Data Protection

Data Protection

GreySky Consulting Ltd is registered with the Information Commissioner’s Office for the handling and storage of personal data. We aim to be responsible and sensitive in all aspects of the data we collect and use.


How do we collect data?


Data we use may be collected from surveys, and from data provided by clients in the undertaking of our projects.


Where we collect new data through surveys, we are clear about the purposes for collecting the data, and that it will not be used for any other purpose. We only collect data specifically related to our projects, and do not collect data to provide to third parties.


Where we use data provided by our clients, we use the data only for the purposes for which it was collected, and only for the purposes for which it was provided by our clients.


What data do we collect, and how do we use it?


The data we collect is predominantly associated with the demand for and use of technology, or similar economic factors. We do not collect sensitive personal data - for example healthcare or financial data.


Storage and disposal of data


We store data responsibly to take reasonable efforts to ensure its security - accepting that none of the data is of a sensitive nature. Electronic data is stored on our secure online system. Where access is provided to clients or other stakeholders, the access conditions are reviewed throughout the course of the project, and on completion of the project.


Where data is deleted, this is done in accordance with the sensitivity of the data. If electronic data is sensitive, it is deleted from all files, and from the “recycle-bin”. Since we do not hold sensitive data, we do not take further steps to remove data as a standard policy.


If sensitive data is stored on paper, it is shredded. The shredded paper is bagged and disposed of as conventional waste.


Special requirements


If clients or partners have any specific request for the storage, handling or disposal of data then we are happy to follow their requests, or discuss how we may meet their requirements if our systems do not allow specific requests to be met.


Last review of Data Protection policy: January 2020

Next scheduled review: January 2021


Share by: