Privacy Policy

ADVANCE Procurement & Supply Chain Limited PRIVACY STATEMENT

Introduction

This Advanced procurement and supply chain specializes in providing CIPS-Chartered Institute of Procurement and Supply Chain qualifications and competency-based learning. We have developed a solid reputation as a Center of Excellence in Supply Chain Training by providing high-impact courses that have benefited a large number of participants from the private, public, and government sectors. We are the approved centers of the Chartered Institute of Procurement and Supply, UK. Over the past decade of our existence, we have worked closely with our clients in designing, setting up & implementing procurement & supply chain frameworks and competencies.

We have developed a solid reputation as a reliable Centre for CIPS qualification in providing high-impact courses that have benefitted many participants from the private, public, and government sectors. Our presence for the last decade-built credibility in the market through our local and overseas MCIPS-qualified trainers


About Us:

Advance Procurement and Supply Chain Limited started its journey as a successful Supply Chain study center Advance Procurement & Supply Chain Limited got approval from the CIPS Governing body in 2011. After getting approval Advance Procurement & Supply Chain Limited updated their tuition mode and try to outspread locally also make enlighten people about Supply Chain and CIPS value in the profession. From the inception of 2018 Advance, SCS reconstructed its business to Advance Procurement & Supply Chain Limited with some long-term vision and mission. In 2019 they spread their business abroad. They started to provide CIPS tuition in Vietnam. Meanwhile exploring the CIPS tuition in this South Asia and Asia Pacific region Advance got the approval as a distant learning partner of CIPS which gives them more opportunity to expand their business beyond the limit and country boundary. In the Middle of 2021, they have been approved as an Exam Center also to facilitate their enrolled student.

For all queries relating to this Privacy Statement and our handling of personal data please contact info@Advancepsc.com.

Alternatively, you can write to us at:

  • Data Protection ADVANCE Procurement & Supply Chain Limited

  • GULSHAN GRACE, House CWS(C) – 8, 2nd Floor, South Avenue, Gulshan -1 1212 Dhaka, Dhaka Division, Bangladesh

Mail: Info@advancepsc.com

What we collect:

We may collect the following information from you when you join ADVANCE Procurement & Supply Chain Limited, place bookings, complete surveys, or application forms, provide services to us, or purchase goods or services from us:


  • your name, date of birth, and gender

  • addresses (home and work), contact email addresses, and contact telephone numbers (home, work, and mobile)

  • your credit/debit card and /or bank details

  • employment status

  • career details – current job/description of role/employer.

  • company name and address

  • current qualifications (where relevant to ADVANCE Procurement & Supply Chain Limited, completion of accredited degrees)

  • study center/university details

  • assessment information for qualifications

  • examination marks and results and exemption details

  • learning opportunities are undertaken as part of continuous professional development

  • online self-assessment tools use and scoring

  • competency questionnaires use and scoring

  • skills and interests

  • date of joining ADVANCE Procurement & Supply Chain Limited, membership status, and grade

  • purchases you have made from ADVANCE Procurement & Supply Chain Limited Brands

  • inquiries and contacts, you have made to ADVANCE Procurement & Supply Chain Limited Brands

  • data related to election ballots and results

  • username and password, you use to sign in

  • the IP address you use to log in

  • personal data you supply when you are using the Supply Management Jobs services (these services allow you to receive job alerts, upload your CV and share your details with recruiters)

  • photos and video footage (were captured at our events)

Sensitive data that we may collect:

(this includes Special Categories of personal data as defined by GDPR)

  • annual household income and savings – only applicable to ADVANCE Procurement & Supply Chain Limited Foundation applicants

  • evidence of your health (medical history, diagnosis, or special requirements), where needed for reasonable adjustments, special consideration, exam deferrals, ADVANCE Procurement & Supply Chain Limited Foundation applications, or accommodating your requirements when attending ADVANCE Procurement & Supply Chain Limited Brands events/courses

  • information you provide us when applying for special consideration, discretionary membership discounts, or deferring an exam

  • information you provide us regarding any specific needs you have for attending our events or training courses

How your information is collected:

We collect information from you, for example, when you:

  • make inquiries with us

  • submit an application for membership, sit an exam, or apply for a membership upgrade

  • book onto an event/training course

  • purchase learning materials

  • choose to upload your information via your My ADVANCE Procurement & Supply Chain Limited or Supply Management Jobs account

  • sign up to and/or make use of the services we (ADVANCE Procurement & Supply Chain Limited Brands) have available (such as E-Learning, Self-Assessment, Skills Gap Analysis tools, or Supply Management Jobs)

  • use our website (see our Cookies policy below)

We may also collect information about you from third parties, such as:


  • your employer or sponsor (for instance, where you have been enrolled in one of our corporate programs)

  • our study center (if you have chosen to study through one)

  • partners that we work with

What we do with the information we collect:

 We require this information to understand your needs and provide you with a better service, and for the following reasons:

  • to respond to your inquiries

  • to administer your membership and provide the benefits set

  • allow you access to the ADVANCE Procurement & Supply Chain Limited Brands site(s) and services

  • to fulfill our obligations arising from any contracts entered between you and ADVANCE Procurement & Supply Chain Limited Brands, and for their general management – this includes providing the products and services that we offer, where Terms and Conditions apply

  • to administer and manage the examination and assessment processes including the performance of study centers

  • to organize and deliver ADVANCEProcurement & Supply Chain Limited Brands events and training courses, and fulfill any specific needs you may have

  • process payments from or to you

  • maintain CPD records

  • to run elections

  • evaluate your professional attributes, where necessary for CIPS, Executive Diploma & CIPS applications

  • notify and remind you when your membership is due for renewal

  • provide you with information relating to your studies

  • notify you of governance updates, including sending you invitations to vote in our Annual General

  • provide you with news, products, services, and membership updates

  • invite you to provide feedback on our products and services, for example in surveys

  • invite you to take part in research campaigns and surveys

  • fulfilling prize draws and competitions

  • using photo and video footage in post-event publicity (please notify us when booking an event if you object to this)

  • to notify you of changes to our membership offering

  • monitor how you respond to our communications

  • to allow us to monitor usage statistics as a basis for future improvements to relevant website processes

  • to monitor and improve our products and services

  • to meet security/health and safety requirements when you attend an event or training course

  • to verify your identity

  • to enable us to track the system used by the user

  • internal record keeping

  • to periodically conduct quality checks on the data we hold on you

 

Professional Register

 ADVANCE Procurement & Supply Chain Limited provides a professional register, accessed through our website, listing the names, membership grades, achievement of the ethics mark and chartered status, and country of current ADVANCE Procurement & Supply Chain Limited members.

We do this as we believe that it is in the public interest for individuals and organizations to be able to easily identify those professionals who have achieved or are working towards professional recognition, CIPS and ADVANCE Procurement & Supply Chain Limited/CIPS Chartered Professional, and who remain current members of CIPS.

When registering for membership you will automatically appear on the register. If you do not want your member details to be shown, then simply log in to your My ADVANCE Procurement & Supply Chain Limited profile and   tick the opt-out checkbox.


Our lawful bases for processing your information

 We will only use your personal information where one of the following applies:


  • You have given us your consent, such as to send you marketing communications or information about third parties which we think you may find interesting. You can withdraw your consent anytime by clicking unsubscribe on the link located at the bottom of the emails you receive from us. Please be advised, that changes to your preferences may take up to 10 days to fully

  • It is necessary for performing a contract that we have with you, such as the fulfillment of a service you have signed up for as a

For our own (or a third party’s) legitimate interests provided your rights do not override these interests, such as:

  • Fraud prevention

  • Sending appropriate targeted communications to you based on previous purchases or interest in ADVANCE Procurement & Supply Chain Limited services

  • Monitoring and improving our products and services

  • Enhancing the learning experience (for example, tailoring our events/training courses to the audiences attending or sharing information relevant to your studies with your study center)

