This agreement sets how Engage Coach International Ltd. handles personal information supplied to us and collected through our online platforms in accordance with the EU’s General Data Protection Regulation (GRPR)
Engage Coach International Ltd. acts in the role of Data Processor for the purposes of the General Data Protection Regulation (GDPR) and undertakes that any personal data collected and stored within its on-line systems shall be processed pursuant to this regulation on the protection of individuals with regard to the processing of personal data.
Data will be stored and processed for the purpose for which it was intended, e.g. for producing individual, team or organisational reports or other analysis as agreed. Data collected is stored by our IT partner with owned servers in London (UK). We may also use unidentified anonymous data for the purposes of norming and research.
The data are confidential on the protection of individuals with regard to the processing of personal data. Engage Coach International Ltd. will limit access to client data to staff strictly necessary for the performance, management and delivery of contracts we have in place.
Engage Coach International Ltd undertakes to take appropriate technical and organisational security measures in view of the risks inherent in the processing and of the nature of the personal data concerned with the aim to:
- Prevent any unauthorised person from gaining access to computer systems processing personal data
- Prevent any unauthorised reading, copying, alteration or removal of storage media
- Prevent any unauthorised memory inputs as well as any unauthorised disclosure, alteration or erasure of stored personal data
- Prevent any unauthorised persons from using data-processing systems by means of data transmission facilities.
- Ensure that users of our online platform can access no data other than those to which their access right refers
- Record which personal data have been communicated, at what times and to whom;
- Ensure that personal data being processed on behalf of third parties can be processed only in the manner prescribed by the contracting party
- Ensure that during communication of personal data and during transport of storage media the data cannot be read, copied or erased without authorisation
- Design its organisational structure in such a way that it will meet the requirements of data protection
Engage Coach International Ltd. also undertakes to ensure that our obligations in matters of data protection are adhered to by any third-parties or sub-contractors. The applicable law for the obligation of confidentiality and security is under UK law where the processing takes place.
Our standard data retention policy
- Any paper-based data, along with all electronic data will be stored securely on-site by us for the duration of the project/project stage plus 3 months. After 3 months any paper data will be securely destroyed.
- All data will be stored electronically on permanent media, securely and off-site for a period of 3 years (this may be reduced in the event of a specific request or separate client agreement which overrides this)
- Any data originating in the EU region will not be transmitted or processed outside of the region and will be hosted and processed on secure web servers located in London, UK.
- The data will not be shared or transferred to any third party, unless requested in writing by our client in coherent to data protection laws
- Our IT partner conforms to Information Security Management System (ISO 27001) policy.
Individuals have a lawful right to ask for a copy of any personal information held about them, this may be in electronic or paper format. You can make a request for a copy of information we hold about you by email to firstname.lastname@example.org and we will respond to your request within one month.
Engage Coach International Ltd is registered with the Information Commissioner’s Office (Registration Number ZA207877).