IFIC General Data Privacy Notice

1. Legal framework for protecting your personal data
This data privacy notice is written to comply with the European Union General Data Protection Regulation (GDPR). GDPR gives control to citizens and residents over their personal data.

2. Data Controller
• Name: International Fire Investigators and Consultants Limited t/a IFIC Forensics
• Phone: +44 (0)141 639 6611
• Email: it@ific.co.uk
• Address: Rushbrook House, 220 Ayr Road, Glasgow, G77 6DR, United Kingdom

3. Data Protection Officer
• Name: Prof James F Lygate
• Phone: +44 (0)141 639 6611
• Email: gdpr@ific.co.uk
• Address: Rushbrook House, 220 Ayr Road, Glasgow G77 6DR United Kingdom

4. Data Controller’s Lines of Business
IFIC Forensics is the data controller for all lines of businesses under its ownership.

5. How data is used
IFIC Forensics may process personal information as part of forensic investigations, expert witness, claims, fire safety engineering, fire risk assessment, loss prevention, document processing, finance, marketing, risk management and employment.

6. Personal data profile categories processed
IFIC Forensics maintains personal data for:
1. Subjects of investigations, claims, legal proceedings etc;
2. Consultants and other professional experts;
3. Business associates, other professional bodies, advisers;
4. Business contacts;
5. Complainants and enquirers;
6. Customers and clients;
7. Employees;
8. Employers and employees of other organisations;
9. Offenders and suspected offenders;
10. Relatives, guardians;
11. Shareholders;
12. Suppliers and services providers;
13. Witnesses.

7. Automated decision making
IFIC Forensics does not use automated decision making.

8. The legal bases we use for lawful processing
In order for IFIC Forensics to conduct business and fulfil its legal, regulatory and contractual obligations, it needs to perform legitimate and fundamental processing. These bases are:
1. Establishing contracts;
2. Maintaining contracts;
3. Provision of all contracted services;
4. Invoicing, remittance, payments, collections;
5. Non-promotional communications;
6. Marketing and other promotional communications;
7. Risk management contract review;
8. Response to Subject Access Requests;
9. Performance measurement;
10. IT support services;
11. Business Continuity Planning;
12. Legal and regulatory obligations;
13. Responding to enquiries, requests and complaints;
14. Employment processing.

9. The categories of people who will access or receive the data
IFIC Forensics sometimes needs to share the personal information it processes with individuals themselves and also with other organisations. Below is a description of the types of organisations with which IFIC Forensics may need to share some of the personal information it processes.
1. Insurers, solicitors, loss adjusters, brokers;
2. Business associates, other professional bodies, advisers;
3. Central / local government;
4. Other forensic investigators;
5. Complainants, enquirers;
6. Courts and tribunals;
7. Data processors;
8. Education and examining bodies;
9. Employment and recruitment agencies;
10. Family, associates and representatives of the person whose personal data we are processing;
11. Financial organisations and advisers;
12. Healthcare professionals, social and welfare organisations;
13. Law enforcement and prosecuting authorities;
14. Ombudsman and regulatory authorities;
15. Pension schemes;
16. Police forces;
17. Professional advisers;
18. Suppliers and services providers;
19. Survey and research organisations;
20. Trade associations, professional bodies, employer associations.

10. The countries where data will be stored, processed and transferred
Your personal data collected by IFIC Forensics may be stored and processed in the United Kingdom or any other country in which IFIC Forensics or associated third parties maintain facilities.

Should IFIC Forensics need to transfer your personal data, IFIC Forensics will take all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the GDPR.

11. How long the data will be retained
Retention of specific records may be necessary for one or more of the following reasons:
1. To fulfil statutory or other regulatory requirements;
2. To evidence events/agreements in case of disputes;
3. To meet our operational needs;
4. To meet any historical purposes.
Personal data that is collected and subsequently never used for any business purpose will be reviewed and may be destroyed at IFIC Forensics’ discretion.

12. What happens if the data is not collected?
Your personal data is required to perform the services for which we are engaged. Without this data, IFIC Forensics will not be able to fulfil its contractual duties. This includes both business and employment contracts.
IFIC Forensics needs personal data to:
1. Enable consensual bilateral communications;
2. Engage in pre-contractual activities;
3. Honour contractual obligations; and
4. Enable it to employ people.

Without this data, IFIC Forensics will not be able to perform these four primary activities.

13. The right to withdraw consent
In situations where IFIC Forensics requests and receives your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent.

14. Your rights relating to data stored
You have rights regarding the personal data we store on your behalf. These rights are as follows:
1. To access a copy of your personal data;
2. To object to processing that you are not in favour of;
3. To stop receiving direct marketing material;
4. To object to decisions being taken by automated means;
5. To have inaccurate personal data rectified, blocked, erased or destroyed;
6. To claim compensation for damages caused by a breach of the GDPR.
Should you ever wish to exercise any of these rights, please contact the Data Protection Officer.
15. The right to complain to the regulator
You have the right to lodge a complaint with the Information Commissioner’s Office if you think that your personal data has been inappropriately used.