web analytics

Privacy Policy

IoTAS – Privacy Policy

General Data Protection Regulation (GPDR) Policy



IoT and Approval Solutions Limited (IoTAS) is a wireless technologies testing company. Under GDPR we are a Data Controller. This means we decide how your personal data is processed and for what purposes. At IoTAS we know that information relating to employment can at times be highly sensitive. We don’t sell personal data or make it available to any other organisation. Our Privacy Policy sets out the way in which we protect and manage your data.

We know that the data is not ours – we are merely custodians of your valuable information.


 What do we hold data for?

As a Data Controller

  • To manage our employees.
  • For marketing and information promulgation
  • For managing business relationships in the provision of services (e.g. agreeing service provision, and accounting)
  • We hold some information classed as special category information under GDPR Article 9. This is health and welfare related and is held to help us discharge our duty of care for employees’ wellbeing whilst employed by us.


How do we Process Data?

We comply with our obligations under the GDPR by:

  • Ensuring personal data is accurate and correcting inaccuracies discovered or notified to us
  • Not collecting excessive amounts of information
  • Only retaining information for as long as is necessary, and in accordance with our retention policy
  • Providing appropriate protection of data confidentiality against unauthorised access and disclosure through appropriate technical, physical, and procedural measures


What is the Legal Basis for Processing Data?

Marketing and information promulgation is to business customers only. We send information by email on the basis of Legitimate Interest. We do not need consent for this, but we ensure people have an easy way to opt out of any communications.

Our employee data is managed on the basis of Legitimate Interest and Contract of Employment. Processing data is required for carrying out responsibilities under Employment Law. We process data on behalf of our customers under that same basis.


Transfer Overseas

We do not knowingly transfer personal data overseas. Our major IT providers all have operations within the European Union and are legally required to be fully GDPR compliant.


Data Retention

We have a Data Retention Policy which can be found within our Company Handbook. Retention periods are typically based around statutory and legal requirements. A small number are based on industry best practice, such as the retention of financial information for 6 years as required by HMRC.


Sharing your Personal Data

Your personal data is treated confidentially and is not sold. We do not share marketing data.

It may occasionally be necessary for us to share certain information with other providers, to ensure we fulfil our duty of care to staff. This could include, for example, occupational health. In this case, the staff member will be asked for permission to do this and the data shared will be the minimum necessary. We will seek assurance that the third-party provider is GDPR compliant.


Website Newsletter Sign Up

Our website has a newsletter sign up option available to those individuals who wish to receive information on an occasional basis about our developments, services and business offerings. It is inherent that those individuals signing up shall have their contact details held by us and are therefore approving this data retention.


Website Cookies

Cookies are used for the following purposes and are categorised according to the International Chamber of Commerce. More information can be found on our website.


As the data controller and any queries should be directed to information@iotas.co.uk.

For more information about the IoTAS privacy policy please get in touch.