Most personal information we collect is stored on electronic systems in the UK.
However, there are some occasions when your information may leave the UK, some personal information may be stored on computer services located in the European Economic Area (EEA). For example, if it needs to be transferred to another organisation, which may be based outside of the UK or that uses systems which store information outside of the UK.
Generally, personal information in our control will not be sent outside EEA, unless stored within cloud-based computer services. If this is done appropriate assessments, procedures and technologies will be put in place to maintain the security of all personal information processed outside of the EEA.
We will take appropriate steps to make sure we hold records about you in a secure way, including:
- all employees, and those acting on our behalf, who have access to your personal information or are associated with the handling of that data are obliged to respect the confidentiality of your personal information.
- all employees, and those acting on our behalf, undergo annual mandatory information security and data protection training.
- there will be procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.
We will only hold your personal information for as long as needed and in line with legal requirements or industry guidelines. The storage time for personal information varies between our services.