i-movo is the Data Processor and hosts and manages this website on behalf of the Department of Work and Pensions, a government department and the Data Controller, who is responsible for your personal data. This policy sets out how i-movo complies with its data protection requirements as a Data Processor in relation to this website and its services.
i-movo as a Data Processor
i-movo is required to have a clear and specific agreement with the Data Controller to ensure that personal data is kept secure and up to date.
i-movo agrees to:
- comply with the requirements of the its agreement in the provision of services to the Data Controller;
- process and use the data only to the extent strictly necessary to perform its obligations or as otherwise provided under its agreement with the Data Controller;
- only disclose the data to its employees and personnel that have a need to access the data for i-movo’s compliance with its agreement with the Data Controller and shall ensure that all such employees and personnel are bound by a confidentiality agreement;
- ensure that appropriate controls are in place to prevent the i-movo’s access to special categories of data, where relevant, except in circumstances expressly authorised by the Data Controller;
implement, maintain and at all times operate adequate and appropriate technical and organisational measures to;
protect the security, confidentiality, integrity and availability of the data, and
protect against unauthorised or unlawful processing of the data and against accidental loss, destruction or the making vulnerable of, or damage to, the data; such measures shall, at a minimum, meet
- the requirements of the relevant data protection laws;
- the standards required by all applicable accepted industry practices;
- protect the security, confidentiality, integrity and availability of the data, and protect against unauthorised or unlawful processing of the data and against accidental loss, destruction or the making vulnerable of, or damage to, the data; such measures shall, at a minimum, meet
- comply with its obligations under the relevant data protection laws, and shall take such steps as are requested by Data Controller to enable the Data Controller to comply with the Data Controller's obligations under the relevant data protection laws;
- provide evidence to the Data Controller on request of the technical and organisational measures that i-movo has taken to comply with its obligations
What data we collect
We may, depending on the service you use, collect the following personal data on behalf of the Data Controller:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes address, email address and telephone numbers.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our services and websites.
- Profile Data includes your username and password when login on
- Usage Data includes information about how you use our website
How data is collected
From time to time we collect personal data either directly from you or when you use the website and its services.
As part of our regulatory obligations, when instructed by the Data Controller, we may also obtain personal data from third parties for the purpose of identity verification and completing other regulatory and compliance checks.
Where we act as a Processor for an organisation providing services to you, you should look to your Data Controller for details of the processing of your personal data.
Our primary systems and external third parties are based in the United Kingdom. To the extent any of our systems and/or the use of an external service provider includes processing of your personal data outside the United Kingdom, where permitted by the Data Controller, the following will apply:
- Where certain service providers are based in the EEA, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the ICO.
- If we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data in accordance with the instructions of the Data Controller and they are subject to a duty of confidentiality.
If i-movo discovers or suspects a compliance failure, security incident, suspected incident or breach, then it will:
- implement immediate containment of the breach;
- accurately record the details of the incident;
- provide an initial assessment of the incident to the Data Controller within 24 hours;
- provide support to the Data Controller to establish the details surrounding the breach
As a Processor, we will retain your personal data as instructed by the Data Controller.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
If you wish to exercise any of the rights set out above, please contact the Data Controller.
Links to other websites
This privacy notice does not cover the links within this website linking to other websites. We encourage you to read the privacy statements on any other websites you visit.
Full name of legal entity:i-movo Limited
Email address:[email protected]
Postal address: 1 The Boulevard, Shire Park, Welwyn Garden City, Hertfordshire, AL7 1EL
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to this policy
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.
- Data Controller
- Personal Data
shall have the same meaning as assigned to them in the Data Protection Act 2018 and the UK General Data Protection Regulations.
Last updated: 2 August 2021