Interchange is making it easier for you to find out how we handle your information and that of those connected to our business. Below is how we collect data and what we will do with it:
What information is being collected according to the nature of our business relationship?
Only that necessary to pursue our business relationship which may include but is not be limited to: – Company and individuals’ names, address, telephone and email contacts, general business data, of associated third parties as they all relate to business activities.
Who is collecting it?
Interchange directors, associate directors and employees.
How is it collected?
Emails, telephone, letters, proposals, contracts, purchase orders, invoices and requests for data given by consent while conducting integrity due diligence.
Why is it being collected?
To conduct business with you or on your behalf, for the management of personnel records, providing invoices
and receiving payments.
How will it be used?
Maintaining a database for; customers, suppliers, business partners and any other person/entity associated with Interchange using that information to better understand our customers’ needs and provide them with relevant services.
Who will it be shared with?
Within the Company, as relevant to supporting our business relationships; shared with directors, associate
directors and employees. When contracted to conduct third party integrity due diligence (IDD) on behalf of a
customer in accordance with all consents given.
Identity and contact details of any data controllers
T: +44(0) 208 528 1000
Transfers of data outside the European Union
No information will be transferred outside the European Union without the written consent of all the concerned parties.
Data will not be kept for longer than is necessary dependent on the circumstances of each case and considering the reason that the personal data was retained. If a valid legal, business or other reason for retaining personal data is not established it will be securely deleted or destroyed after seven years.
Your personal data
We would ask you to take reasonable steps to ensure that any personal data we hold about you in relation to our business, is accurate and updated as required.
Sensitive Personal Data
We will not collect or record sensitive personal data about you without your explicit consent.
Conditions for processing
We will ensure any use of personal data is justified using at least one of the conditions for processing. All those in Interchange responsible for processing personal data will be aware of the conditions for processing. The conditions for processing will be available to data subjects in the form of a privacy notice.
Data Access Requests
Please contact us if you would like to correct or request information that we hold about you. There are restrictions on the information to which you are entitled under the applicable law.
Upon request, a data subject has the right to receive a copy of their data in CSV format and/or PDF. These requests will be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. A data subject may also request that their data is transferred directly to another system. There is no fee for responding to these requests unless there is an unexpected large amount of data to be processed.
Right to be forgotten
A data subject may request that any information held on them is deleted or removed. An erasure request will only be refused if an exemption applies.
Privacy by design and default
When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.
We all have an obligation to report actual or potential data protection compliance failures such as a cyber-attack, access of a computer by an unauthorised third party; sending personal data to an incorrect recipient; computing devices containing personal data being lost or stolen; alteration of personal data without permission; or loss of availability of personal data. This allows us to:
- Investigate the failure and take remedial steps if necessary
- Maintain a register of compliance failures and improve
- Notify the UK Information Commissioner’s Office (ICO) of any compliance failures that are material either or as part of a pattern of failures
Interchange Solutions Ltd
88 Wood Street