As you may be aware there is new Data Protection Legislation coming into force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act.
This legislation will affect every business that handles personal data for clients or staff. Personal data has been defined by the act as ‘any information relating to an identifiable person who can be directly or indirectly identified’, this will include such data as name and contact details, but may also be information such as IP Addresses.
This Notice describes how we collect, use, share, retain and safeguard personal data.
This Notice sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of this and may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences.
For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.
In order for us to provide our range of services, we will collect and process personal data about you. We will also collect your personal data where you request information about our products, promotions and campaigns. You can opt out from receiving such communications services at any time by emailing firstname.lastname@example.org
You may provide us with personal data when you contact us via the telephone, when writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you.
We will share your personal data within our company only. We will not share your personal data with third parties, unless it is necessary where we are required to do so by law.
We will use your personal data for the performance of our contract with you, to provide our services, to respond to any requests from you about the services we provide and to process complaints.
We may use your data to share with you offers and special events. You may request to be withdrawn from all such marketing activities at any time.
In some situations, we may request your consent to market our products and services to you. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our Data Privacy Representative at email@example.com
We will retain your personal data at the end of any contractual agreement indefinitely. Where you make a complaint, we will retain the data for 10 years. Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data.
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests.
Sometimes we may need to retain your data for longer, for example if we are defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
– The right to be informed about the personal data being processed;
– The right of access to your personal data;
– The right to object to the processing of your personal data;
– The right to restrict the processing of your personal data;
– The right to rectification of your personal data;
– The right to erasure of your personal data;
– The right to data portability;
– Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our group of practitioners and authorised third parties.
To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Representative who reports to our senior management team. The Data Privacy Representative is Roger Cotton, who may be contacted at: firstname.lastname@example.org