Privacy Policy
LEI Registrations is committed to protecting the privacy of our users and clients. This privacy notice is intended to inform you on how we gather, define and utilise information.
Our procedures are designed to protect all customer and stakeholder data. All controls are aligned with the UK Information Commissioners Office (ICO) best practice principles for businesses. This privacy policy has also been aligned with the UK General Data Protection Regulation (GDPR).
Policy brief & purpose
Our privacy policy refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
In this privacy policy, we outline that we gather, store and handle data fairly, transparently and with respect towards individual rights.
Who we are
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, it refers to LEI Registrations Limited (company registration number 10824202).
From the perspective of GDPR LEI Registrations defines itself as a data controller. This means that we are responsible for deciding how we hold and use personal information.
If you have any questions in relation to this privacy notice or how we use your personal data they should be sent to info@leiregistrations.com addressed to the Data Protection Officer.
Scope
This policy applies to all parties (employees, customers, suppliers etc.) who provide any amount of information to us. Employees of our company must follow our privacy policies. Contractors, consultants, partners and any other external entities are also covered. Generally, our privacy policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
This privacy policy outlines the following rights for individuals
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object and
Rights in relation to automated decision making, including profiling
All data subjects are free to exercise these rights, and this privacy policy describes how this can be done. As much as possible we have written this document in an easy to understand format and have used clear language.
Policy elements
As part of our operations, we need to obtain and process information. This information refers to any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, entity documentation, financial data etc.
This privacy policy will cover both publicly available information and personal data which can identify specific individuals (e.g. email addresses).
Lawful basis of data use
The personal data we handle is collected and processed under the lawful basis of:
Consent - explicit consent obtained
Contract - the need to perform the contract we have entered into with you
We request your consent to use your data when you place an order via our website. This consent can also be withdrawn at any time. Please see the section ‘Your data protection rights (DPO)’ for more detail on withdrawing your consent.
Privacy notice commitments
The company commits to collect information in a transparent way and only with the full co-operation and knowledge of interested parties. Once this information is available to the company, the following rules apply.
Our data will be:
· Collected fairly and for lawful purposes only
· Data will be recorded accurately and kept up to date
· We’ll only collect the personal data that we need
· Processed by the company within its legal and moral boundaries
· Protected against any unauthorised or illegal access by internal or external parties.
Our data will not be:
· Communicated informally
· Stored for more than a specified amount of time
· Transferred to organisations, states or countries that do not have adequate data protection policies
· Distributed to any party other than the ones necessary to register or renew LEI numbers (exempting legitimate requests from law enforcement authorities).
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we must:
· Let people know which of their data is collected
· Inform people about how we’ll process their data
· Inform people about who has access to their information
· Have provisions in cases of lost, corrupted or compromised data
· Allow people to request that we modify, erase, reduce or correct data contained in our databases
Actions
To exercise data protection, we’re committed to:
· Develop transparent data collection procedures
· Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorisation etc.)
· Build secure networks to protect online data from cyberattacks
· Inform individuals of the amount of time that their data will be preserved
· Declare its data protection provisions publicly (e.g. on website)
· Ensure all concerned parties have read the privacy policy and adhere to it
· Train employees in online privacy and security measures
· Restrict and monitor access to sensitive data
· Establish clear procedures for reporting breach of privacy or data misuse.
Personal data we handle
In order to process LEI registrations and renewals, we routinely collect contact information from our customers. This information may include a contact name, address, email address and phone number.
The main types of information we process relates to legal entities other than natural persons e.g. limited companies. Examples of this type of information includes:
Entity name
Entity address
Entity ownership
Legal form
The majority of information we collect and process will already exist in the public domain. The personal information we collect is used for the purposes of identifying and contacting customers in relation to their LEI number e.g. LEI renewal reminders.
Sensitive personal data
GDPR defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
We do not collect and will not ask for information classified as sensitive personal data.
