DATA PROTECTION POLICY

At GreyRigge Associates we take data protection seriously, which includes all data and client information shared with us during our engagement.

GreyRigge Associates Limited is registered with the Information Commissioner’s Office (ICO Registration: ZB584930). This demonstrates that we are committed to operating in compliance with all applicable data protections laws, including the Data Protection Act 2018 (DPA) and the requirements of the General Data Protection Regulation.

GreyRigge Associates has an E-Safety Policy and maintains a Business Contingency Plan – both are available on request.

If clients have specific requirements around data protection above and beyond compliance with the relevant laws then these should be communicated to the Project Manager.

What Information does GreyRigge Associates hold?

For most individuals GreyRigge Associates will only hold limited personal data such as name, job role, email and contact numbers. GreyRigge Associates is the data controller of this information and will respect data subjects’ rights under the GDPR, such as requesting the personal data we hold being removed from our systems.

Data exchange with most customers is limited to email, virtual meetings, and phone conversations. We do not record phone calls or virtual meetings but any communication over email is stored.

Some of our services involve additional data exchange. GreyRigge Associates offers a range of professional and managed services, and the designated delivery team may have access to data held by your organisation. GreyRigge Associates ensures that all staff and delivery partners sign Non-Disclosure Agreements and are bound by agreements that require they protect all data that they access.

The Privacy & Cookie Policy on the company’s website provides full information about how GreyRigge Associates uses personal data.