawfully but you do not want us to delete it
It is not relevant anymore, but you want it to be retained for use in legal claims
You have already requested your data to not be used but you are waiting for us to tell you if we can continue to use it
You can request the restriction or objection to the processing of your personal data by sending the request in writing to our DPO.

How to withdraw your consent

You can withdraw your consent for us holding your personal information at any time. Should you withdraw your consent we will be unable to provide any consultancy services to you or keep you informed of any marketing activities.

How to complain

You can lodge complaints about our processing of your personal data with our DPO in writing.

Impact Professional Services, 14 Tynwald Street, Douglas, Isle of Man, British Isles, IM1 1AG

Or via E-mail: [email protected]

Should your complaint about our processing of your personal data not be resolved to your satisfaction you can then send your complaint to the Office of the Information Commissioner, you can also contact the Information Commissioner Office using the details on this link: DPA & UCR How to Make a complaint (inforights.im) .

Finally

This is our full privacy statement.

The most important thing is that you feel in control of your personal data and how it will be used by us.

If you are unsure or if you feel something is not clear you can contact our DPO who will be able to answer your questions.

Our Data Protection Officer can be reached in writing:

Impact Professional Services Limited, 14 Tynwald Street, Douglas, Isle of Man, British Isles, IM1 1AG.

Or via E-mail: [email protected].

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.