Your personal data rights
The personal data we hold about you is yourdata, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them (generally free of charge).
You have the right to request a copyof all personal data we hold relating to you. You also have the right to require us to correctany mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consentyou can withdraw that consentand we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated.
Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to objectwhere we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
In certain situations, you have the right to require us to erasepersonal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to requestrestriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Finally, you have the right to request thetransferof your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, which we carry out based on your consent or where it is necessary to perform a contract with you.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below). Please note:
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- We try to respond to all legitimate requests quickly, but in any event within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your rights to lodge a complaint with the Regulator
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.
Automated processing of your personal data
We do not undertake any automated processing of personal data, or profiling.
Note that you have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We do not use your personal data in a way that makes such decisions.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Other purposes for processing personal data
We don’t process your personal data for any other purpose than we’ve described here. We won’t sell your personal data to other companies.
As we develop our activities and services, we might add new data processes that use your personal information. Should we decide that we want to develop a new processing purpose, we will contact you to let you know what we intend to do, the lawful basis we will use, and your rights over our intended new processing. We’ll also publish information about it here.
Changes to this privacy notice
This privacy notice was last updated on 25thMay 2018 and historic versions can be obtained by contacting us.
We may change this privacy notice from time to time by amending this page.
How to contact us
If you have any questions, concerns or just want some more information about our privacy management, drop us a line at firstname.lastname@example.org.