- Purpose and lawful basis for processing
- What we need
- Why we need it
- What we do with it
- How long we keep it
- What are your rights?
- Do we use any data processors?
Our purpose for processing this information is to have a contact point at your organisation and to tell you the outcome of the visit.
The lawful basis we rely on to process your personal data is article 6(1)(e) of the UK GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.
When we conduct an audit or an advisory visit, we’ll take the name and contact details of your organisation’s main point of contact. We may also take details of other staff members during the visit process.
We use the data collected to complete the audit/advisory visit and evidence the information provided.
We may publish a summary of the audit we have completed with you, but this will not contain any personal data. We’ll publish the fact that we have conducted an advisory visit, but this will not contain any personal data.
For information about how long we hold personal data, see our retention schedule.
We process personal data in the visit information in our capacity as regulator, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
For more information on your rights, please see ‘Your rights as an individual’.