Isologix
Isologix
More

Privacy Policy

Isologix Privacy Policy


Introduction 

This Privacy Policy sets our approach to managing information, including personal data. 

The topics included in this Policy are:

· Who are we

· Data Collection

· Basis for data processing

· Data Purposes

· Data Retention

· Our service providers and where data may be stored

· How we secure personal data

· Your data protection rights

· How to contact us

· Changes to our Privacy Policy


Who are we

Isologix Ltd is a consultancy that helps organisations with their ISMS and Risk needs. The correct management and protection of information is important to our clients and therefore it is extremely important to us.

Legislation and regulation emphasises that privacy is paramount when handling personal data, and Isologix aims to be as transparent, compliant and ethical when it comes to data processing, communication, storage and retention.

It is important to note that Isologix will carry out services and deliverables for other clients and in those instances, we will utilise their assets, systems and services to ensure that we remain compliant with their company policies and processes. 


Data Collection

Isologix purpose is to provide consultancy services to business and as such endeavours to avoid the unnecessary collection of personal data. Furthermore, there is no requirements for volume data processing within out services portfolio.

We do not carry out mass marketing campaigns, nor do we hire the services of marketing organisations to conduct this on our behalf. Should you encounter any company that proposes to represent Isologix, then please contact us on the information listed in this Privacy Policy.

The personal data that we collect will be limited to:

· Name

· Business email

· Business contact number

· Business name and address

We may also include data on individuals at an organisation that we have engaged with for our services such as training, auditing, or interviewing

Isologix will not request, process or store special category personal data


Basis for data processing

Isologix will collect data for the following purposes

· Legitimate Interest

o When answering enquiries relative to our services, or initial engagement when we have received contact information from individuals representing their business

· Delivery of Services

o During contract discussions and negotiations, it is necessary for us to keep records and store agreements that may contain personal data

· Legal, Regulatory or Contractual

o For necessary business activities that may include;

§ Tax and Accounting purposes

§ Supervisory Authority / ICO Engagement

§ Processing of staff, or where required partner data


Data Purposes

Prior to procurement of services

· We will process and hold business contact information as this is necessary for us to offer our services to other organisations. We will use this information to:

o Send business related emails, make calls and post additional information upon request. We do not engage in marketing or direct mailing

· When engagement is no longer required, then please contact us and advise that you wish this information to be removed.

During the provision of services

· As stated above, Isologix endeavours to utilise client assets when providing services. Only in exceptional circumstances, and with client permission, where data has been collected on Isologix assets, only the minimum required data sufficient to conduct the activity will be collected and in accordance with client policies and security requirements. In this instance, the data will be deleted upon completion of the activity

Post service delivery

· We will retain information relating to the organisation for a period of 7 years. This is so that we can

o Assist within queries and investigations where Isologix may be required to explain and action or decision

o To help us comply with records relating to finance and company records.

Isologix does not use any data for tracking. The company website is hosted via GoDaddy, who state that they do not use coolies unless specifically requested by the organisation requesting the services. You can find out more in www.allaboutcookies.org). Any cookie use should be for the purposes of analytics or troubleshooting. Isologix does not have access to this data, nor shall it request access.


Data Retention

The main data retention principle is to store for the least time allowable. Generally, we retain data for the following information types:

· Financial records and contract information  7 years after contract completion

· Project notes  7 years after contract completion

· Business contact data 4 years

Data held on client assets will be subject to their own data retention policies


Our Service Providers and where data may be stored

We use the services of other organisation for our operations, which allows us to:

· Cost effective in the provision of our own services;

· Maintain optimum efficiency, and;

· Have the ability to recover essential services should a continuity event occur

The Service Providers that are used are renowned and go above end beyond to ensure that data is protected ad available when required.

We do not use shared services with these organisations (shared in the sense that we “share” storage where data can be contaminated with data from other organisations and visible to other parties). Furthermore, when procuring these services, we endeavour to use local options for services (in both the UK and EU). 

These service providers include:

Microsoft

For the provision of Office 365 Services and Email. Web portals are accessible only via HTTPS with additional authentication measures. Alerts are sent when service portals are accessed. 

Microsoft also supply us with Surface Devices and accessories for our client operating systems

Lenovo

We procure Lenovo devices for client operating systems to access our Microsoft services

Proofpoint

We use Proofpoint for email security services including malware detection, spam and phishing detection, domain reputation to mitigate against fraudulent activity, and for email encryption where required.

Go Daddy

Host out website which does not hold collect any personal data. Isologix prefers to keep the information on the site as simple as possible 

Samsung

We procure Samsung devices which are limited in function by Mobile Device Management Policies 

All of our client devices are protected by Security Software that provide:

- Security Policies that constrain or enforce measures to keep information protected

- Provide Anti-Malware Measures

- Have Anti-Theft Mechanisms to ensure that potential theft is detected, and additional detective and preventative measures are deployed (including remote wiping of devices)

- VPN Services to ensure that communications are protected at all times when between client sites

We do not use Customer Relationship Management Systems to support our approach to minimal data collection

If we are required to conduct services in a country that us deemed a higher risk and may not offer the same legislative safeguards for protecting personal data, Isologix will only carry sanitised devices that contain no personal data and only the services necessary carry out the deliverable.


How we secure personal data

Isologix cannot guarantee 100% security as no organisation can completely mitigate against all risks. However, we can endeavour to undertake appropriate measures to protect data as best we can, including the use of multi factor authentication. 

We also take a logical approach to security arrangements for our devices and communications including:

Physical Security

- Storing hardware in company safe when not in use

- Avoiding printing physical copies of data and prohibiting printing of any personal data

- Shredding of documents that contain other types of data

Staff or resources

- Only long-standing trusted partners or service providers will be used, the majority of whom have a minimum of BPSS Security Vetting carried out 

Client Devices

- Full disk encryption 

- Access Controls

- Anti malware and Anti Theft Software

- Multi Factor Authentication

Mobile Phones

- Anti Malware and Anti Theft

- Locator services and remote wipe function

- Force locking policy

- Local storage encryption

- PIN multi character enforcement

Email and Communications

- Email encryption feature where required

- Email is not used to send or store personal data outside of legitimate business communications

- Suspect emails held in quarantine until reviewed and released


Your rights in relation to personal data

Under the UK Data Privacy Laws there are rights for individuals and their personal data. As mentioned throughout this document, Isologix engages in Business-to-Business contact and endeavours to keep to the principle of least personal data necessary. Should you feel that we may have personal data belonging to and you wish to obtain a copy, please send an email to enquires@isologix.co.uk. It is important to understand that we can only provide data directly relating to you and not of other individuals. We may also ask that you verify you are the individual who is requesting the information. We will respect your data rights with regard to:

• Access to personal information 

o If we hold your data, we can provide a copy 

• Correction and deletion

o If there are inaccuracies with your personal data, please advise and we will have the corrected without delay. It is important that we will not do this for historical data that was correct at the time of initial use

• Opt-out of further contact

o Should you wish to no longer be contacted by us, please send an email and we will ensure that your information is no longer available for communications

• Data portability

o As data is predominantly for business use and communication, it is unlikely that there will be requests to move this data to transfer this data to another provider

• Restriction of processing and objection

o Should there be an instance where you do not wish us to use the data temporarily, then we will comply the request until the temporary restriction has been lifted

• Use of automated decision-making and profiling

o We do not use services for automatic decision making, processing or profiling

• Lodging a complaint with the ICO

o We endeavour to provide the best service possible and treat your data respectfully. If you are unsatisfied with how we may have handled your data or a data related query, then please reach out to us in the first instance and we will do everything that we can to resolve the issue. Should we not be to resolve the issue, you can go to the UK Regulator (The Information Commissioner’s Office) where you can lodge a complaint.


How to contact us

Isologix Limited is a company registered in Scotland. Our Company number is 10065064

Our correspondence Address 

Registered office address: 

c/o MAF, The Great Barn, 

Whitehouse Farm, 

Gaddesden Row, 

Hemel Hempstead, 

England, 

HP2 6HG


Should you have any queries with regard to Isologix then please use any of the contact methods on the main site


Changes to this Privacy Policy

This policy version is dated September 2022.

Should there be changes that affect this policy, including changes in law, technology or how the organisation operates, then Isologix shall employ best efforts to make individuals aware.

Copyright © 2024 Isologix - All Rights Reserved.

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept