Privacy Policy

Please read the following Privacy Policy information carefully. This privacy notice contains information about the information collected, stored and otherwise processed about you and the reasons for the processing.

It also informs you with whom we share this information, the security mechanisms we have in place to protect your information and how to contact us in the event you need further information.

We will always protect, respect and safeguard your Personal Information and your privacy whilst also ensuring any other partners with whom we share your data, also abide by our high operating standards.

Throughout this Privacy Notice “the company” refers to RSS Infrastructure Ltd.

If you are interested in any further information of any kind, with regards to business services, please contact us at the address below in section 2. We will be happy to supply any information required.

Contents

  1. Data controller.
  2. Contact details of the controller.
  3. Purpose of the data collection.
  4. Where information is provided by you.
  5. Data Retention period.
  6. How is your data used?
  7. How is your data shared?
  8. Legal Basis for processing.
  9. Automated processing.
  10. Your rights.
  11. Children’s Data.
  12. Jurisdiction.
  13. Warranties and Liabilities.
  14. Copyrights and Trademarks.
  15. Future processing.
  16. Where is your data stored?
  17. Social media.
  18. Search engines.
  19. Marketing emails.
  20. Data protection.
  21. Email information.
  22. Cookies.
  23. Reporting a breach.
  24. Changes to this Privacy Notice.
  25. Our name and address.
  26. Complaints procedure.
  27. ICO contact details.
  28. Interpretations and definitions.
  29. Transfer of your personal information outside of the EEA.

1. Data controller

RSS Infrastructure Ltd acts as Data Controllers for all data processed within the company.
For the purpose of the Data Protection Act 2018, the data controller is:
RSS Infrastructure Ltd, Tech Block, Gee Business Centre, Holborn Hill, Aston, Birmingham, B7 5JR.

2. Contact details of the controller

The company processing your data is:

RSS Infrastructure Ltd, Tech Block, Gee Business Centre, Holborn Hill, Aston, Birmingham, B7 5JR.
Telephone: 0330-113-0004. Email address: info@rssinfrastructure.com
Company registration number: 06278727.

Please call the above number if you have any queries with regards to this Privacy Notice.

3. Purpose of the Data Collection

The company may use your personal information for the following purposes:

To procure professional services which may include:

a. To supply professional services on behalf of the company;
b. To fulfil equality and diversity and other regulatory requirements;
c. To manage matters relating to employment, including payroll etc;
d. To carry out anti-money laundering or financing checks;
e. To respond to requests for references;
f. To respond to potential complaints or make complaints;
g. To recruit staff;
h. To promote and market the services of the company;
i. As otherwise required or permitted by law.

4. When information has been provided by you

If you apply to the company for a position or are seeking a reference or are a member of staff, your personal information is required by the company, in order to progress your application/reference and also allow it to be properly assessed.
It also allows employment records, pay and pensions to be processed and also to enable the company to comply with its regulatory obligations, to keep accounting records.
If you are offering or providing the company with goods or services your information may also be processed in relation to such offers or contracts.

5. Data Retention Period

All data stored within the company is retained for a period of time which is in-line with our data retention schedule. Please ask for a copy of this schedule to verify our retention periods which are also in-line with GDPR recommendations.

6. How is your data used?

The company may use your personal information for the following purposes. To provide professional services to our clients. To fulfill any legal or regulatory requirement. To process an application or manage a contract or for any other requirement permitted by law.

During processing your data is always kept secure and is processed in-line with GDPR and data protection requirements including ensuring the data is accurate, relevant, necessary and not shared with any other unnecessary parties to ensure appropriate security.

7. How is your data shared?

It may be necessary to share your information with the following:

  • Information processors, such as IT support staff, email providers, information storage providers;
  • In the event of complaints, the complaints department who deal with the complaint or any other legal entity who requires legitimate access;
  • Other regulatory authorities;
  • Current or prospective employers or employees;
  • Education and learning bodies;
  • Company staff;
  • The intended recipient, where you have asked the company to provide a reference;

In the case of the Information Commissioner’s Office (ICO), there is a risk that your information may lawfully be disclosed to them for the purpose of any other civil or criminal proceedings, without the company’s consent or your consent, which includes privileged information.
The company may also be required to disclose your information to the police or intelligence services, where required or permitted by law.

8. Legal basis for processing

Under GDPR guidelines it is important we clearly explain how we operate, what processes we follow and also on what authority we process Personal Data. Operating under instructions from yourself, we would generally have a “Contractual” basis for lawful processing or to fulfil a contractual requirement.

When instructed to do so, we may also be processing on “Legal Obligation”. There may also be occasions whereby we may process Personal Data under “Legitimate Interests”.

With regards to any marketing campaigns undertaken, we would usually operate and send marketing information to clients under the terms of “Legitimate Interest” whereby the client has previously instructed us to supply services to them.

