Statement of Compliance

The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data.

It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.

 

flick is committed to high standards of information security, privacy and transparency.

We place a high priority on protecting and managing data in accordance with accepted standards and will achieve IASME Governance certification and Cyber Essentials Certification during 2018 to publicly evidence our compliance.

The company will comply with applicable GDPR regulations when they take effect in 2018, including as a data processor, while also working closely with all our 3rd party data processors to ensure they meet their contractual obligations under the GDPR.

 

To ensure we meet our obligations, we can confirm the following statements:

  • We have carried out a data ecomap to identify all Personal Information held and understand how the information flows between us and external data processors. We do not hold any Special Category Data on Customers or Prospective Customers.
  • We have a documented Data Protection Impact Assessment (DPIA) and Privacy Impact Assessment (PIA), which covers our day to day business. Should we take on new project works, a DPIA and/or PIA will be conducted before the start of the project as required.
  • Should a data breach occur, we will inform any clients who may be affected, report the breach to the ICO and implement any corrective actions necessary to prevent any such reoccurrence.
  • All our staff are trained on their responsibilities to handle data securely on induction and then every 2 years (or sooner if there are major legislative changes).
  • You have a right to erasure from our systems and a right to a record of the information we hold on you. If you would like to request this information, please submit your request in writing to gdpr@flicklearning.com.
  • Where Personal Data is being transferred outside the EU, this will be detailed in our Fair Processing Notice. All Personal Data, where held, is held securely with limited access for our staff based on the role they hold.
  • When processing data we undertake the following:

- The processing is lawful, fair and transparent.
- We are transparent about what the data is being used for.
- Data is collected for a specific purpose.
- The data is necessary for the purpose.
- The data is accurate and kept up to date.
- Data is not kept for longer than necessary.
- The data is kept safe and secure.

 

For further clarification on any of the above, please address correspondence to gdpr@flicklearning.com.

We last updated this page and its content for you on 4th May 2018.

 

Flick Learning Ltd

Fargo Studios, 54 Grafton Street, Coventry, West Midlands, CV1 2HW. Copyright 2018 All Rights Reserved. Company No. 09270577