Who are we?
ODOS Business Solutions (trading as A R Graham Consultancy Limited) are a Business Support Company, providing Consultancy and Support in Data Security (DPA & including ISO10012:2017 Assessment and Certification for EU GDPR), Cyber Security (including preparing organisations for ‘Cyber Essentials’ Certification), Information Security (including assessment and certification to ISO27001:2013), ISO9001:2015 & ISO14001:2015 Consultancy, Confidential Waste Disposal (with certification), Security Consultancy for personal and organisational security matters, Training, practical Health & Safety and HR Support Services.
This privacy notice tells you how we, ODOS Business Solutions, will collect and use your personal data.
At ODOS Business Solutions, our mission, passion and promise is to empower businesses to understand and enhance their own. We will do this through commitment and dedication to working in partnership with our clients, focusing on the product or service they offer, the processes they adopt to facilitate delivery and the people they employ to make it all happen. We will communicate with, motivate and develop their people, create and evaluate their processes, with the objective of creating a competent, knowledgeable and effective organisational culture for continuous improvement. We will empower our clients to understand the very real threat of Cyber-Crime and how to protect their data, in a secure and professional manner.
We will maintain our values and respect the fact that only you own your data and that we are merely temporary custodians of it whilst it is used to enable our commitments to you, to be fulfilled. We will uphold your privacy in accordance with all Laws, Rules and Regulations allowing you the ability to remain in control your data.
In the interests of fairness and transparency we commence our pledge by providing you with clear choices as to how we collect and use your data, why we need it, who has access to it, where it is stored, when we are likely to delete or amend records and for what purpose, and finally, what your rights are to change, withdraw, request or destroy your data.
At ODOS Business Solutions, we acknowledge that your data remains your property and we respect your property whilst it is with us and we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Will ODOS Business Solutions share my personal data with anyone else?
We may pass your personal data on to third-party external service providers, contracted to ODOS Business Solutions in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only as directed by us.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
• Right of access – you have the right to request a copy of the information that we hold about you; • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete; • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records; • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing; • Right of portability – you have the right to have the data we hold about you transferred to another organisation; • Right to object – you have the right to object to certain types of processing such as direct marketing; • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling; • Right to judicial review: in the event that ODOS Business Solutions refuses your request under rights of access, we will provide you with a reason as to why; • You have the right to complain as outlined below.
We will constantly strive to maintain your trust by continuously focusing on our commitment to six key privacy principles:
• Transparency: We are transparent and ethical about how and why we collect and use your data. We will always enable you to make fair decisions and to be clear about how the decision involves your data;
• Purpose: We are open about how your data will be used and promise never to share it, nor use it for anything other than the lawful purpose we have it for, or the purpose you have consented to;
• Boundaries: We will only ask for personal data that is necessary to complete the purpose it is obtained for and we will only allow access to those responsible for delivering our service or product to you or to any other person or organisation that you have specifically or explicitly consented to;
• Control: We empower you to retain control of your data whilst it is with us and your right to privacy. We enable this with clear processes on how we will help you to keep your data accurate and up to date at all times;
• Retention: We will only store or keep your data for as long as is necessary, or for as long as you authorise by consent;
• Security: We will protect your data at all times by ensuring that we only allow access to it by those identified by process, follow the advice and guidelines for Cyber Security, the framework and requirements of ISO 27001 Information Security and the obligations placed upon us by EU GDPR (General Data Protection Regulations), maintain a secure IT network via strong security and encryption and robust data handling procedures within our offices.
These principles are the foundations upon which ODOS Business Solutions’ commitment to Data Security and your privacy, will allow us to demonstrate our commitment to the design and delivery of our products and services, with your Privacy and Data Security afforded the significance they warrant.
If, whilst using our website, you notice something that doesn’t work the way you’d expect when it comes to privacy, please tell us!
What kinds of data does ODOS Business Solutions collect?
ODOS collects data:
• To fulfill our contractual obligations to our external providers, clients and customers;
• To check and confirm eligibility for services;
• To inform our contractors and employees, as necessary, to achieve the above;
• To update, inform, advise or communicate with our external providers, clients, customers and partners who have consented for this.
Our legal basis for processing Data is;
• To satisfy contractual needs;
• Specific or Explicit Consent.
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
We use the data we collect to process and deliver on our agreement with our clients, personalise offers, products and services and ensure that we do whatever we can to help to protect your Data Security and Information Security.
(NB – We DO NOT collect nor process ‘Special Category’ Data other than to securely dispose of it or in the form of external provision where processing is explicitly covered by contractual obligations and lawful purpose).
How will ODOS Business Solutions my personal data?
ODOS Business Solutions will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
We will only retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will ODOS Business Solutions contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Can I find out the personal data that the organisation holds about me?
ODOS Business Solutions at your request, can confirm what information we hold about you and how it is processed. If ODOS Business Solutions does hold personal data about you, you can request the following information:
• Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU;
• Contact details of the data protection officer, where applicable;
• The purpose of the processing as well as the legal basis for processing;
• If the processing is based on the legitimate interests of ODOS Business Solutions or a third party, information about those interests;
• The categories of personal data collected, stored and processed;
• Recipient(s) or categories of recipients that the data is/will be disclosed to;
• If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information;
• How long the data will be stored;
• Details of your rights to correct, erase, restrict or object to such processing;
• Information about your right to withdraw consent at any time;
• How to lodge a complaint with the supervisory authority;
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data;
• The source of personal data if it wasn’t collected directly from you;
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
ODOS Business Solutions accepts the following forms of ID when information on your personal data is requested:
• Driving Licence;
• Birth Certificate;
• Utility Bill (from last 3 months).
What to do if you are not happy!
If, whilst you are browsing our website, engaging with our services or in communication with our Employees or Contractors, you are concerned in any way about the security of your data – please advise us to enable us to address this.
Our Data Protection Officer / GDPR Owner and data protection representatives can be contacted directly here:
Tel: 01905 921029