GDPR (general data protection regulation) is a regulation which is intended to strengthen and unify data protection for all individuals within the European Union. GDPR regulation replaces the 1995 Data Protection Directive, and this document aims to explain how we (Intelligent Business Partners Ltd) comply with it.
Lawfulness of Processing Data
We generally process your data under the grounds of a legitimate interest as described by Article 6.1(f) of the Official Journal of the European Union (04/05/2016). Our legitimate interest is to assist data subjects in fulfilling their specific needs (e.g. obtaining a response to an enquiry, acquiring a business valuation, buying a business, selling a business etc).
We may also process data under other lawful grounds, e.g. consent of the data subject (Article 6.1(a), for the performance of a contract (Article 6.1(b), a legal obligation (Article 6.1(c)).
Categories of Individuals and Categories of Personal Data
We process data for multiple reasons, including the effective running of finance, HR, administration and marketing functions within our business. The table below shows the categories of personal data that we process and the groups of individuals that they relate to:
|Categories of individuals
||Categories of personal data
||Contact details, Bank details, Pension details, Tax details, Contact details, Pay details, Annual leave details, Sick leave details, Performance details, Medical details, Next of kin details
||Contact details, Qualifications, Employment history, Ethnicity, Disability details
|Customers (E.g. Business Sellers)
||Contact details, business details, identification
||Contact details, Business details, Volunteered details (E.g. Web form, Phone call)
|Interested Parties (E.g. potential business buyers)
||Volunteered details (E.g. Web form, Phone call), Contact details, Business details
||Contact details, Identification
Recipients of Personal Data
Retention and Erasure Schedules
Intelligent Business Partners Ltd will not store personal data any longer than is necessary for the purposes it is being processed and it will be securely disposed of when no longer required. For more information about the disposal of data, please refer to our Data Retention and Erasure documentation.
Our internal data and communications are stored in off site replicated servers and is encrypted in transit and at rest. For more information about data security, please refer to our Technical and Organisational Security Measures documentation.