Privacy and Data Protection Policy

In accordance with the General Data Protection Regulation (GDPR) the following is a description of the way Extac processes personal information in order to carry out its business. The policy refers to all information accessed from both current and past business clients and contacts and outlines the reasons for processing, principals applied and data held.

Reason and Purpose of Processing information
Extac processes information to enable it to provide consultancy, advisory and training services to the downstream sector of the industry. In addition, where appropriate, it needs to process information when dealing with local government and the third party sector when advising on organisational change and welfare provision. It also handles data when dealing with information on AFILEA (Alliance of Families for Independent Living -East Anglia) details of which are available on request.

Data Protection Principals
Under GDPR, all personal data obtained and held by Extac is processed according to a set of core principals. In accordance with these principals, we will ensure that:
a) processing is fair, lawful and transparent
b) data is collected for specific, explicit, and legitimate purposes
c) data collected is adequate, relevant and limited to what is necessary for the purposes of meeting stated business needs
d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
e) data is not kept for longer than is necessary for its given purpose
f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisational measures. This includes international transferring of data.

Types of Data Held
Extac keeps several categories of personal data on business and client contacts in order to carry out effective and efficient processes. This data is kept in dedicated files, which includes computer storage and handling and it is used only for the business in hand with each client and business contact. Typically the data held will include business name and position, and personal details such as name, address, telephone numbers and email details.

Lawful Basis for Processing
The law on data protection allows Extac to process your data for certain reasons only. In the main data is only processed in order to comply with a legal requirement or in order to effectively manage the business relationship the company has with each client and business contact. In such cases Extac will ensure the details are held securely and that the information is only used for the stated business purpose.

Who We Share Your Data With
in order to effectively provide the agreed business activities, Extac may choose to share data with other organisations with whom it works closely. You will always be advised of the third party organisation selected. We expect such third parties to implement appropriate technical and organisational measures to ensure the security of your data.

Retention Period
Extac will keep client and business contact data for as long as is needed for the stated business process and if appropriate to advise of relevant future business apportunities that may arise from time to time. If you do not wish your data to be retained you have the right to request its deletion from Extac’s system at any time.

June 2018