Privacy Policy

Who are we?

We are iSIZE Limited, a company which provides specialist deep learning products and services for video delivery. Our contact details are set out at the end of this Privacy Policy.

What does this Policy cover?

This Privacy Policy explains our use of personal data through the website, if you choose to contact us and our use of business contact details.

What personal data do we collect and why do we use it?

The table below explains who we collect personal data about, what that personal data is and the purpose. The last column sets out the ‘lawful basis’ we rely on for processing that personal data which is a requirement of data protection rules. Essentially, companies may only process personal data if they can identify a lawful basis from a list set out in the legislation.

 

Individual

Personal Data

Source and Purpose

Lawful Basis for Processing

Individuals who contact us.

 

 

Contact details provided and correspondence.

This information is given to us by you. It is used to respond to the query and keep a record of it.

Our legitimate interests as a business in responding to and keeping a record of correspondence.

Clients and potential clients.

Contact details provided and correspondence. Contracts.

This information is given to us by you or from publicly available information (for example on your website). It is used for us to fulfil contracts and engage in business discussions.

Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.

Suppliers and contractors.

Contact details and provided correspondence.

This information is given to us by you or from publicly available information (for example on your website).

It is used for us to fulfil contracts and engage in business discussions.

Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.

Candidates.

CV, contact details, reference information and correspondence.

This is information given to us by you or from third party referees. It is used to assess the suitability of candidates applying for a position with us.

Our legitimate interests of assessing the suitability of candidates applying for a position with us. Any health or other sensitive information is only collected if you have chosen to give it to us/consented.

Website visitors.

Information from cookies.

This information is collected via the cookies when you use our website.

We only install non-essential cookies with your consent

 

How long do we keep your personal data for?

We keep your information only for as long as is necessary for the relevant purpose. For example, if we have a contract with you, this will be for 6.5 years after expiration or termination, in order to assist us with any contractual claims. We use a number of criteria for determining the retention period including obligations under law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.

How do we protect your personal data?

We need to have adequate technical and organisational security measures in place to ensure the Personal Data we hold on Data Subjects is properly protected. This must be done in a manner proportionate to the risk faced by the individuals whose Personal Data we hold, in the event that this data is compromised. This protection is against unauthorised and unlawful Processing and against accidental loss, destruction or damage to the Personal Data we hold.

In the event of a security breach – i.e. unauthorized access to Personal Data such as a laptop being left on a train or a phishing attack (subject to certain conditions) we have an obligation to report this security breach to the ICO in the UK (and any other applicable regulators) and the Data Subjects whose Personal Data have been breached. Our obligations apply in the following situations:

  • Our obligation to notify the ICO (details and notification forms being set out on its website) applies if the breach is likely to result in a risk to the rights and freedoms of any individual. We are required to make the notification without undue delay and in any event within 72 hours from when we first became aware of the breach.
  • Our obligation to notify the Data Subjects whose Personal Data have been breached applies if the breach is likely to result in a high risk to the rights and freedoms of any individuals. We are required to notify the affected Data Subjects without undue delay.

How We Comply:

Physical Security

 

Access

Access to our premises is restricted to only employees and authorised visitors with appointments.

There are access barriers in place at the entrance of our business premises and security access-controlled doors restrict access to different areas of the premises. Electronic key cards/fobs /number access panels are in use.

Storage

All material paper files and documents are kept in securely locked filing cabinets. The keys are kept in a secure location with only authorised personnel having access.

All computers must be logged out at end of day or when employees leave their workspace for extended periods.

We have a policy in place that governs how data Processed within the organisation is to be stored securely and training on storing information is carried out at onboarding.

Technical Security

 

Access Controls

We have access controls in place that restrict who can access Personal Data within the organisation. These controls ensure that only those who need to have access to Personal Data are given access. The controls are restricted by function and role. Only managers have the authority to alter what employees can and cannot access.

All our organisational systems are password protected so only authorised personnel have access. We have a requirement for passwords to be changed regularly to maintain security.

We have access logs in place which record who accesses Personal Data in the systems and actions performed on the Personal Data when accessed.

We have good off boarding processes to ensure that once an employee leaves our business all access of that employee within the business is revoked.

Encryption

Where we store Personal Data electronically, we use encryption to ensure this data is secure.

Pseudonymisation (where an individual cannot be automatically identified just from that data – for example using an employee ID number)

We use pseudonymisation where possible, especially when Special Category Data is involved. This is the case where the purposes for keeping Special Category Data have elapsed, but the data is of value to our business.

We also conduct reviews of our databases annually to ascertain what data can be pseudonymised.

Anonymisation (where an individual cannot be identified at all whether from the data itself or even when matching or using other data)

We anonymise Personal Data where possible and especially in situations where we do not require the identity of the person who the data is about, for example where the purposes for keeping Personal Data have elapsed but the data is of value to our business for statistical and analytics purposes.

We conduct reviews of our databases annually to ascertain what data can be anonymised.

Data Security Incident Management

 

We train our staff on the actions to take in the event of a Personal Data breach. This involves who to contact immediately, who is in charge of the investigations that follow and who escalates the incident to the ICO and affected individuals where necessary. We will review this process annually and schedule a breach simulation exercise at least annually.

Who do we share your personal data with?

Data may be shared in the following circumstances:

  • with professional advisors;
  • in order to conduct checks on you to verify the information you have provided us with where you are being considered for a position or contract with us;
  • in the event of a sale of the company or its assets;
  • with suppliers but only subject to robust contractual protections; and
  • with clients on a need to know basis.
What happens if you do not provide us with the information we request or ask that we stop processing your information?

 If you do not provide the personal data necessary, we may not be able to respond to your query or consider your application or request.

Do we make automated decisions concerning you?

Automated decisions are those made without human intervention that have a legal effect on you or other similarly significant effect (for example determining whether you are eligible for a job). We do not carry out this type of processing activity.

Do we use cookies to collect personal data on you?

In order for ISIZE to understand how users interact with this website and to help ISIZE develop and improve it, this website uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

You may refuse the use of cookies by blocking or filtering on the cookies preference of your browser; however if you do this you may not be able to use the full functionality of this website.

The table below explains the main cookies we use:

okie

Added by

Usage

PHPSESSID

ISIZE

User session.

wp-settings

ISIZE

Editor settings.

wp-settings-time

ISIZE

Local user time setting.

language

ISIZE

Browser language.

_ga

Google

Google analytics.

_gat

Google

Google analytics.

 

Do we transfer your data outside the UK and/or the EEA? 

We may sometimes transfer your personal data to countries outside the UK and/or European Economic Area (or between the two), for example if we are using a supplier based elsewhere. You can find the list of member states by clicking on the following link: https://ec.europa.eu/eurostat/statistics-explained/index.php/Glossary:European_Economic_Area_(EEA). The privacy laws in countries outside the European Economic Area and UK may be different from those in your home country.

Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.

What rights do you have in relation to the data we hold on you?

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK this is the Information Commissioner’s Office.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests; or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request in some circumstances.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

 
 

Rights

What does this mean?

1.         The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, do please get in touch.

2.         The right of access

You have the right to obtain access to your information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy).

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

3.         The right to rectification

You are entitled to have your information corrected if its inaccurate or incomplete.

4.         The right to erasure

This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions.

5.         The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

6.         The right to data portability

You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us.

7.         The right to object to processing

You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing.

8.         The right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.

9.         The right to withdraw consent

 

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

 

How can you contact us?

If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, contact us here: info@isize.co.