Your Office & PA GDPR Statement
As part of our telephone answering and administration services Your Office & PA Ltd (YOPA) collects contact information and other details from our customers callers and delivers that data directly to our clients via email, SMS or by phone.
Your Office & PA may collect the following data…
During the course of providing our service, the personal data we collect is that of the caller’s name and preferred method of contact (for example email address or telephone number). We may also ask for additional information based on our client’s requirements, for example postcode, company name, DOB, etc. We also ask the nature of their enquiry, such as what type of product or service they’re interested in and any other related information.
Using our own secure internal systems, we present the confidential data sent to you in the form of a an email or SMS and via our secure client portal.
In GDPR terms YOPA is both a ‘data controller’ regarding our clients’ personal information and ‘data processor’ (also called data importer) as we collect and process data for clients who pay for our services.
The data we collect is lawfully used only by representatives of our client with whom information was collected, in direct connection with the nature of their enquiry. In agreement and through instruction from you, the client, we process the data captured and send it to you in order for you to process the personal data according to the GDPR regulations.
Any information we hold on your company and its representatives and your Clients information is stored electronically, this is never shared and used solely for our contact/contract with you.
As part of our Data Protection and Confidentiality obligations, we have in place stringent procedures safe guarding our customers information which includes;
- Written and signed Confidentiality Agreements for all of our staff covering the processing and use of clients and company information
- Ongoing training in the safe handling of our customers information and it’s storage
- Database/Site PCI Compliance monitoring by PCI DSS Approved Scanning Vendor which includes quarterly site scanning and recommended security updates
- Internal IT Security and disaster recovery in procedures in place