  • Fulfilling the requirements of our Charter

  • Enhancing the networking opportunities that we offer

  • Managing the data, we hold

We need to comply with a legal obligation, such as the BD Act Your personal information will only be used for the purpose or purposes it was collected. It will not be sold, shared, or distributed to third parties unless we have your permission or where it is necessary for one of the reasons listed

Recipients with whom we may share your data with

  • Agents and organizations contracted to perform business functions on our behalf (for example we work with Rakib who support ADVANCE Procurement & Supply Chain Limited Helpdesk including providers of third-party applications used for the purposes of delivering products/services to you (for example Tamanna who provide our Skills Assessment tool)

  • Venues hosting ADVANCE Procurement & Supply Chain Limited Brands events (where necessary to meet security and safety requirements, and fulfill any specific needs you may have)

  • ADVANCE Procurement & Supply Chain Limited Brands event sponsors (we will only share your name, job title, and company name – this is done to tailor the event content to the audience. Please notify us when booking if you do not want your data to be shared in this way)

  • If you apply for a job via Supply Management Jobs, your details will be shared with the recruiter promoting the specific role. At your request, we will share your data with Top CV and/or allow recruiters to access your CV

  • Third-party IT and payment processing providers

  • Email service providers (we use A2 Hosting as our provider).

  • Third-party analytical services

  • Knowledge Partners with whom we run joint research campaigns with

We may publish or share anonymized statistics under the condition that no personally identifiable information can be derived from such statistics by third parties, such as our recognized study center partners.


 How long do we hold your Information for

ADVANCE Procurement & Supply Chain Limited Brands has a variety of obligations to keep the data that you provide us. These include ensuring that transactions are processed correctly, identifying fraud, and complying with any laws and rules that apply to us and to our service providers. ADVANCE Procurement & Supply Chain Limited Brands has a Data Retention Policy to ensure that your data is not held for longer than is necessary. We hold the information that you provide to us while you are an active, registered user and member, and when you register for our services. Therefore, even if you close your account or membership with us, we may keep certain data (such as membership information) to meet our obligations but for no longer than required or permitted by law.


Where your information is stored

Your information is held securely within the BD, however, may be stored and processed in any country in which our Regional Offices or agents operate in order to provide our products/services within those respective regions and/or to adhere to audit and regulatory requirements.

If your information is transferred outside the UK for these purposes, then we will take measures to ensure that your data always remains protected to the standard imposed by the General Data Protection Regulation. We require our trusted third parties to meet ADVANCE Procurement & Supply Chain Limited Brands’ data protection standards. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal data.


Keeping your personal information secure

To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online. ADVANCE Procurement & Supply Chain Limited Brands’ websites are maintained on a secure server. All our suppliers and contractors meet the standards we require. Restrictions are also in place so that users only have access to data that is required for them to do their job. Staff training is undertaken regularly, and checks are made by IT staff to ensure data quality is maintained.

All payment card details are processed by a third-party payment processor who encrypts the details using SSL (Secure Socket Layer) technology. Once orders have been processed all encrypted credit card information on the web server is deleted.

We also have in place a comprehensive email security Policy; all incoming and outgoing email is scanned by multiple security systems before being accepted or sent out. These security systems will block and hold messages that contain viruses and malware, spam messages, or other inappropriate content.

Where appropriate, senders will be informed that their message has been held by our systems and if held in error the message can be released and successfully sent.

Unfortunately, no data transmission or storage system is completely secure. If you feel that the security of your account or interaction with us has been compromised, please contact us immediately. If such a disclosure does occur, we will contact you as soon as possible to explain what has happened and take all steps required of us to meet our obligations under the legislation.


Your right in controlling your personal information

You can ask us to make changes in how your data is handled and we will respond promptly should a request be made. You have the following rights over the personal data about you that we are holding and processing:

Right to be informed. This Statement provides you with information in relation to how your data is processed. This ensures that we are transparent about what we will do with the information you supply to us.

Right of access. You may request details of personal information that we hold about you under the DataProtection Act 2018 and the General Data Protection Regulation. This is called a Subject Access Request. Further information on this process and how to apply can be found at:

Right to request information held is accurate and how to update it. If you believe that any information, we are holding on you is incorrect or incomplete, please email us at info@advancepsc.com and we will respond as quickly as possible.

Right to erasure. In certain circumstances, you may ask us to delete information about you and stop processing or publishing it (often called the Right to be Forgotten).

Right to object to the processing that is likely to cause you damage or distress. Where you challenge the accuracy or lawful processing of your information, we will consider this.

The right to receive an electronic copy of any information you have consented to us holding is known as data portability. You can ask us to provide the personal data about you we hold, securely and in a machine-readable format, so it can be moved, copied, or transferred to be used across different services or for you to give to another organization.

Right to object. We will ensure that we have the right consent in place for sending you information. You can unsubscribe from our mailings and remove your details at any time. If you wish to stop receiving communications from us, you will be able to do so by contacting us at info@advancepsc.com

Rights related to automated decision-making. If there is additional profiling based on the information we hold, then you can object to us making decisions about you based on such processing.


What do we use cookies for

A cookie is a tiny file that is stored on a user’s computer or electronic device and issued to your computer when you enter a website. It stores a small amount of information relating specifically to the client and the website. The cookie can be accessed by both the web server and the user’s computer.

When visiting any webpage ending with the suffix AdvancePSC.com, we have cookies that allow you to:


  • carry information across pages of the site

  • avoid having to re-enter information

  • maintain a shopping basket or booking form

  • after the member login, to access member-only information or receive member-only

Types of cookies Session cookies:

Session cookies are stored only temporarily during a browsing session. No information about you is stored in the session cookie and it is deleted automatically as soon as you close the browser window to leave the site.

Persistent cookies

This type of cookie is saved on your computer for a fixed period (usually a year or longer) and is not deleted when the browser is closed. Pe5rsistent cookies are used where we need to know who you are for more than one browsing session. For example, this type of cookie is used to store your preferences, so that they are remembered for the next visit.


Third-party cookies:

We also use third-party cookies such as Facebook Pixel, LinkedIn Insights, and Twitter Universal Website Tag to monitor how our website is used and to better tailor the website to you and the promotions that you may see.

If you want to find out more about how to control your cookies, please visit the links below depending on the web browser that you use. However, please remember that if you choose not to receive cookies at any time, the ADVANCE Procurement & Supply Chain Limited website may not function properly, and certain services will not be provided which may affect your experience of the website.

  • Internet Explorer

  • Chrome

  • Firefox

  • Safari

  • Opera

You may also find the information on www.aboutcookies.org useful. This website is run by an external company to ADVANCE Procurement & Supply Chain Limited and we cannot verify the content of this website.


ADVANCE Procurement & Supply Chain Limited Data Protection Policy

1     Overview:

The Advance Procurement & Supply Chain Limited (ADVANCE Procurement & Supply Chain Limited) is the leading voice of the procurement and supply profession course from the CIPS course. ADVANCE Procurement & Supply Chain Limited is the Data Controller and Data Processor of the information that you provide to us as a member and to access our services and training. ADVANCE Procurement & Supply Chain Limited are proprietorship company in Bangladesh.


ADVANCE Procurement & Supply Chain Limited Data Protection Policy sets out how we respect the personal information that we collect and hold in the course of carrying out our role representing the procurement and supply profession, our clients, and our members. We are committed to ensuring that the privacy of our members, business partners, and employees is protected and upholding the principles of data protection.


2     Purpose

ADVANCE Procurement & Supply Chain Limited as Data Controller and in some cases, Data Processor, must be able to demonstrate compliance with data protection law. This policy outlines ADVANCE Procurement & Supply Chain Limited framework in upholding Article 5 of the GDPR and Data Protection Principles in that data shall be:


  • processed lawfully, fairly, and in a transparent manner

  • collected for specified, explicit and legitimate purposes

  • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed

  • accurate and, where necessary, kept up to date

  • kept for no longer than is necessary for the purposes for which the personal data are processed

  • processed in a manner that ensures appropriate security

3     Objectives

Adhering to data protection principles, ADVANCE Procurement & Supply Chain Limited will manage data throughout the information life cycle and will seek to audit and review its processes and procedures in data handling. With constant regard to continuous improvement, the data protection management system will adopt best practice principles and GDPR requirements. This management process will be achieved by adopting the following policy objectives.


3.1    Process data lawfully and fairly

ADVANCE Procurement & Supply Chain Limited must have a ‘lawful Basis’ or ‘grounds for processing’ before legally processing personal data. There are 6 different grounds for processing:


  • Consent – the individual/data subject has freely given their consent to the processing and data must be collected through a clear affirmative

  • Contractual – processing is necessary for the performance of a contract or agreement to which the individual is party or is required prior to entering a

  • Legal requirement – processing is necessary for compliance with a legal obligation to which the individual is subject.

  • Public interest–processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

  • Legitimate interests – processing is necessary for the purposes of the legitimate interests of the organization or a third party where the interest and rights and freedoms of the individual are not overridden, and the data is used in ways which people would reasonably

  • Vital interests – processing is necessary to protect the vital interests of the individual or of another

Where the processing is intended to require Special Categories of personal data (see definitions), a specific condition permitting such processing must also be identified as laid out in the GDPR & Data Protection Act 2018.

Once legal grounds for processing have been established, its activities will be included within the Data Asset Inventory – Article 30.


3.2    Collect data that is necessary and for a legitimate purpose

ADVANCE Procurement & Supply Chain Limited will ensure that personal data collected is necessary for processing and not further processed in a manner that is incompatible with those purposes; under GDPR further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes.

ADVANCE Procurement & Supply Chain Limited will communicate in a clear and transparent manner ensuring that all data subjects are informed of the purpose for their data being processed and only use their personal data in a way that the data subject expects and in accordance with their rights.


3.3    Select data that is adequate and relevant

ADVANCE Procurement & Supply Chain Limited will ensure that the data processed will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and those purposes will be transparent and clear. If intentions are to use the data for any other purpose data subjects are informed and have the right to object.

3.4    Maintain accurate records

ADVANCE Procurement & Supply Chain Limited will ensure that data is accurate and, where necessary, kept up to date. All data subjects will be provided with the means to update their personal data and every reasonable step will be taken to erase or rectify without delay inaccurate records.

Records will be restricted if there is any dispute over their accuracy until a time when the data has been rectified and authorized as an accurate account of the subject’s data.

3.5    Appropriate retention period for information

ADVANCE Procurement & Supply Chain Limited will not store data for any time longer than necessary or if the data subject withdraws consent or objects to its processing (unless there is another legal ground to justify its retention). To manage the process of establishing and keeping records for a suitable period, ADVANCE Procurement & Supply Chain Limited has a Retention Policy and process that outlines the assessment and categorization of data for storage and deletion.


3.6    Securing personal data

ADVANCE Procurement & Supply Chain Limited depends on information and communications technology systems to operate global membership and administrative functions. Security of these systems, the hardware, and networks on which they reside and the data which they host is necessary to honor ADVANCE Procurement & Supply Chain Limited's obligations to providers of data (students, members, suppliers, partners, and employees).

ADVANCE Procurement & Supply Chain Limited Information Security Policy in conjunction with ADVANCE Procurement & Supply Chain Limited Acceptable Usage Policy outlines the activities taken to protect data within the organization.

4     Upholding the rights and freedoms

4.1    Information and rights for data subjects

Individuals can request that we make changes in how their data is handled and we must respond promptly should a request be made.

  • Right to be informed – we must communicate clearly and use plain language in all our external messaging when initially collecting the data or at the first opportunity

  • Right of access – we must have in place processes to respond to requests for what information we are holding (Subject Access Requests)

  • Right to rectification – we must ensure we correct inaccurate information in the data we are processing without delay

  • Right to erasure – we may be required to delete the data and stop processing it or publishing it (often called the Right to be Forgotten)

  • Right to restrict processing – where the accuracy or lawful processing is challenged then temporary limits on the processing are required

  • Right to data portability – we may be asked to provide the personal data we hold, securely and in a machine-readable format, so it can be moved, copied, or transferred to be used across different services

  • Right to object – individuals have the right to object to processing where our lawful basis is legitimate interests or where we directly market to them

  • Rights related to automated decision making – if there is additional profiling or automated decision making based on the data, we hold that then an individual can object

ADVANCE Procurement & Supply Chain Limited Subject Access Request (SAR) guideline outlines how an individual can contact ADVANCE Procurement & Supply Chain Limited to initiate the SAR process.


