Fortress GB Limited (we / us / our) is committed to protecting and respecting your privacy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Our role in relation to your personal data
For the purpose of data protection law, including the UK Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR), Fortress GB is a data controller and a data processor and is registered with the Information Commissioner’s Office with notification number Z902571X.
We are a data controller in respect of our own employees’ and contractors’ personal data, for internal business purposes.
Personal information we may process
We may process any of the following information about you, some of which is “personal data” as defined in data protection law. Personal data is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data):
We do not collect any sensitive personal data, or “special categories of data”, as defined under the GDPR.
How do we obtain your personal data?
We obtain limited the limited personal data referred to above when you visit our website http://www.fortressgb.com/ and decide to use the “Let’s Talk” function. We will collect the limited personal data you enter in the text box for your enquiry. We will then use that information to get in touch with you in accordance with your request.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently.
The table below explains which cookies we use and why.
|Session cookie ASP.NET_SessionId||Authentication cookie .ASPXAUTH||Cookie consent CookieConsent|
|This cookie is used during the sign up process, its essential to the workings of the site, no personal information is stored within this cookie.||$This cookie is set when you log into our system, its essential to the working of the site, so we can help identify you once logged in.||This cookie is set when you acknowledge how cookies are used on Fortressgb.com.|
Cookie Name Purpose
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Storage of your personal data
All personal data we collect is automatically encrypted using an industry standard AES algorithm and is stored on or within servers which are secure.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses made of the information
We only use your personal data in accordance with data protection law and where we have a lawful basis to do so, as set our below:
• On the lawful basis of our legitimate interests to ensure that content from our site is presented in the most effective manner for you and for your computer; and
• On the lawful bases of our legitimate interests and your consent to provide you with information or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
Where we rely on the lawful basis of legitimate interests (or those of a third party), we will first consider and ensure that those interests do not override your interests and fundamental rights.
Where we rely on your consent for processing any personal data, we will first ensure that you have been provided with the opportunity for such consent to be freely given, specific and informed and that you are aware of your right to withdraw consent at any time (noting that where consent is required for us to provide the information or services you request from us, if it is later withdrawn, we will be unable to provide such information or services).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
Contact with you
We will only contact you if you request us to do so.
You may contact us using the contact details set out on this website.
Disclosure of personal data
We process your personal data “in-house” at our premises and do not transfer your personal data to any third parties.
We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirement, or in order to enforce or apply our terms and conditions of service and other agreements; or to protect the rights, property, or safety of our users, or others.
Third party sites
Our site may, from time to time, contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Under certain circumstances, you have rights under data protection law in relation to your personal data. You have the right to:
• object to us processing, or ask us to restrict our processing of your personal data for any of the purposes listed in this policy, at any time by contacting us via this website;
• ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge;
• access information held about you. Your right of access can be exercised in accordance with data protection law (see further information below on subject access requests);
• ask us to erase your personal data (in certain circumstances); and
• request a transfer of your personal data (in certain circumstances).
If you wish to exercise any of the above rights, please contact us via this website.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to first deal with any concerns you may have before you approach the ICO, so please contact us in the first instance.
Subject Access Requests
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We retain your personal data within the European Economic Area and do not undertake any transfers of personal data outside of the EEA.
We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Fortress GB Limited
Last updated May 2018