Introduction
GDPR (general data protection regulation) is a regulation which is intended to strengthen and unify data protection for all individuals within the European Union. GDPR regulation replaces the 1995 Data Protection Directive, and this document aims to explain how we (Bizdaq (UK) Limited) comply with it.
Lawfulness of Processing Data
We generally process your data under the grounds of a legitimate interest as described by Article 6.1(f) of the Official Journal of the European Union (04/05/2016). Our legitimate interest is to assist data subjects in fulfilling their specific needs (e.g. obtaining a response to an enquiry, acquiring a business valuation, buying a business, selling a business etc).
We may also process data under other lawful grounds, e.g. consent of the data subject (Article 6.1(a), for the performance of a contract (Article 6.1(b), a legal obligation (Article 6.1(c)).
Categories of Individuals and Categories of Personal Data
We process data for multiple reasons, including the effective running of finance, HR, administration and marketing functions within our business. The table below shows the categories of personal data that we process and the groups of individuals that they relate to:
| Categories of individuals
|
Categories of personal data
|
| Employees
|
Contact details, Bank details, Pension details, Tax details, Contact details, Pay details, Annual leave details, Sick leave details, Performance details, Medical details, Next of kin details
|
| Prospective Employees
|
Contact details, Qualifications, Employment history, Ethnicity, Disability details
|
| Customers (E.g. Business Sellers)
|
Contact details, business details, identification
|
| Potential Customers
|
Contact details, Business details, Volunteered details (E.g. Web form, Phone call)
|
| Interested Parties (E.g. potential business buyers)
|
Volunteered details (E.g. Web form, Phone call), Contact details, Business details
|
| Business Buyers
|
Contact details, Identification
|
Recipients of Personal Data
It is necessary for us to share certain personal information with third party data processors, including: HMRC, Outsourced HR, Legal Partners, Third-Party Selling Platforms and Third-Party Marketing Platforms. We only share data with our processors that is necessary for our business to operate properly. For more information about Third Parties that may have access to your data, please refer to our Privacy Policy.
Retention and Erasure Schedules
Bizdaq (UK) Limited will not store personal data any longer than is necessary for the purposes it is being processed and it will be securely disposed of when no longer required. For more information about the disposal of data, please refer to our Data Retention and Erasure documentation.
Data Security
Our internal data and communications are stored in off site replicated servers and is encrypted in transit and at rest. For more information about data security, please refer to our Technical and Organisational Security Measures documentation.
