GDPR Statement

The EU General Data Protection Regulation (GDPR) is the most significant piece of the European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

Find UK People® / Pavilion Digital Marketing Ltd will comply with applicable GDPR regulations as a data processor when they take effect on 25th May 2018.

We are committed to addressing EU data protection requirements applicable to us as a data processor. These efforts have been critical in our ongoing preparations for the GDPR:

Data processing: Our ability to fulfill our commitments as a data processor to our customers, the data controllers, Findukpeople.com / Pavilion Digital Marketing Ltd is a part of our compliance with GDPR where data controllers are using a third-party like us to process personal data.

​Third-party audits and certifications: Find UK People® / Pavilion Digital Marketing Ltd has the distinction of being one of the first tracings and tracking companies to be encrypted end to end with SSL encryption to 256Bit encryption standards. All of our customer data acquired for marketing such as email marketing is double opt-in data and we ensure that any client that is double opted in always has the chance to erase themselves from any marketing at any time.

​All of our data is held within our encrypted systems and we only allow access into our system under authorized password-protected access to selected and authorized partners for the purposes of conducting investigation research for the submitted request and obtaining relevant search information to complete a request. All of our databases that hold information on our tracing requests are password protected and encrypted. We do not allow our data to be sold or otherwise transferred for another purpose apart from the requested investigative action where we for instance may use a third party to obtain further information to complete a request and obtain new updated details for a request.

Find UK People® / Pavilion Digital Marketing Ltd undertakes an annual audit that reviews its internal controls and processes. The audit covers internal governance, production operations, change management, data backups, and software development processes. It evaluates that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.

​The program offers verification that our security practices offer a recognized standard of security measures. Furthermore, the program is designed to cover key elements of data processing and integrity, while maintaining auditing practices within our business and operational processes. As all customers are concerned with their data and its security, Findukpeople.com / Pavilion Digital Marketing Ltd has integrated its data controls into its operating procedures. These procedures span the organization, teams, or functions that provide service or support to our clients on our platform. The key components of our controls environment include:

• Corporate Governance: how we provide oversight of our business and people
• Change Management: how we make sure changes are tracked and properly reviewed
• Access Control and Management: who has access to our platform operations and how this access is managed
• Data Redundancy and Backup: how data is kept safe and stored in the event of adversity
• Software Architecture and Development: oversight of the development effort around our platform

​International data transfers: Findukpeople.com / Pavilion Digital Marketing Ltd complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. To learn more about the Privacy Shield programs, please visit https://www.privacyshield.gov. Findukpeople.com / Pavilion Digital Marketing Ltd is committed to subjecting all personal data it receives from data exporters in any European Union (EU), Switzerland, or European Economic Areas (EEA) member state, under the Privacy Shield Framework, to its applicable Privacy Shield Principles. To learn more about the Privacy Shield Framework and the Privacy Shield Principles, please visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov

​Data portability: The GDPR includes certain requirements on data controllers for the portability of personal data. The data our customer’s store in Findukpeople.com / Pavilion Digital Marketing Ltd is theirs. We provide for portability and are continually working to enhance the robustness of our data export capabilities.

As a current or future client of Find UK People® / Pavilion Digital Marketing Ltd, now is a great time for you to begin preparing for the GDPR as a data controller. Consider these tips:

​Get to know GDPR: Familiarise yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with your clients. Also, note the variance of local provisions which may be superseded by the new regulations when they become EU law in May 2018. Be aware that new requirements may require new solutions that meet the stringent requirements ahead.

​Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal information that you control. Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps.

1. Review your data opt-ins
2. Make sure you acquire relevant and compliant consent to trace subjects, for instance in your terms and conditions or contracts
3. Review your process documentation
4. Ensure you have a lawful basis for processing the data

​Stay informed: Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. We recommend regular review of the Information Commissioner’s website, which is the UK representative within the EU working group: Article 29.

At Find UK People® / Pavilion Digital Marketing Ltd, we strive to deliver an incredible customer experience, earning the trust of thousands of users globally. We will continue to make additional required operational changes resulting from the new legislation and will keep our clients, partners and regulatory authorities informed throughout this process. We have an internal cross-functional team who continue to monitor GDPR as it moves to become more clearly defined over the next few months, and who will continue to inform our strategy for GDPR.

1. By using our service you agree you have a compliant legal basis to request your investigation from us to comply with GDPR regulation. ​You may want to consult the ICO website to verify this for GDPR compliance.
   Examples:
   • Legal claims
   • Consent
   • Contractual necessity
   • Compliance with legal obligations
   • Vital interests
   • Public interest

2. By using our service you agree to receive your result via email. We will send your order status emails, report, and result via email to your supplied email address. We always obtain consent at the point of purchase for any marketing update emails.
3. By using our service you agree to us sharing your people trace data to enable a trace on your subject.​We will share data on the subject you are investigating with a variety of authorized and preferred investigation supplier status organizations to trace subjects to a current address. For example Credit Reference Agencies such as Equifax, Experian, or Callcredit to obtain address link data. All suppliers will be ICO registered and we or our partners will of conducted an audit of their policy and procedures for data handling. We will only share the subject of the search details to enable a successful outcome for your trace. Our data sharing will be proportionate to the request and will be in your best interests in achieving a tracing success outcome.
4. By using our service you confirm you & the subject of the instruction are over 18 years. The Services supplied by us are not for use by anyone under the age of 18. We do not investigate cases searching for persons under the age of 18.
5. By using our service you confirm there is no legal reason or other compelling reason that you should not instruct us to trace a person or otherwise act for you in the instructed matter.
6. Family, Ex-partner & Friend tracing – consent option

For family, Ex-partner, or friend tracing we will require consent from you and the subject of the search to release their data to you. We pre-obtain your consent on our online order form system and initiate this procedure automatically. We do this so that we may initiate this if appropriate without further contact with you.

This will be selected at the time of ordering when you request a family, ex-partner, or friend trace – we can then contact the subject of the trace to obtain consent for their details to be released to you. If the subject declines the fee is retained as we have traced the subject but they have declined release of their data.

We send a letter to the current address of the subject outlining that you (your name) is requesting contact and we give the subject of the trace the following details to make contact with you if they wish to.

• Your full name
• Your email
• Your telephone number

If the subject does not reach out after this letter there is only one further option that involves you the client appointing a mediation solicitor who we will pass details to for official mediation contact. The mediation solicitor must be a UK based appointed and registered mediation solicitor.