Privacy Policy

This policy sets out the basis on which Consult-IDD will collect, store and use personal information.  It is written in accordance with the General Data Protection Regulation (GDPR)–(EU) 2016/679.

This website is hosted by ALL-INKL. For security reasons, this host—like any web hosting provider—stores so-called “server log files”. These are deleted after 7 days and record the following data:

Consult-IDD does not routinely collect personal data and does not use cookies to do so. If you request our services by sending us an email.. We will store your data exclusively in order to process your request. By contacting us by email, you agree to this processing.

Consult-IDD is committed to the lawful and correct treatment of personal information and it is our policy to comply with data protection legislation at all times.

This policy sets out Consult-IDD’s rules on data protection and the data protection principles contained in it. These principles specify the legal conditions that must be satisfied in relation to obtaining, using, transporting, storing and destroying personal data.

It is a condition that those who obtain, use, transport, store or destroy personal data adhere to the rules of this policy. Any breach of this policy will be taken seriously and will be referred to the respective legal authorities.

This policy may be changed by Consult-IDD at any time without prior notice. Whoever considers that the policy has not been followed in respect of personal data about themselves or others should raise the matter with us by sending us an email to info(at)consult-idd.com..

Anyone processing personal data must comply with the six data protection principles set out within the GDPR Regulations.

These provide that personal data must be:

• Used lawfully, fairly and with transparency;
• Collected and used for specified, explicit and legitimate purposes;
• Used in a way that is adequate, relevant and not excessive;
• Kept for no longer than is necessary, and only used for the specified purposes for which it is agreed the data can be held;
• Used and kept in a way that ensures security and protection of the individual‘s data;
• And that the organisation can demonstrate compliance with all the principles of accountability as set out within the GDPR Regulations;
   

This policy is intended not to prevent the necessary processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual.

For personal data to be processed lawfully, certain specific conditions have to be met. These include, among other things, requirements that the data subject has consented to the processing by sending a request via email.. In many cases, the individual can give implied consent if he or she is informed of all the subsequent uses of the personal data when it is collected.

Personal data should not be disclosed to anyone who does not reasonably require the information for the purpose for which it was collected. In addition, no personal information should be disclosed if the reasons for that person requesting the information appear unclear or doubtful.

Personal data should be adequate and not excessive for the purposes for which it is processed and it should be kept accurate and up to date. Care should be taken when requesting or keeping information about individuals. Requests from customers to update personal records shall be dealt with promptly and cross-referenced to any other files containing personal information.

Personal data must be accurate and kept up to date. Information which is incorrect or misleading is not accurate and steps should therefore be taken to check the accuracy of any personal data at the point of collection and at regular intervals afterwards. Inaccurate or out-of-date data should be destroyed.

Personal data should not be kept longer than is necessary for the purpose. This means that data should be destroyed or erased from Consult-IDD records where the data is no longer required for any legitimate or reasonable purpose.

Data must be processed in line with individuals’ rights as laid out within the GDPR Regulations. Consult-IDD recognises the importance of these rights. Individuals have a right to:

• be informed about what data is held by the organisation;
• have access to the information held upon request;
• require that mistakes are rectified promptly;
• have their data erased (to be forgotten) where this data is not held under legal requirement;
• restrict processing of the data to only that needed;
• make data available and portable;
• give the right to object to the how the data is used;
  
  

A formal request from an individual for information held by Consult-IDD about them must be made in writing. Consult-IDD will deal with all Subject Access Requests promptly and within one calendar month.

When receiving telephone enquiries, care should be taken about disclosing any personal information held on Consult-IDD records. In particular the person receiving the call should:

• check the caller’s identity to make sure that information is only given to a person who is entitled to it;
• suggest that the caller put their request in writing where the caller’s identity is uncertain and where their identity cannot be checked;
  
  

Consult-IDD must ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

Consult-IDD has put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor, such as an events management organisation or publishers, if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.

Security procedures include:

• Data to be held on secure PCs or storage with encryption;
• Secure lockable desks and cupboards – Desks and cupboards should be kept locked if they hold confidential information of any kind (personal information is always considered confidential);
• Methods of disposal – Paper documents should be shredded and/or placed in sealed confidential waste bins. DVDs and CDs should be physically destroyed when they are no longer required;
• Equipment - Data users should ensure that their screens do not show confidential information to passers-by and that they log off from their laptop/PC when it is left unattended;
• Data users should not leave laptops, phones or PDAs unattended;
• Non-disclosure agreements for contractors;
  
  

Personal data should not be transferred outside the EU unless:

• the individual requesting services is from outside the EU;
• the individual concerned has given informed consent;
• contracts are in place to ensure adequate protection for the personal data;
• the transfer is permitted under data protection legislation;
   

When using services provided via Zoom, the privacy policy of Zoom applies.