BRACE privacy notice

Who we are

We are "Business Risk and Compliance Experts" (Brace), a company registered in England and Wales under registration number 14028577 at 1 Union Street, Long Eaton, Nottingham. NG10 1HH, United Kingdom.  Our Germany address is: Eschersheimer Landstraße 42, FRA 60322.

You can find our website at: www.brace-solutions.com.

Our Data Protection Officer can be contacted by telephone on +44 (0)330 117 1502 or email by at: dpo@brace-solutions.com.

How we comply with data protection regulations

We are committed to safeguarding your personal information and we are legally obliged to use your information in line with all laws concerning the protection of personal information. 

Information we hold about you

We collect personal information about you when you enquire about or make use of our services.  Personal information we collect, and hold may include:

• name, address, and e-mail address;

• telephone number;

• information about services you use, and other related information;

• information we need to be able to process payments for you, for example bank and credit or debit card details, and;

• records of contact with you, such as system notes, emails, and letters.

How we get and use your personal information

Most of the personal information we process is provided to us directly by you.  We will only collect, use, hold or disclose personal information where we have a lawful basis to do so.  This means information needed to provide you with a product or service, to satisfy legal or regulatory requirements, or where we have your consent. 

We may use your information to:

• communicate with you;

• keep our records up to date

• process payments;

• for the investigation of or prevention of crime;

• for research and statistical purposes;

• to disclose to regulatory bodies for the purposes of monitoring and/or enforcing our compliance with their requirements;

• process job applications;

• gain feedback from you;

• prevent crime and meet our legal obligations;

• prudentially manage our business using models and forecasts, and;

• keep you informed of other relevant products or services that may be of interest to you where you have provided consent for us to do this.

We may also monitor and keep records of email communications which you send to us and other communications with you in accordance with this policy and our other business interests.

Processing data lawfully

The lawful bases that we rely on for processing your information are:

• Your consent, which you can remove at any time;

• We have a contractual obligation;

• We have a legal obligation;

• We have a vital interest;

• We need it to perform a public task; or

• We have a legitimate interest.

How long we keep your information

We will keep your personal information only for as long as necessary in line with regulatory and legal requirements and will destroy it securely when it is no longer needed.  We have a retention schedule that we use to manage the length of time we keep personal data and if you would like to know any specific timescales listed on it, please contact us using the contact details on this notice.

How we protect your information

The security of your information is important to us.  We protect your information by maintaining physical, electronic, and procedural safeguards in relation to the collection, storage, and disclosure of personal data to prevent unauthorised access, accidental loss, disclosure, or destruction. 

Your information is securely stored in the United Kingdom and Netherlands, within the EU.

No data transmission over the internet can be entirely secure, and therefore we cannot guarantee the security of your personal information and/or use of our sites.  However, we use our reasonable endeavours to protect the security of your personal information from unauthorised access.

Where we process your information

We only process your information within the United kingdom and European Union.

How we share your information 

From time to time we may send information to, receive information from, or exchange your personal information with:

• partners or agents who support us to deliver our products and services to you, or that we refer you to, or that refer you to us;

• companies who perform essential services for us;

• third-party organisations that conduct research, analysis, and marketing activities on our behalf;

• regulators, courts, or other public authorities, or;

• the emergency services in the case of accident or emergency.

We will only share or exchange data with third parties with the protection of a written agreement and the ability to oversee their activities, unless information is required for legal or regulatory reasons. 

Where we have relationships with other organisations that process your information on our behalf, we take care to ensure they have high data security standards.  We will not allow these organisations to use your personal information for unauthorised purposes. 

If the business is reorganised or sold to another organisation, we may transfer any personal information we hold to that organisation. 

In the event that a third party may deliver all or part of the service requested by you, whilst the information you provide will be disclosed to them, it will only be used for the administration of the service provided and to maintain management information for business analysis.

How you can manage the information we hold and how we use it

Data protection regulations mean you have rights over how we hold and use the information we hold about you: 

• Your right to manage consents

You have the right to give your consent to us using your data for any activities we do not have another lawful basis to carry out, for example sending you marketing communications.  You can withdraw consent at any time.

• Your right of Access

You have the right to request access to the information we hold about you; this is called a Data Subject Access Request

• Your right to know about sharing

You have the right to know who your data is shared with and why

• Your right to rectification

You have the right to have your details updated if they are inaccurate and for information not required for lawful reasons to be deleted.  You also have the right to ask us to complete information you think is incomplete.

• Your right to erasure 

You have the right to ask us to erase your personal information in certain circumstances. 

• Your right to object to processing

You have the the right to object to the processing of your personal data in certain circumstances.

• Your right to restriction of processing

You have the right to have automated processing and profiling restricted.  Profiling may be used to analyse or predict economic situations, health, personal preferences, interests, reliability, behaviour, location, or movements

• Your right to data portability

You have the right to request that information we process by automated means is sent to you or another nominated data controller in a commonly used electronically readable format

You are not required to pay any charge for exercising your rights and if you make a request, we will respond to you within one month.

If you wish to action any of the above, please contact us using the details on this notice.  Please do not include confidential information in e-mails or letters.

You can also complain to the UK's Information Commissioners Office (ICO), or any other European regulatory authority if you are unhappy with how we have used your data.

You can contact the ICO in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire.  SK9 5AF or call their helpline on +44 (0)303 123 1113.

Changes to this policy

We regularly review this policy.  You may view the most recent version here at: www.brace-solutions.com

This notice was Last updated July 2023.  (c) Business Risk and Compliance Experts Ltd, 2024.  All rights reserved.