Information Audit Document
This Information Audit Document Submitted by the Data Protection Officer of Stakefield Limited Sandeep Anand describes how Stakefield Limited (“Stakefield,” “we,” “our” or “us”) hold, use, store and share information in connection with your use of our services, and applications (collectively, the “Services”).
We recommend that you read this Information Audit Document in full to ensure you are fully informed.
INFORMATION WE COLLECT
Information You Provide
- Personal Information: When you register for our service, we may ask for your contact information, business title, business address, zip code, telephone number, email address, business fax number.
- Communications : If you contact us directly or through our chat window, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us.
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
Information We Collect When You Use Our Services
- Your name, address, and contact details
- Information about any communications you made.
Information We Receive from Third Parties
- Third-Party Partners. We may also receive publicly available information about you and combine it with data that we have about you.
- Your location, IP address, browser information, time you spend on our website, the number of visits you made and your referral websites or links.
HOW WE USE INFORMATION
The company uses the information we collect in various ways. This includes:
- Provide and improve our service.
- Understand, analyze and train our employees with the respective client knowledge base, develop new services, features, and customer case studies.
- To contact you about the services on our site in which you have expressed interest.
- To provide you special offers and information about the services that are similar to the ones you have already purchased or have shown interest in.
- Communicate with you, either directly or through one of our employees including for customer service, feedback, to provide you with updates and other information relating to the services.
- Find and prevent fraud.
- For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency
- Notify you of any changes to our website or to our services that may affect you.
HOW WE SHARE INFORMATION
We may share the information we collect in various ways, including the following:
- Vendors and Service Providers. We may share information with third-party tools or software with your consent for helping you provide our services.
- For processing card payments
- Business Transfers. Information may be disclosed and otherwise transferred after your consent to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
HOW WE RETAIN/DELETE YOUR INFORMATION
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
At anytime, before, during or after our service commitments, you have the right to delete the data on a request to us through our email firstname.lastname@example.org
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
Stakefield takes privacy issues seriously and wants to protect your rights. We understand and respect your concerns regarding privacy and make your online experience satisfying and safe. To do so, we employ a variety of security technologies and measures designed to protect information from unauthorized access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Our project office is located in a 24/7 public access restricted space secured by state police department. Our office infrastructure is 24/7/365 monitored with CCTV cameras and access to the working spaces are restricted by a biometric system.
YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the EEA, you have the following data protection rights:
- Transparency and modalities: In order to ensure that personal data are processed fairly, EU data protection law obliges Stakefield to communicate transparently with data subjects regarding the processing of their data.
- Rights of data subjects: We at Stakefield are obliged to give effect to the rights of our clients under EU data protection law.
- Identifying data subjects: Third parties might attempt to exercise a data subject’s rights without proper authorisation to do so. Stakefield will ask data subjects to provide proof of their identity before giving effect to their rights.
- Exemption where the controller cannot identify the data subject : If Stakefield cannot identify the data subject, Stakefield is exempt from the application of certain rights of that data subject.
- Time limits for complying with the rights of data subjects : Stakefield is obliged to give effect to the rights of data subjects within specified time periods, in order to avoid the frustration of those rights through excessive delays.
- Right to basic information : Stakefield is only entitled to a minimum set of information mentioned in (1)(2)and (3) concerning the purposes for which their personal data will be processed.
- Right of access: EU data protection law obliges Stakefield to provide data subjects with access to their personal data.
- Right to rectification: Stakefield will ensure that inaccurate or incomplete data are erased or rectified. Data subjects have the right to have personal data rectified where the controller fails to comply with the Directive.
- Right to erasure (the “right to be forgotten”): Our clients have the right to have personal data erased or “blocked” where Stakefield fails to comply with the Directive (especially where the data are inaccurate or incomplete).
- The right to restrict processing: In some circumstances, data subjects may not be entitled to require Stakefield to erase their personal data, but may be entitled to limit the purposes for which the Stakefield can process those data (e.g., the exercise or defence of legal claims; protecting the rights of another person or entity; purposes that serve a substantial public interest; or such other purposes as the data subject may consent to).
- Notifying third parties regarding rectification, erasure or restriction: Where a controller has disclosed personal data to any third parties, and the data subject has subsequently exercised any of the rights of rectification, erasure or blocking, the controller must notify those third parties of the data subject’s exercising of those rights. The controller is exempt from this obligation if it is impossible or would require disproportionate effort.
- Right of data portability: Data subjects have the right to transfer their personal data between controllers (e.g., to move account details from one online
- Right to object to processing: Data subjects have the right to object, on any compelling legitimate grounds, to the processing of personal data, where the basis for that processing is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and data subjects may have a right to object to such processing. Right to object to processing for the purposes of direct marketing: Data subjects have the right to object to the processing of their personal data for the purposes of direct marketing
- If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing email@example.com
- In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing firstname.lastname@example.org
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
INTERNATIONAL DATA TRANSFERS
This audit was done and the report was submitted by Sandeep Anand, Data Protection Officer, Stakefield Limited.