4.2    Subject Access Request

ADVANCE Procurement & Supply Chain Limited's collection of personal data is handled in accordance with the ADVANCE Procurement & Supply Chain Limited Privacy Statement. All ADVANCE Procurement & Supply Chain Limited employees, providers, and partners are expected to comply with this policy and demonstrate a commitment to protecting others’ privacy.

Requests from data subjects (see definitions) are called Subject Access Requests. The process for making a request is set out in the ADVANCE Procurement & Supply Chain Limited published guidance ‘Making a Subject Access Request’. This is a simple checklist to guide you on the steps to make sure you recognize and handle a request (SAR) effectively and in compliance with the data subject’s rights and ADVANCE Procurement & Supply Chain Limited's internal processes. The information is provided free of charge.


4.3    Breach management

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

Personal data breaches can include:

  • access by an unauthorized third party through their direct action or lax internal security procedures or practices

  • deliberate or accidental action or inaction by an employee, volunteer, or supplier

  • sending personal data to an incorrect recipient, g. wrong copy recipient to an email

  • USB sticks, laptops, or phones containing personal data being lost or stolen

  • alteration of personal data without permission

  • loss of availability of personal data

ADVANCE Procurement & Supply Chain Limited breach management procedure is outlined in the ADVANCE Procurement & Supply Chain Limited Breach Management Policy and Identifying and Reporting Data Breach guideline documents.


4.4    Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) is a methodology or tool used to identify and reduce the privacy risks of individuals when planning projects or policies that involve the processing of personal data. Privacy by design means that ADVANCE Procurement & Supply Chain Limited identifies and minimizes the data protection risks of a project or new initiative. ADVANCE Procurement & Supply Chain Limited manages all new data assessments through its DPIA management process.

5     Governance

ADVANCE Procurement & Supply Chain Limited has the following governance framework in place to manage Data Protection Compliance:


Data Controller:

Any person, or organization, makes decisions about how and why data is processed. A data controller must be a person recognized in law and they are responsible for compliance. ADVANCE Procurement & Supply Chain Limited is a Data Controller.


Senior Leadership Team (SLT):

  • Responsible officers of all organization-wide data protection

  • Oversight of Data Compliance Management Group

  • Data Compliance Management Group

  • Ensuring that there are adequate and competent resources available to support Data Protection Processes

  • Updating Article 30: processing activities documentation

  • Establish roles and responsibilities including the appointment of one person with responsibility for the GDPR Breach Management Process

  • Conduct management reviews of the GDPR Breach Management Process ensuring it is fit for purpose and seeking continual improvement

  • Commitment to GDPR Breach Management Process and supporting implementation throughout the organization

  • Signing off audit processes and alignment with ADVANCE Procurement & Supply Chain Limited Data Protection Policy

  • Review training and testing outcomes

  • Reporting to SLT and GBT where applicable: including incident reports

  • Data Protection Officer:

  • Inform and advise senior leadership of their obligations under data protection

  • Promote a culture of data protection throughout the organization

  • Review policies and procedures to ensure they are fit for compliance

  • Advise on data protection procedures and best practice

  • Monitor and report on compliance to senior leadership

  • Maintain accurate records and documentation

  • Point of contact for data protection for all internal and external contacts

  • Investigate breaches and recommend remedial and mitigating actions

  • ICO point of contact

  • Advise and assist in the DPIA process


Data Processor:

Any person, or organization, who acquires records and processes personal data or who processes data on behalf of the Data Controller. An organization can be both a Data Controller and Data Processor even where they may appoint third parties to carry out elements of data processing on their behalf, such as Cloud Computing services. ADVANCE Procurement & Supply Chain Limited is both Controller and Processor. Our third parties who handle data for us are also Data Processors.


