Last Updated: 14th October 2022
Evalian® (“we”, “our”) is an information assurance business. We provide consultancy and support services to other businesses to help them manage risk, meet their compliance obligations and improve their information security.
Data protection is what we do for a living and we believe in the importance of meeting our obligations. We will always process your personal data lawfully, fairly and transparently and in the same manner that we would expect others to process our personal data.
We keep the personal information we collect to a minimum and we protect it. You have rights you can exercise, explained below, and you can contact us to ask about the personal information we hold about you or to exercise your rights.
If we are making decisions about the purposes for which we process your personal information, and the means of doing so, we are acting as a data controller. In this case, the data controller is evalian® Limited. Our ICO registration reference number is ZA444797.
If we are processing your personal information on the instructions of one of our customers (such as your employer, for example), it is likely we are working with it as a data processor in line with a written contract. In this case, the data controller will be our customer and your personal data will be processed as set out in their privacy notice.
We collect and use certain categories of personal data for the following purposes:
If you contact us using our website, by email or through social media, we collect the personal information you provide to us. This typically includes your name, job title, employer business address, business email and any additional information you include in your message.
We use the personal information you provide to us to respond to your enquiry. It is in our legitimate interests to communicate with you in response to your message.
We provide a newsletter to individuals who have signed up to receive it. We use your name and email address to send the newsletter. We send our newsletter to you with your consent.
You can withdraw your consent or object to us sending it to you at any time by unsubscribing using the link in the email or by contacting us using the details below.
Where we provide services to your organisation, we are likely to process your personal data for one of two purposes:
Firstly, we will collect and process your name, job title, employer business address and business email if you are a key contact for the service we provide. It is in our legitimate interests to collect and process personal information about individuals working at client organisations for the purpose of providing them with services, communicating about requirements, promoting our services and taking instructions.
Secondly, we will collect and process your name, job title, employer business address and business email if we need to communicate with you in relation to a service we are providing to your employer, such as where we are acting as a data protection officer or consultant or you are accessing our online data protection training. In this case, we will be collecting your personal information as a data processor, and acting in accordance with written instructions issued by our client.
If we promote our services to you
We may contact you using data provided by our supplier Cognism to promote our services and, hopefully, build a sales relationship with you. The data we receive from Cognism covers your name, business email address, job title, employer details and your telephone number.
We will only contact you using the data provided by Cognism if we think our services are a good fit for your organisation and will always do so respectfully. Any emails will be personally sent and we won’t add you to automated sales marketing lists (because we don’t use them).
Whilst this might sound like generic corporate flannel, we genuinely mean it so please contact us if you think we haven’t met this standard when contacting you to promote our services and we’ll look into it.
When we use data from Cognism to contact you we do so because it is in our legitimate interests to promote our services to individuals at organisations that we think may be interested in or would benefit from those services. You can object to us contacting you to promote our services by telling the person that telephones you, replying to their email or by contacting us.
You can manage and delete cookies through your web browser settings, as set out in our Cookies Notice.
We share your personal data with our cloud service provider, Microsoft, whose Office 365 services we use for file storage and email. Our Microsoft hosting is located in the UK and they act as our processor.
We may also add your contact information to other cloud platforms we use to send you newsletters or to manage customer relationships. All such suppliers are processors to Evalian and we carry out data protection compliance and information security due diligence on all suppliers with access to our data before working with them and during the period they provide services to us.
We may also share your personal information with our professional advisers including our lawyers and auditors where it is strictly necessary. It is possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order.
It is unlikely that we’ll ever share your personal data outside the UK or European Union (EU) or European Economic Area (EEA). If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations located in countries based on the UK adequacy regulations or benefiting from a European Commission adequacy decision or on the basis of Standard Contractual Clauses approved by the European Commission or the IDTA approved UK government which contractually oblige the recipient to process and protect your personal data to the standard expected within the EU/EEA or UK.
We retain your personal information for as long as it is reasonably necessary for the purpose of our relationship, for as long as we are legally obliged or until you object to us processing your data or withdraw your consent to us doing so.
You have the following rights in respect of your personal data:
If you wish to exercise your rights, please contact us at email@example.com
You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/
If you have any questions or wish to exercise any of your rights, then you can write to:
Leylands Business Park,
Alternatively, you can email us at firstname.lastname@example.org. You can also call us on 03330 500 111.
We may update this Privacy Notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to services we offer. When changes are made, we will update the ‘Last Updated’ date at the top of this page. Please review this Privacy Notice periodically to check for updates.