Privacy Policy
Pilgrims RMG ISO27001 ISMS, GDPR and Data Protection Policy
Download a copy of our full Privacy Policy.
The ISMS Policy includes a commitment from management to demonstrate leadership and commitment with regard to the IS Management System in accordance with the requirements of the International Standard.
PRMG maintain an ISMS Policy Statement that is appropriate to PRMG and details its commitments with regard to the IS management system. The requirements of the ISMS policy are communicated within the PRMG and made available to other interested parties.
ISMS Policy Statement
PRMG is committed to meeting all legal requirements and to continual improvement, achieving consistently high ISMS standards and taking a ISMS approach to all key managerial functions.
The aim is to provide a safe, friendly, and courteous service to our customers using well-qualified, motivated, and trained staff.
We are committed to establishing and reviewing the ISMS objectives of the IS management system and communicating these to all members of the organisations staff. This policy will be fulfilled through the adoption and implementation at all times of the ISMS management system as required by ISO 27001:2013.
The protection of your personal information is of paramount importance to us. We will use data that you do choose to provide or that is being collected through your use of the website and which can identify you, only in line with the provisions of this Online Privacy Statement and in accordance with applicable data protection regulations.
This Online Privacy Statement sets out the type, scope and purpose of collecting, processing and using personal information you do choose to provide.
We do not store credit card details nor do we share customer details with any 3rd parties.
Personal identifiable information means any information on the basis of which an individual (the data subject) can be identified such as e.g. name, email address, phone number or the like.
For more information on your rights of access, rectification and erasure of any personal data that we may hold about you, how to exercise these rights, and our contact details, please see section 5 & 6 in our full policy document.
For the purpose of the General Data Protection Regulation (“GDPR”) and the Data Protection Bill 2017 (hereinafter collectively referred to as “Data Protection Laws”), the data controller is NDC Global Auditors Ltd of Windmill Hill Business Park, Whitehill Way. Swindon. SN5 6QR (hereinafter “NDC Global Auditors Ltd”). For more information on NDC Global Auditors Ltd see section 7 in our full policy document.
Our supervisory authority for data protection purposes is the Information Commissioner’s Office (ico.org.uk). If you believe that we have processed your personal data in breach of this Online Privacy Statement or the relevant laws and regulations, you have the right to lodge a complaint with the Information Commissioner’s Office.
This Online Privacy Statement does not cover other websites with their own Online Privacy Statements. We encourage you to read the Online Privacy Statement on the other websites you visit.
By visiting our website you are accepting and consenting to the practices described in this policy.
1. Storage and transfer of information to third parties
We will store your information on our secure servers and may share your personal information with members of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) and third party service providers who assist us in targeting certain audience types, tailoring advertising, improving, and optimizing our website.
We may transfer the personal information that we collect from you to a destination outside of the UK and, in some cases, outside of the European Economic Area (EEA) if necessary for the processing purposes we have described above (including where we transfer your personal information to third parties). In these cases, staff operating outside of the EEA who work for us or one of our suppliers may process your personal information.
By submitting your personal information, you agree to this transfer, storing or processing.
We will ensure, where your personal information is transferred to third parties or outside of the EEA, that appropriate measures are in place to protect your personal information and ensure that it is processed in accordance with the Data Protection Laws at all times.
2. Duration of data storage
We store your personal data only for as long as it is necessary to achieve the purposes described above. Personal data will be deleted as and when it is no longer required for the purpose or after expiration of existing legal retention periods.
3. Links to other websites
This Online Privacy Statement does not cover the links within our website linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
4. Changes and amendments to our Online Privacy Statement
NDC Global Auditors Ltd may change and amend this Online Privacy Statement from time to time. Changes will be communicated through updates on our website. We recommend that you regularly access our website to ensure that you agree with any changes or amendments.
5. Your rights – Access to your personal information / Right of rectification and erasure
Pursuant to Art. 15 GDPR you have the right to request details of personal information that we hold about you.
In case the information we hold about you is outdated or incorrect you have the right pursuant to Art. 16 GDPR to request an update and correction of the relevant data.
You may also have a right pursuant to Art 17 GDPR to request the erasure of personal data we hold about you provided that we do not have a statutory obligation or an outweighing legitimate interest to keep such data. Finally, under the conditions set out in Art. 18 GDPR, you have the right to restrict processing.
Right to object according to Art GDPR:
1. Right to object on grounds relating to the particular situation:
According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.
If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)
2. Right to object against marketing:
In addition, pursuant to Art. 21 (2) DS-GVO, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.
An objection does not require a particular form and should be directed to the address stipulated in section below.
In addition, you can contact our supervisory authority, the Information Commissioners Office.
As far as the processing of personal data is based on your consent, you have the right to withdraw such consent to the processing of personal data at any time, i.e. regardless of whether it was granted prior to the entry into force of the GDPR. The withdrawal of the consent does not affect the legality of the processing activities carried out until the withdrawal.
Contact Address of the Controller
If you have any comments or questions regarding this Online Privacy Statement or our use of your personal information, or would like to make a request, please contact us at: [email protected].