Levett Consultancy is committed to GDPR compliance, We are also committed to helping our customers with their GDPR compliance journey by providing them with the protections we have built into our services and contracts over the years.

What is GDPR

The General Data Protection Regulation (GDPR) is a European Union (EU) law which took effect on May 25, 2018. The goal of GDPR is to give EU including UK citizens control over their personal data and change the data privacy approach of organisations across the world.

Standards and Certifications

Levett Consultancy undertakes regular audits, maintain certifications and provide industry-standard contractual protections. We are registered with the Information Commissioner’s Office and have obtained the UK Government Cyber Security Essentials certification.

Identity and contact details of the Data Controller

Levett Consultancy is a Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 2018 (DPA) and the new General Data Protection Regulation (GDPR).

Contact details of the Data Protection Officer

Levett Consultancy has a Data Protection Officer who can be contacted through dpo@levettconsultancy.co.uk

What information do we collect about you?

Information from the customer is required by us to be able to deliver your contracted services. Where personal data as defined with the GDPR guidance is required by Levett Consultancy to deliver a contracted service, you will be asked for your consent. At any point, you can withdraw your consent and any data obtained by the company will be deleted securely.

How will your information be used?

The information that we collect is to help us provide services to you. In addition to this, we may use the information for one or more of the following purposes:

  • To provide contractual services to your organisation that you have purchased from us;
  • To provide information to you that you request from us relating to our services;
  • To provide information to you relating to other services of interest to you;
  • To inform you of any changes to our services.

Transferring data internationally

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. Levett Consultancy does not transfer personal data outside the EU unless international organisation or third country complies with Chapter V of the GDPR.

How long will your information be held?

We retain your data for no longer than is necessary. What is necessary will depend on the circumstances of each case, taking into account the reasons how that the data was obtained.

Security of your information

The systems we use to store data are certified to ISO 27001 (Information Security Management), ISO 27017 (Cloud Security) and ISO 27018 (Cloud Privacy). All company staff are trained and fully aware of data protection. Levett Consultancy systems and security are audited annually to achieve Cyber Essentials certification.

Our Supply Chain

We have contracts in place with all of our suppliers. Our suppliers are also asked for confirmation that their internal systems and processes and those of any subcontractors in their supply chain comply fully with the GDPR requirements

How to make a GDPR complaint

If you are unhappy with the way in which your personal data has been processed you may in the first instance contact the Levett Consultancy Data Protection Officer using the contact details above.

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: –

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF
www.ico.org.uk