Privacy Policy Integral Management

Effective Date: May 2026.        Version 2

-------------------------------------------------------------------------------------------------

1. Introduction

Welcome to Integral Management Systems("we", "our", or "us"). We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible way. This Privacy Policy outlines how we collect, use, and safeguard information you provide when you visit our website: https://integral-management.co.uk.

1.1  Data controller

Integral Management Systems is the data controller responsible for processing personal data under this Privacy Policy.

2. Information We Collect

We may collect the following types of information:

• Personal Information: such as your name, email address, phone number, or any other information you voluntarily submit via contact forms, subscriptions, or registrations. If you become an active client to us, we may also collect Financial and transactional information: including invoices, payment details, supplier banking information, and contractual records necessary for business operations.
• Webinar and marketing data: Webinar and marketing interaction data: including attendance records, poll responses, registration details, and engagement information collected during webinars or events. Integral Management Systems does not engage in unsolicited mass marketing or the sale of personal data. Contact information may be voluntarily provided by individuals through enquiries, webinar registrations, event participation, or resource downloads. Where appropriate, we may use this information to provide relevant follow-up communications relating to the original enquiry, associated services, or relevant future events or services associated with the original enquiry or interaction. Individuals can unsubscribe or object to such communications at any time.
• Technical Data: including IP address, browser type, device information, operating system, and browsing behavior through cookies or similar technologies.
• Usage Data: such as pages visited, time spent on the site, referring URLs, and click behavior.
• Project, consultancy or audit information: including operational records, management system documentation, evidence samples, audit records, and related correspondence, or other information collected for the purposes of assisting development of the clients management system or for the purposes of satisfying evidence of compliance to relevant ISO standards for audit purposes. Audit reports will be retained in secure and encrypted client folders. Consultancy and audit information supplied by clients is handled confidentially and accessed only where necessary for the delivery of agreed services, audit activities, compliance assessments, or contractual obligations.

2.1  Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

• Consent
• Performance of a contract
• Compliance with legal obligations
• Legitimate business interests : Where processing is based on legitimate interests, we ensure that such interests are balanced against the rights and freedoms of individuals.

3. How We Use Your Information

We use your information for the following purposes:

• To provide, maintain, and improve our website and services.
• To respond to your enquiries and communicate with you.
• To send newsletters or marketing communications if you have opted in.
• To analyze site usage and improve user experience.
• To comply with legal obligations.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about how you use our website. You can control or disable cookies through your browser settings, but some parts of the site may not function properly as a result.

Our website may use:

• Essential cookies required for website functionality and security
• Analytics technologies, including GoDaddy site analytics and Google Analytics, to understand website usage and improve performance
• Embedded content or integrations from third-party providers such as webinar, event or Calendar booking, or video platforms

These technologies may collect technical information such as IP address, browser type, pages visited, and interaction data.

5. Sharing Your Information

We do not sell, trade, or rent your personal data. We may share your data with trusted third parties only in the following circumstances:

• With service providers who assist us in operating our website.
• When required to comply with legal obligations.
• To protect our rights or the safety of our users or others.

5.1 International Transfers

We endeavour when using 3rd party/Cloud Service providers to ensure data is hosted in the UK.

Some of our service providers may process or access personal data outside the United Kingdom or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are implemented, including:

• Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum
• Contracts with GDPR-compliant providers
• Appropriate technical and organisational security measures

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting requirements.

Typical retention periods include:

• Enquiry and marketing records: up to 24 months
• Consultancy and audit records: up to 7 years
• Financial and accounting records: 7 years
• Security and audit logs: typically up to 12 months

Retention periods may vary where contractual or legal obligations apply.

7. Your Rights

Under data protection laws, particularly the UK GDPR and EU GDPR (if applicable), you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Object to or restrict processing of your data.
• Withdraw consent at any time (for data collected on a consent basis).
• Lodge a complaint with a data protection authority.

You also have the right to:

• Request transfer of your personal data to another provider where applicable
• Object to direct marketing communications
• Not be subject to decisions based solely on automated processing.  Integral Management Systems does not undertake automated decision-making or profiling activities that produce legal or similarly significant effects on individuals.

To exercise any of these rights, please contact us at: jerry@integral-management.co.uk

8. Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction.

Security measures include and applied as appropriate such as:

• Multi-factor authentication (MFA)
• Device encryption and encrypted storage
• Secure cloud storage and encrypted transmission
• Access control and least privilege permissions
• Endpoint protection and anti-malware controls
• Secure disposal of information
• Confidentiality and non-disclosure obligations where appropriate

Locally stored records and data are protected by:

• Apple FileVault encryption
• Access restrictions

9. Third-Party Links

Our website may contain links to other websites. We are not responsible for the privacy practices or content of third-party sites.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Integral Management Systems
Ossett, Wakefield, West Yorkshire, WF5 0RW, U.K.
Email: jerry@integral-management.co.uk