If this is not the case, then we would be operating using “Consent” and this can be freely withdrawn at any time using the “Opt-Out” options within our emails.

Consent can also be withdrawn at any time either from legitimate consent or explicit consent via a telephone call to our head office and we never collect any automated “Opt-In” customer databases. We always add an “Opt-Out” option to all of our marketing literate.

9. Automated processing

The company does not use any automated decision-making tools. Therefore there are no areas in which you may request that we do not process your personal information in this way.

10. Your rights

Under the GDPR, you have a number of rights that you can exercise in certain circumstances. These are generally free of charge. In summary, you may have the right to:

  • Ask for access to your personal information and other supplementary information;
  • Ask for correction of mistakes in your information or to complete missing information the company holds on you;
  • Ask for your personal information to be erased, in certain circumstances;
  • Receive a copy of the personal information you have provided to us or have this information sent to a third party. This will be provided to you or the third party in a structured, commonly used and machine-readable format, e.g. a Word file;
  • Object at any time to processing of your personal information for direct marketing;
  • Object in certain other situations to the continued processing of your personal information;
  • Restrict the processing of your personal information in certain circumstances;
  • Request not to be the subject in automated decision-making which produces legal effects that concern you or affects you in a significant way.

If you require more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office.

If you would like to exercise any of these rights, please:

  • Use the contact details within this privacy notice;
  • The company will need to ask you to provide other information so that you can be identified;
  • Please provide a contact address so that you can be contacted to request further information to verify your identity;
  • Provide proof of your identity and address;
  • State the right or rights that you wish to exercise.

The company will respond to you within one month from when we receive your request unless your request is very complex. You will be notified if this is the case and we may require up to three months to process your request.

You have the right to ask us not to process your Personal Data. This is a right under the existing Data Protection Regulation 2018 guidelines as well as under the new GDPR regulations.

This may relate to data we hold on you in general or data that we use for marketing. However, you should be aware there may be a legal precedence that supersedes your wishes with regards to processing personal data for legal reasons.

You can of course withdraw your consent for marketing purposes at any time.

For security reasons, your identity will need to be confirmed before this process can begin.

11. Children’s Data

Our professional services do not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us immediately.
If we become aware that we have collected Personal Data from anyone under the age of 16 without verification of parental consent, we take steps to remove that information from our servers immediately.

12. Jurisdiction

These terms and conditions are governed according to English Law and Regulations and are also subject to the exclusive jurisdiction of the English Courts.

These terms also apply to all RSS Infrastructure websites.

13. Warranties and Liabilities

While we make every effort to ensure the information on our websites is accurate, we do not warrant or guarantee its accuracy, or the accuracy of the information on any linked website.

We are not liable for any loss or damage resulting from:

  • Any use, or inability to use our website;
  • Any un-authorised access;
  • Any changes to the information on our website;
  • Reliance on any information on our website.

We cannot guarantee that our websites will be free from errors, defects, viruses or alterations made outside of our control.

If there is any difference between the information on our websites and our corporate literature – including key features documents, technical guides and policy documents – the corporate literature takes precedence.

14. Copyrights and Trademarks

Copyright of all information published on our websites, including photographs and images, belongs to the company and may not be used, sold, licensed, copied or reproduced in whole or in part in any way without our express permission.

RSS Infrastructure is a registered trademark and may not be used without our prior consent.

15. Future Processing

The company will not process your Personal Information except for the reasons stated within any initial agreement or contract with you. If there is a change of requirement for this processing, you will be requested to allow and authorise this change. These are your rights and we will only process Personal Information based on any existing contractual requirement.

16. Where is your data stored?

The data that we collect from you will generally be stored and accessed only in the UK (Within the European Economic Area) by Staff and partners directly working to fulfil a contract or legal requirement.

There may be a requirement from time to time to export some Personal Data outside of the EEA as required in order to progress and fulfil our legal obligation to you as a client.

When this condition does occur, all necessary steps will be followed in order to ensure that all data exported and used outside the EEA is managed with the same due care and process that we undertake ourselves within the EEA.

Our partners also have contracts in place with ourselves outlining their responsibilities to us and also defining their working practices that will mirror our own internal processes and procedures to safeguard personal data appropriately.

17. Social media

We use social media as a tool to inform clients of operations, seminars and training events that are planned and in order to share knowledge of the business as a whole.

However, we reserve the right to remove any posts that are present on any of our social media sites that we deem to be incorrect, damaging, offensive, irrelevant, distasteful or otherwise not complying with the company’s high standards.

18. Search Engines

We use a third party, Google, for website analytics. The information that we collect is information such as device information, location, IP address, gender and age information. We also collect language information, bounce rate, browser type, OS used, google cookies and other standard information collected by Google Analytics.

We collect this information to improve our website and search facilities and also to improve the customer experience on our websites. No user-specific data is collected.

19. Marketing emails

Please note: If you wish to unsubscribe from any marketing emails that you have agreed to, you can do so by following the instructions at the bottom of any marketing material or by contacting our office directly.

