Pegasus Investigations Ltd Privacy Policy

INTRODUCTION

New legislation introduced namely the General Data Protection Regulations (GDPR) came into force on 25 May 2018. The regulations are intended to ensure that data is controlled and the sharing of data is regulated.  The nature of our business is that ALL the information we hold is and has always been treated as highly confidential consequently we do not share data with other parties accept as specifically instructed by clients.  This will not change.  GDPR does afford rights to individuals whose data we might hold placing an obligation under the legislation for us to provide information to those applying for data to provide it to them.   To protect client confidentiality we have adopted a policy not to keep investigation data beyond the conclusion of investigations.  In this policy we will state how we will erase all but current ongoing investigation data except that required for accounting purposes which we have constructed to keep to the absolute minimum required information.  The principal is simple if we do not store the data we cannot share it or have it breached in anyway.  This change of policy fulfils the requirement of law and ensures that increased rights of individuals to data held do not breach client confidentiality.
This Privacy Policy describes the way in which Pegasus Investigations Ltd (Pegasus) deal with the information and data we hold.

We will process any personal information provided to us or otherwise held by us relating to you in the manner set out in this Privacy Policy. Information may be provided via the Pegasus Investigations Ltd. website (the “Website”), telephone calls or any other means.

In the case of clients who accept this Privacy Policy you agree that you understand and accept the use of your personal information as set out in this policy. If you do not agree with the terms of this Privacy Policy please do not use the Website or otherwise provide us with your personal information.

Who we are

References in this Privacy Policy to “Pegasus”, “we”, “us” or “our” relate to Pegasus Investigations Ltd, CBC House, 24 Canning Street, Edinburgh, EH3 8EG,  a Limited Company incorporated in Scotland, Registered number SC303363 who carry out private and commercial investigations and are Data Protection Registered with the Information Commissioners Office number Z9802858 and hold Professional Indemnity Insurance.

Contacting us

If you have any concerns, or would like more detail about how we process your Personal Data, you can contact us using admin at pegasus-investigations.co.uk.
Protecting Your Personal Data

Your Personal Data isn’t just protected by the quality, commitment and high standards of Pegasus, it’s also protected by law. The law states that we can only process your Personal Data when there is a genuine reason to do so.

Legitimate Interests

When we have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected and we must not process it in a way that would be unfair to you or your interests.

If we do use legitimate interests as a reason to process your Personal Data you have the right to object. However, compelling grounds for processing such information may over-ride your right to object.

How long we keep your Personal Data/Periodic Erasing of Data

Whenever your data is kept by Pegasus we will ensure that it is appropriately protected and only used for acceptable purposes.

We will keep your data for the period that you are a customer of Pegasus and unless otherwise instructed by you, on the 1st day of the month after we have completed your instruction we will erase any reports we have provided or any information we have upon you or the subject(s) we are instructed to investigate. We will retain however your name and the subject’s name or company on our daybook spreadsheet for our accounting records.

If you are no longer a client of Pegasus, we will keep your data for the minimum length of time required to comply with the purposes set out in this policy and relevant legal or regulatory obligations. Your Personal Data may be kept longer if we cannot delete it for technical reasons.

Information Collected

The information and data about you which we may collect, use and process includes the following:

Telephone conversations, completed webforms, emails letters, other digital communications such as SMS and WhatsApp, verbally face to face and any other communication method of your choosing.

Where it is reasonable for us to do so and not detrimental to your rights and freedoms, we also collect Personal Data from publicly available sources such as internet searches, Companies House, and broadcast media.

Information we have may have been obtained from information you have chosen to share publically on social media or otherwise on the internet etc.   We have no control over this.

Personal Data we share with others

We will only share data as per the explicit instructions of clients or as required to do so by a requirement of law.

Data Transfer Outside the EEA

We will only transfer your Personal Data outside of the EEA where:

• We have the explicit instruction to do so from clients
• To comply with a legal duty or obligation

If we do transfer your Personal Data outside of the EEA, within Pegasus, we will take measures to ensure it is protected to the same standards as it would be within the EEA by relying on one of the following:

• The country that is receiving your Personal Data has been found by the European Commission to offer the same level of protection as the EEA. More information can be found on the European Commission Justice website.
• We will use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA
• Where the transfer is to the USA and the recipient is registered with Privacy Shield. Privacy Shield is a framework that ensures Personal Data is protected to a level approved by the EU. Read more about Privacy Shield on the European Commission Justice website.

In some instances we may be compelled by law to disclose your Personal Data to a third party and may have limited control over how it is protected by that party.

Your rights over your Personal Data

We will assist you if you choose to exercise any of your rights over your Personal Data, including:

• Withdrawing your previously granted consent; however, this will not invalidate any previously consented processing
• Lodging a complaint with any relevant Data Protection Authority
• Access to your Personal Data that we hold or process
• Correction of any Personal Data that is incorrect or out of date
• Erasure of any Personal Data that we process
• Restrict processing of your Personal Data in certain circumstances
• Asking us to provide you or another company you nominate with certain aspects of your Personal Data, often referred to as ‘the right to portability’
• The ability to object to any processing data where we are doing it for our legitimate interests
• The ability to contest a decision made entirely by automated processing, to express your point of view and to request that a human review the decision

For more information on these rights you can contact admin at pegasus-investigations.co.uk.

Changes to our Privacy Statement

We may update this policy from time to time, so please review it frequently.