6     Audit and review

The Data Protection Officer as chair of the Data Compliance Management Group performs an audit and review function. This policy outlines the GDPR requirements and objectives for the audit and the policies and processes will be reviewed at least on an annual basis to ensure future proofing and suitability and compliance.

All breaches will be reviewed on a case-by-case basis and will document the mitigating actions and steps to remedy the breach and return to the security and protection of data. All processes will be reviewed to ensure that ADVANCE Procurement & Supply Chain Limited operates within regulation timeframes for responding and reporting on all SARs and breach investigations.


7     Training and exercise

ADVANCE Procurement & Supply Chain Limited will ensure that training and information will be made available to all data processors. Training will be given to all new personnel and third-party data processors. The Data Protection Officer will ensure that all training will remain current and fit for purpose.


8     Definitions

Data Subject

A living person who is the subject of personal data. The individual has enhanced rights under data protection law.

Personal Data

Any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

Processing

Processing of data means any operation or set of operations that is performed on personal data, which includes but is not limited to, collection, storage, use, recording, disclosure, or manipulation of data whether by automated means.

Data Breach

A breach of security leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data. Organizations are required to report a data breach that creates a risk to the rights and freedom of the individuals concerned, to the Information Commissioner’s Office (ICO) within 72 hours of the breach occurring or when made aware of the breach. If the individuals are at high risk of potential harm, then they must also be notified. Example: A computer account is hacked, and data listing contact details are accessed, or an employee takes unencrypted data out of the office against acceptable use policy and loses it.


Data Protection Officer (DPO)

This is the role of an organization that has the responsibility for ensuring that personal data is protected and that the organization is compliant with the legislation. There should be a degree of independence, so the DPO reports directly to the highest management level of the organization as a part of the organization’s governance.


Binding Corporate Rules

A set of binding rules designed to allow organizations to transfer personal data from the BD to the organization’s related operations outside the BD but within the organization. BCRs must demonstrate adequate safeguards and be authorized by the appropriate lead authority in the BD to vouch for data compliance.

Cross border processing

The processing of data by a Controller or Processor who operates in more than one BD member state, or the processing of data in one member state of the subject’s resident in one or more member states.


Privacy Shield

Prior to GDPR, the BD- other countries and EU Privacy Shield Frameworks impose stronger obligations on US organizations to protect the personal data of data subjects in BD. The Privacy Shield, and now GDPR, requires the

BD to monitor and enforce protection, and to cooperate with the Supervisory Authorities. This is administered by the Department of Commerce and the Federal Trade Commission.


Data Protection Authority

Also known as a Supervisory Authority. The national authority in every BD member state enforces data protection in that member state. In the BD it is the Information Commissioner.

Data Privacy Impact Assessment

A methodology or tool used to identify and reduce the privacy risks of individuals when planning projects or policies that use or protect personal data.

Privacy by Design

The principle of the inclusion of data protection from the onset of the designing and planning of systems, rather than as a later addition.

Subject Access Request

The request by an individual to have access to, and information about, the personal data that a controller holds. Application is by a subject access request that is free of charge.


Special Categories of Personal Data

This is sensitive data that requires more protection. It includes information revealing race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, or sexual orientation.


Third-party

Any person or organization other than the Data Subject and the Data Controller. A third party can also be a Data Controller and a Data Processor.

9     Related policies and procedures

Supporting policies


Policy
Location
ADVANCE Procurement & Supply Chain Limited Information Security Policy
Internal
ADVANCE Procurement & Supply Chain Limited Acceptable Usage Policy
Internal
ADVANCE Procurement & Supply Chain Limited Retention Policy & Schedule
Internal
ADVANCE Procurement & Supply Chain Limited SAR Guidelines
Internal/External
ADVANCE Procurement & Supply Chain Limited DP Impact Assessment Procedures
Internal
ADVANCE Procurement & Supply Chain Limited Breach Management Policy
Internal/External
ADVANCE Procurement & Supply Chain Limited Breach Identification and reporting procedures
Internal/External