Firebird's Data Protection Compliance

We are Firebird Data Protection Consultancy Limited, a data protection and privacy management consultancy company helping organisations meet their legal obligations under the UK data protection and privacy legislation when handling personal data .

We are a company registered in England and Wales (10841251). Our registered address is  20-22 Wenlock Road, London N1 7GU 22. We are registered with the UK Information Commissioner's Office under ZA288370.

Our Data Protection Officer is Amber Badley. If you have any queries regarding our company's handling of personal data or the services we provide, please email dpo@firebirdltd.co.uk or call 01392 344392.

You can find out how we handle personal data under the privacy notice section of this website.

We undertake annual data protection and information security audits to ensure our policies, procedures and practices remain up to date and compliant.

We have policies and procedures which cover topics such as data protection, working remotely, passwords, confidentiality, handling data protection requests, personal data breach management, cyber security, retention, disposal, security and business continuity. These are communicated to our employees and business associates during their on-boarding and when revisions are made. All employees and associates must read and abide by these policies and procedures. 

Our employees and associates receive mandatory data protection and security awareness training during their on-boarding and refresher training annually. Training is supported by regular awareness raising communications and team discussions. 

We have appropriate security in place to protect personal data against unauthorised or accidental access, disclosure, loss, destruction or damage and hold the Cyber Essentials Certification.

Here are some examples of the organisational security measures we have in place to protect our data and our customers’ data: 

• Recruitment procedures include DBS vetting checks and confidentiality clauses in contracts.

• Data protection and security awareness training is provided to employees and associates.

• Policies and guidance are communicated to employees and associates.

• Data protection and security compliance is regularly discussed. 

• Appropriate equipment, policies and guidance are provided to employees 

• Buildings and offices are locked when not in use. 

• All personal data is held digitally in encrypted platforms with access restricted 

We carry out due diligence checks on prospective data processors (i.e suppliers of goods or services which involve the processing of personal data on our behalf), to assess they have appropriate technical and organisational measures that are sufficient to implement the requirements of the data protection legislation and to protect the rights of data subjects and our customers.  

We have written contracts in place with our data processors which contain data protection clauses (as set out in Article 28 of the UK GDPR) which require them to process personal data in line with the UK GDPR. 

Where we act as our customers' data processor, data processing clauses are built into our contracts.

Employees and associates are provided with training and guidance on how to recognise requests from data subjects exercising their data protection rights. We have a comprehensive Data Protection Request Handling Procedure and recording procedures to manage and monitor requests. If a request is received from one of our customers’ data subjects, we will ask the data subject to make their request directly to our customer or seek their consent to forward their request to the customer.