Overview

At Veriland Consulting Ltd., we treat the protection of your personal information with the highest level of seriousness. This policy outlines how we handle your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and international standards such as ISO/IEC 27001 and ISO/IEC 27018 for cloud data privacy.

This privacy policy governs all our digital platforms, communications, and services where this policy is referenced or displayed.

Information We Collect

We only collect the essential personal information required to deliver our services effectively and ensure a seamless experience. This may include data you provide voluntarily, such as through online forms, and data collected automatically through your use of our websites and applications.

We are committed to data minimisation and will never collect information beyond what is necessary for a clearly defined and lawful purpose.

How We Use Your Data

Your personal information is used strictly for legitimate operational purposes, including:

  • Delivering and enhancing the services and solutions you engage with
  • Tailoring content and functionality to your preferences
  • Providing technical support and securing our systems
  • Fulfilling our legal, regulatory, or contractual responsibilities

We do not engage in profiling or unsolicited marketing without your explicit permission.

Legal Grounds for Processing

We process your personal data on the basis of one or more of the following lawful grounds:

  • Your freely given and informed consent (which you can withdraw at any time)
  • Necessity for performing a contract or pre-contractual steps
  • Compliance with legal or regulatory obligations
  • Our legitimate business interests, provided these do not override your rights and freedoms

If you choose not to provide certain information, we may be unable to deliver some services.

Sharing of Personal Data

Your data will only be shared under strictly controlled conditions:

  • With trusted service providers (sub-processors) bound by data protection obligations
  • When required to fulfil our contractual commitments to you
  • Where disclosure is mandated by law, regulation, or judicial authority

We maintain an updated list of sub-processors and will inform you of significant changes upon request.

Storage and Processing Location

We ensure that all personal data is processed and stored within the UK or countries within the EEA that uphold adequate data protection standards. Transfers outside these areas occur only in compliance with UK GDPR, and only where appropriate safeguards are in place and disclosed to you.

Data Security Measures

We employ robust information security protocols to protect your data at all times, including:

  • Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest using secure algorithms.
  • Access Control: Access is strictly limited to authorised personnel based on job role and business necessity.
  • Portable Storage Restrictions: Personal data is never stored on unsecured portable media.
  • Physical Controls: Data stored on physical media is encrypted and tracked at all times.
  • Employee Awareness: All team members undergo regular training in data protection, security practices, and incident response.
  • Monitoring and Auditing: We continually assess our systems for compliance with applicable security and privacy standards.

These practices are aligned with the guidance issued by the UK Information Commissioner's Office (ICO).

Data Retention

We retain personal data for only as long as required for the purpose it was collected, following our internal data retention policy. Typical retention durations include:

  • Website interaction data: 14 days
  • System backups: 30 days

After this period, data is securely erased using industry-approved deletion or destruction methods.

Use of Cookies

We use cookies and similar technologies for the following purposes:

  • Maintaining core site functionality
  • Recognising user preferences
  • Gathering insights to improve performance

You can manage your cookie preferences via your browser settings or opt out where legally required.

Your Data Protection Rights

Under the UK GDPR, you are entitled to:

  • Request access to your personal data
  • Ask for inaccuracies to be corrected
  • Request deletion (subject to lawful limitations)
  • Restrict or object to certain types of processing
  • Receive a copy of your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with the ICO

We aim to respond to all valid requests within one calendar month. To exercise any of these rights, please contact us directly.

Contact Information

Data Protection Contact
Email: [email protected]
Veriland Consulting Ltd., Charter House, Charter Way, Macclesfield, SK10 2NG, United Kingdom

Sub-Processors and Vendors

We partner with a select group of vendors who assist in delivering our services. These sub-processors are carefully vetted and contractually obligated to maintain equivalent standards of data protection and security. A current list can be made available upon request.

Breach Management and Notification

In the unlikely event of a personal data breach that may pose a risk to your rights or freedoms, we will notify both the ICO and affected individuals promptly, in accordance with our incident response policy and legal obligations.

Policy Maintenance and Review

This privacy policy is reviewed regularly and updated to reflect changes in our operations or regulatory developments. The most recent version will always be accessible via our website, and significant amendments will be communicated where appropriate.

For any further information about our data handling practices, you may request access to our internal Information Security Policy.