> Data protection & privacy
Bridgehouse Company Secretaries
Bridgehouse Company Secretaries (Bridgehouse) takes privacy issues seriously and we are committed to protecting your information. This privacy notice explains what information is being collected about you and how personal information is stored and protected. This privacy notice has been developed in accordance with our legal obligations.
What information is being collected about you?
When you sign up to our newsletter, we collect your name and email address. We may use this information for statistical purposes, however no personal information will be revealed.
How is my personal information stored?
Your personal information is stored in our database and on our website server. We ensure that the database and server, through our third party provider, is secure and can only be accessed by authorised people.
How is personal information protected and used?
All information that Bridgehouse holds concerning you as an individual will be held and processed strictly in accordance with the provisions of the Data Protection Act 1998. Bridgehouse protects the privacy of your information using secure servers. Such data will be used by Bridgehouse to send you our newsletter and to provide you with information about our activities and services and for related purposes. If any information we hold about you is inaccurate we will do our best to correct it quickly once you notify us.
Who will have access to the information?
Only authorised people are permitted to have access to the personal information we hold on you. We do not divulge your personal information to any third parties unless we are required to do so by law.
What is the situation if you live outside the European Economic Area (EEA) or open information sent to you by us when outside the EEA?
Please be aware that if information via email is opened by you outside the EEA, then any personal data contained in that correspondence will be subject to local data protection laws, and may not be protected by the provisions of the Data Protection Act 1998.
A cookie is a small file that we send to your computer or other device that is accessing the Bridgehouse website and that we can then access when you visit the Bridgehouse website again in the future. By sending cookies like this we are able to offer you an improved user experience when using the Bridgehouse website.
When you use the Bridgehouse website, a small number of cookies1 are set. These are:
1) Cookie acceptance cookie (cookieAcceptanceCookie): A cookie that indicates that you have read and accepted the Bridgehouse cookie statement
2) For the main website we use non-intrusive cookies to enhance your visitor experience and monitor website usage. Including a Google Analytics cookie and a web store basket cookie.
4) Google Analytics (__utma, __utmb, __utmc, __utmv, __utmz): We use Google Analytics to monitor how our site is working, which areas are most popular and a number of quality indicators. Google Analytics may set up to five cookies, all of which contain anonymous data.
5) A session cookie: A cookie issued by the ITI website itself when the Cookie acceptance cookie is set, in order to keep you logged in while you are browsing the site. REMOVE
Additional cookies may sometimes be set by third-party services used through the Bridgehouse website. These include but are not necessarily limited to Google, Twitter, YouTube and Facebook.
None of the cookies above contain any personal data or information that could be used to identify you personally. Their purpose is solely to improve the functionality and quality of service of the Bridgehouse website.
Bridgehouse Company Secretaries
Data Protection Policy
Bridgehouse Company Secretaries Ltd (Bridgehouse) is committed to maintaining high standards of security and confidentiality for information in our custody and control. Such information includes business information, trade secrets, know-how and personal data relating to clients, newsletter recipients and employees.
The objectives of this Data Protection Policy are:
- To coordinate the information security and data handling procedures in force at Bridgehouse.
- To promote confidence in the company’s information security and data handling procedures.
- To provide assurances for third parties dealing with the company.
- To comply with the Data Protection Act 1998.
- To provide a benchmark for employees on information security, confidentiality and data protection issues.
Objectives will be achieved by:
- Using qualified external advisers as necessary to advise on security and privacy issues.
- Implementing appropriate information handling policies and procedures for employees to follow and refer to.
- Regular monitoring of the effectiveness of information handling policies and procedures to make amendments and additions as necessary from time to time.
The Eight Principles
The eight principles are stated in the Data Protection Act, to ensure good information handling processes are listed below. All organisations processing personal or sensitive personal data must comply with these principles and failure to do so can result in criminal prosecution.
“Personal data shall be processed fairly and lawfully”
“Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.”
“Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.”
“Personal data shall be accurate and, where necessary, kept up to date.”
“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that
purpose or those purposes.”
“Personal data shall be processed in accordance with the rights of data subjects under this Act.”
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
“Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.”
Tactics for achieving compliance with this policy
The objectives of this policy will be met by the following policies and procedures:
- Information security and appropriate use procedures
- Secure working procedures
- Data retention policy
- Subject access and other rights procedures
- Outsourcing procedures
This policy will also be supported by an open communication policy on information handling, which means that the Company undertakes to inform clients and employees of how it uses information and the purposes for which information is processed.