20. Data Protection

We understand the importance of protecting the personal and sensitive information entrusted to us and we also currently comply with the Data Protection Act 2018.

We will also comply with the data protection requirements under GDPR.

We are committed to protecting and keeping your personal information private – whether we receive it from you personally or from third parties – and take all reasonable steps to ensure its security.

Your information will remain confidential and we will not disclose any personal information to a third party without your consent – except where there is a legal or regulatory obligation. We do not sell, trade or rent your personal information to third parties and will only use your personal data for the purposes you have agreed to.

Your information will be used to process your request for a service or action.

Your information may be transferred to any country, including countries outside the European Economic Area for the completion of necessary processing. Where this happens, we will ensure that all necessary safeguards are followed for the transfer of information and that whoever receives this information agrees to treat it with the same level of protection and security that we provide.

21. Email information

We will make every reasonable effort to ensure email communication is secure. This may include encrypting personal and/or sensitive data or using encrypted email systems. Please note that transmission of data over the internet may still be intercepted and we cannot be held liable for any issue or loss of data transmitted to or by us electronically.

Please let us know as soon as possible if you become aware of any failure, delay or error in sending or receiving an email. Our ‘email sent’ records can be used as evidence that the email has been sent unless there is a clear mistake.

You can unsubscribe from our marketing communications at any time by clicking on the ‘unsubscribe’ link located at the bottom of our emails.

22. Cookies

Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

Cookies do many different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improve the user experience. They can also help to ensure the adverts you see online are more relevant to you and your interests.

The cookies we use do not collect personally identifiable information about you.

The only exceptions may be:

  • When you apply for a job vacancy;
  • Post a comment on one of our blog posts or social media sites;
  • Sign up to receive marketing information from us.

Where we collect this information, we will only use it to process your request unless we advise you otherwise. We will never sell your data to third parties.

We also track IP addresses of businesses and organisations to help us understand how our website is used.

23. Reporting a breach

RSS Infrastructure Ltd and all partners working with your Personal Data have a responsibility with the ICO to report any data or security breach that occurs to the ICO and also limit this breach wherever possible. We will also notify all parties affected by a breach wherever possible and also keep information relating to the breach in order to allow us to trace and monitor progress in such cases.

We will take further information from various places in order to make decisions on how we process the breach and carry our further actions.

We retain this information for as long as necessary to investigate and carry out these actions. The time scales applied are also defined in our data retention schedule.

24. Changes to this Privacy Notice

This privacy notice was published on 9th June 2021 and last updated also on that day.

The company continually reviews its privacy practices and may change this Privacy Notice from time to time. When a new update is created, it will be published on the company website.

25. Our name and address

We currently operate as and trade from:

RSS Infrastructure Ltd.
Gee Business Centre
Tech Block
Gee Business Centre
Holborn Hill
Aston
Birmingham
B7 5JR

26. Complaints procedure

If you are dissatisfied with any service you receive, you may contact the company by telephone on: 0330-113-0004 or by email at: info@rssinfrastructure.com

Or by post to the above address.

Please identify as clearly as you can the nature of your complaint or concern, how it has arisen and the outcome you seek.

The GDPR also gives you the right to lodge a complaint with the Information Commissioners’ Office (ICO) if you are in the UK, or with the Supervisory Authority of the Member State where you work, normally live or where the alleged infringement of information protection laws occurred.

27. ICO Contact details

The Information Commissioner’s Office can be contacted at:
http://ico.org.uk/concerns/

28. Interpretations and Definitions

Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions
For the purposes of this Privacy Notice:

  • Account means a unique account created for you to access our Services or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” refers to management in some format or other management authority.
  • Application means the software program provided by the Company and possibly downloaded by you on any electronic device.
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to RSS Infrastructure, Tech Block, Gee Business Centre, Holborn Hill, Aston, Birmingham B7 5JR.
  • Country refers to: United Kingdom.
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the process of supplying a service.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform functions related to the Service or to assist the Company in analysing how the Service is used.
  • Usage Data refers to data being collected, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a website page visit).
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

29. Transfer of your information out of the EEA

This privacy notice is of general application and as such, it is not possible to state whether it will be necessary to transfer your information out of the EEA in any particular case or for a reference.

If you are in a country outside the EEA or if the instructions you provide come from outside the EEA then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information please indicate this when providing initial instructions.

The company may transfer your personal information to the following which is located outside the European Economic Area (EEA):

Cloud information storage services based in the USA who have agreed to comply with the EU-U.S. Privacy Shield, in order to enable us to store your information and/or backup copies of your information so that the company may access your information when they need to. The USA does not have the same information protection laws as the EU but the EU-U.S. Privacy Shield has been recognised by the European Commission as providing adequate protection.

To obtain further details of that protection, click here.

If you would like any further information please use the contact details in Section 2.