Balance Virtual Assistance takes information privacy serious
At Balance Virtual Assistance we are committed to protecting and respecting the privacy of our clients, their callers and anyone else we encounter in the course of our business. In compliance with the General Data Protection Regulation (GDPR), we recognise the need to ensure that any personal data that we may collect is properly protected and that we are transparent and responsible in the way we handle it.
1. What we do with personal data
We use personal data to provide our clients and their callers with our services. That includes:
Delivering callers’ information to our clients, as requested by both those parties;
Providing our clients with billing information and reports;
Using data analytics to improve our website, products/services, marketing, customer relationships and experiences;
Legal, regulatory or business reasons such as assisting with crime and fraud prevention.
All of these are carried out in compliance with the General Data Protection Regulation (GDPR).
2. How long we hold data for
We retain clients’ information while they remain a client and after they have left us. We retain caller information while the relevant client has a service with us and after they have left us it is deleted within 3 months. We use clients’ information to provide them with the products and services they have selected. We use callers’ information to allow us to provide our service to our clients; to allow us to provide and support invoices to our clients; and archiving and statistical purposes.
For example, we might need to sort out disagreements, stop fraud and abuse, prove that a client had an account with us or follow our legal obligations. Or the police may need it as evidence. We may also keep information about how our clients use our services. In each case, the length of time that we need to keep the information may be different but, in compliance with the General Data Protection Regulation (GDPR), we will only keep the information for as long as we need it.
3. Who we share personal data with and why
We sometimes share information. This is always done in compliance with the General Data Protection Regulation (GDPR) and includes the following situations:
In the course of providing our service, we will deliver information given to callers to the client for whom we answered that call. We do this because the nature of our service is that we collect information on our clients’ behalf;
With partners, suppliers, agents and subcontractors who help us deliver the products and services our client has chosen to use;
When the client or caller have provided consent;
When we have legal or regulatory requirements such as a request from the competition authority, law enforcement agency or a credit reference agency.
4. What data we hold
We collect information in three ways:
Directly from our clients, in taking instruction from them or within application or registration forms. In respect of this information, Balance Virtual Assistance is a Data Controller;
Direct from callers, in speaking with them on behalf of our clients. In respect of this information, Balance Virtual Assistance is a Data Processor;
From the services our clients use, such as the call transfers and emails requested by our clients;
These are all carried out in compliance with the General Data Protection Regulation (GDPR).
5. What rights you have
Under the terms of the General Data Protection Regulation (GDPR), you have the right to:
To update your personal data. You can update or amend your information by contacting Bella at email@example.com;
To ask us to delete your personal data. However, there may be circumstances where we are legally entitled to retain it, for example to allow us to provide, invoice and evidence our service;
To get a free copy of your personal data. A subset of your data (limited to data that you have provided to us) is available in a machine-readable format if required;
To object to the processing of your data and have it restricted. There may be circumstances where you ask us to restrict the processing of your information, but we are legally entitled to refuse that request, for example to allow us to provide, invoice and evidence our service;
To review some automated decision-making or profiling (automated processing to determine certain things about you);
The right to make a complaint to the Information Commissioner (www.ico.org.uk) if you think that any of your rights have been infringed by us.
6. Our marketing policy
In compliance with the General Data Protection Regulation (GDPR), we ensure that we provide our clients with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use our clients’ contact, technical or communications data to form a view on what additional services might be of interest to them.
Clients, former clients and companies or individuals who have approached us to enquire about our services may receive marketing communications from us unless they have explicitly requested that we do not send them marketing communications;
Clients can ask us to stop sending marketing messages to them by contacting us at any time.
We will never give our clients’ personal data to a third party for marketing unless they have expressly given us their permission to do so;
In the course of providing our services, we collect information from individuals who have called our clients. We do this under the instruction of our clients and with the permission or at the request of the caller. We will never give the personal data of anyone who calls any of our clients to a third party for marketing unless they have expressly given us their permission to do so. Similarly, we will never ourselves use the personal data of anyone who calls any of our clients to carry out any marketing activity unless they have expressly given us their permission to do so.
7. How do we ensure data is secure?
A key requirement of the General Data Protection Regulation (GDPR) is security of data. Balance Virtual Assistance is committed to keeping data secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We use a variety of security technologies and procedures to help protect data from unauthorized access, use or disclosure. These include but are not limited to the use of: encryption, password protection, firewalls and software designed to combat viruses and other malware.
All data is encrypted via SSL when transmitted between our servers and your browser. We do not store any payment or credit card information on our servers. The data is encrypted and securely stored by ours and our clients' payment processing partners, Stripe, Worldpay and GoCardless. All of these partners are subject to the General Data Protection Regulation (GDPR). Please review their Security Policies & Procedures for more information.
8. Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
More information about how to decline cookies: http://www.allaboutcookies.org
More information about Google Analytics: http://www.google.com/analytics/learn/privacy.html
About Computer Cookies: www.allaboutcookies.org
10. Contacting Balance Virtual Assistance
If you would like more information or would like to raise any queries with us in relation to your information under the terms of the General Data Protection Regulation (GDPR), you can contact us by writing to the Data Protection Officer at:
Data Protection Officer
Suite 7, Riverside Court Offices
Or by calling 07732520247.
11. Changes to this Privacy Notice
12. Resolving Privacy Issues
In the event of a data breach, in compliance with the General Data Protection Regulation (GDPR), we will report the breach to the Information Commissioner’s Office, where feasible, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform those individuals without undue delay. We will keep a record of any personal data breaches, regardless of whether we are required to notify. We will always try our best to resolve any data privacy issue you may have. You have the right to refer any data privacy issue to the Information Commissioner’s Office at any time.