Children’s personal data
Our services are not offered to persons under 18 years of age, and we will not directly enter into a contract with a ‘child’. If while providing our services, we receive any personal data relating to a person under 18 then this will be provided with the consent of an appropriate adult guardian. In these circumstances, we will handle any children’s personal data with the upmost care and in accordance with the protections outlined in this privacy document.
Information from third parties
For the purposes of registering LEI numbers we will draw on external data from public sources (e.g. UK Companies House) to validate and augment supplied data.
Disclosure of personal data to other bodies
To deliver our LEI registration services we will share information with trusted third parties involved with the issuing of LEI numbers. This information will relate to the legal entity for which the LEI number is required and cover the necessary data items required for the registration or renewal of the LEI record.
If it is necessary to forward personal data to another organisation, then we will utilise appropriate security measures to protect your data in transit.
Please note we will not share your information for marketing purposes with any other organisations.
Employees
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Updating your data and contact preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:
Email us at info@leiregistrations.com
Call us on 0800 689 3819 (freephone) between the hours of 9.00am - 5.00pm weekdays
Or write to us at: LEI Registrations Limited,17 The Market Place, Devizes, SN10 1LX
Verification, updating or amendment of personal data will take place within 30 days of receipt of your request.
Your data protection rights (DPO)
As we are using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for direct contact purposes.
If you wish to exercise any of your data rights, including your withdrawal of consent, then please tell us by contacting us using the details above.
Subject access rights
If you would like further information on your rights or wish to exercise them, please contact us via the channels listed above.
You will be asked to provide the following details:
The personal information you want to access
The date range of the information you wish to access
We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in a pre-agreed format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request, we will provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
Data breaches
LEI Registrations is registered with the ICO and as such is duty bound to have the right procedures in place to detect, report and investigate a personal data breach.
In the unlikely event of a suspected data breach occurring we will report it to the ICO and will inform any impacted customers or employees.
What to do if you’re not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about data protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Cookies and links to third party websites
Cookies & Analytics
Cookies are small text files stored on your computer when you visit certain websites. We use first party cookies (cookies that we have set, that can only be read by our website) to personalise your online experience. We also use third party cookies (cookies that are set by an organisation other than the owner of the website) for the purposes of website measurement and targeted advertising. We also use analytical cookies in the form of Google Analytics to allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This information is used to improve our website and to identify issues within the website. You can control the use of cookies via your browser.
Links to other websites
Our website may, from time to time, contain links to and from third-party web sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. This privacy policy applies solely to the personal data collected by LEI Registrations.
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements. In most instances information will be deleted 5 years after your last contact with us.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our customers safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up-to-date and secure against the ever-changing threat landscape.
All employees are required to complete mandatory information security and data protection training on employment and annually thereafter to reinforce responsibilities and requirements set out in our information security policies.
When you trust us with your data, we will always keep your information secure to maintain your confidentiality. By using strong encryption when your information is stored or in transit we minimise the risk of unlawful access or disclosure.
Storage of information and data adequacy
LEI Registrations is based and operates in the UK and we store most of our data within the UK and European Union (EU). Some organisations which provide services to us may transfer data outside the European Economic Area, but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the USA. However, we only allow this when we are certain it will be adequately protected (e.g. US Privacy Shield or Standard EU contractual clauses).
Payment card security
Our online payment solutions are carried out using a 'payment gateway' (Stripe Inc) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us. As LEI Registrations does not accept, process, store or transit any payment card details, it is not subject to the payment card industry data security standard (PCI DSS).
CCTV
We do not operate any CCTV.
Changes to this privacy policy
We’ll amend this privacy policy from time to time to ensure it remains up-to-date and reflects how and why we use your personal data and new legal requirements. Please visit our website to keep up to date with any changes. The current version will always be posted on our website.
External resources
Data Protection Act
http://www.legislation.gov.uk/ukpga/1998/29/contents
Information Commissioners Office (ICO)