Incisive takes privacy seriously, and takes all necessary steps to comply with the the Data Protection Act 2018 and the GDPR. In accordance with those regulations, the following sets forth what data we collect, for what purpose, how it is shared, how and where it is stored, what rights the data subject has, and our process in the event of a data breach.
We may collect some or all of the following personal data from clients and potential clients of Incisive:
The data we collect is used for communication purposes with clients in pre- and post- sales circumstances. The data is used to facilitate communications with clients and potential clients.
Personal data is only shared with associated service providers of Incisive in the service of establishing a consulting engagement or in service of an engagement. When such sharing occurs, it is always with the knowledge of the owner of the data. Incisve will not share data with any other parties such as marketing analytics firms.
With the exception of email, all personal data is stored within the UK on encrypted hard disks. Some data may leave the UK/EU temporarily on personal computing devices during business trips, but all such devices have their storage encrypted. Personal data is never left on systems outside the UK/EU.
With respect to email, these communications are stored on encrypted local systems as well as within Google's encrypted email systems. Email may be stored outside of the UK/EU, however Google is certified under Privacy Shield and hence this storage is allowed under the Data Protection Act and GDPR.
Right to access
In accordance with the Data Protection Act and GDPR, a data subject has the right to be told all personal data held by Incisive on him or her. Data subjects can submit a subject access request by writing to Incisive at address on the Contact page specifying that they wish Incisive to disclose all personal data it holds on the subject. Incisive will verify the identity and request with the data subject, after which it will responsd within 30 days with the data held by Incisive.
Right to be forgotten
Each data subject has a right to request that Incisive delete all personal data it holds on the subject, with the exception of data that is to be used in conjuction with a legal claim. To request Incisive delete a data subject's data, write to the address on the Contact page requesting that Incisive delete all data for the data subject. Incisive will verify this request with the data subject, and once verified Incisive will ensure that all data (except as noted above) will be deleted within 30 days of receipt of the request. After the deletion, Incisive will provide the data subject confirmation of the deletion.
Right of data transport
Data subjects have the right to request that all personal data held on them by Incisive be provided to the data subject in a portable electronic format. If a data subject desires this information, they should submit a request using the address on the Contact page stating their desire to receive electronic versions of all personal data. After Incisive verifies the request by contacting the data subject directly, it will then provide electronic copies of all personal data for the data subject within 30 days. This data will be in standard file formats and will be provided either via email, via shared directory on Google Drive, or on physical media.
If Incisive suspects that there has been a breach of their systems and personal data may have been improperly accessed, it will take the following steps: