Data privacy statement 

 To ensure GDPR compliance Look & Cover will: 

  • only act upon written instructions of our clients (normally the data controllers) 
  • be subject to a duty of confidence, and ensure the same of all relevant staff members 
  • ensure the appropriate measures are taken to ensure the security of the processing 
  • only engage a sub-processor on written consent of the data controller 
  • assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR 
  • assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments 
  • ensure to delete or return all personal data to the controller as requested at the end of any relevant contracts 
  • submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state 
  • train our staff to comply with these regulations 

 Our Direct Responsibilities under GDPR are to: 

  • only act on the written instructions of the controller (Article 29); 
  • not use a sub-processor without the prior written authorisation of the controller (Article 28.2) 
  • co-operate with supervisory authorities (such as the ICO) in accordance with Article 31; 
  • ensure the security of its processing in accordance with Article 32; 
  • keep records of its processing activities in accordance with Article 30.2; 
  • notify any personal data breaches to the controller in accordance with Article 33; 
  • employ a data protection officer if required in accordance with Article 37; and 
  • appoint (in writing) a representative within the European Union if required in accordance with Article 27 

 Our policy for controlling data is to: 

  • only collect & retain information necessary to transact with our customers and prospects 
  • ensure that revoked consent requests are managed with 30 days of revocation 
  • ensure to enable right to access within 30 days of request, unless otherwise specified in writing 
  • train our staff to comply with the regulation 

 Subject access requests 

Upon receiving a written subject access request Look & Cover will: 

  • ensure to verify the identity of the person requesting the information 
  • respond in writing within 30 calendar days with the requested information 
  • if requested, initiate the right to erasure process or correction within 30 calendar days 

 What Look & Cover will do should there be a data protection breach 

Should there be a data breach, our staff are trained to inform their line manager immediately, who will in turn, inform an authorised member of personnel at the client and also inform the ICO within 72 hours. 

The information provided to the client and the ICO will include:  

  • what has happened 
  • when and how we found out about the breach; 
  • the people that have been or may be affected by the breach; 
  • what we are doing as a result of the breach 

The management team at Look & Cover are responsible for the compliance and maintenance of this policy. If you have any questions, please do not hesitate to contact us on 01768214383. 

You can also contact us by mail at: Look & Cover, The Box, Eden Business Park Penrith, Cumbria, CA11 9FB.