New Data Protection Regulation
The General Data Protection Regulations (GDPR) come into force on 25th May 2018 superseding the UK’s Data Protection Act 1998. The UK is currently passing its own Data Protection Bill through Parliament which will go over and above the GDPR requirements.
It is a legal requirement for the Company to comply with the GDPR. It is also the Company’s policy to ensure any personal data held by us in whatever form be treated with sensitivity and privacy, as befits such information.
The Company needs to keep certain information about its employees, customers, and suppliers for financial and commercial reasons and to enable us to monitor performance, to ensure legal compliance and for health and safety purposes.
This notice sets out how we seek to protect personal data. To ensure the implementation of the Data Protection Policy the Company has designated an employee as a Data Protection Manager. All enquiries relating to the holding of personal data should be emailed to firstname.lastname@example.org.
The types of personal data we collect and use
Whether you are a customer, a supplier or an employee, we will use your personal data to manage our dealings with you, perform our contractual obligations and provide services you ordered. We will collect this directly during initial inquiry made by you. The personal data you use may include:
Full name and personal details including contact information (e.g. home address, email address, home and mobile phone numbers).
Financial information (e.g. bank details)
Records of performance in case of employees
Records of products and services in case of customers
Providing your personal data
We will inform you if providing some personal data is optional and we will ask for your consent. In all other cases, you must provide your personal data so we can process your order and fulfil our contractual obligations.
Monitoring of communications
Subject to applicable laws, we will monitor and record your emails, calls and text messages in relation to your dealings with us. We will do this to for quality control, staff training, and when we need to see a record of what has been said.
Using your personal data: the legal basis and purposes
We will process your personal data:
1. As necessary to perform our contract with you for the relevant service:
a) to manage and perform the contract
b) to update our records
2. As necessary for our own legitimate interests or those of other persons or organisations, e.g.:
a) For good governance, accounting, managing and auditing our business operations;
b) To monitor emails, calls, other communications on your account;
c) For market research, analysis and developing statistics;
d) To send you marketing communications.
3. As necessary to comply with a legal obligation, e.g.:
a) When you exercise your rights under data protection law and make requests;
b) For compliance with legal and regulatory requirements and related disclosures;
c) For establishment and defence of legal rights;
d) To monitor emails, calls, other communications on your account.
4. Based on your consent, e.g.:
a) When you request us to disclose your personal data to other people or organisations such as a subcontractor providing services on our behalf;
b) To send you marketing communications where we have asked for your consent to do so.
You’re free at any time to change your mind and withdraw your consent. The consequences might be that we won’t be able to provide certain services for you.
Sharing of your personal data
Subject to applicable data protection law, we may share your personal data with:
Subcontractors and other persons who help us provide our products and services;
Our legal and other professional advisors, including our auditors;
Government bodies and agencies in the UK (HM Revenue & Customs) who may, in turn, share it with relevant overseas tax authorities and with regulators (e.g. the Financial Conduct Authority, the Information Commissioner’s Office);
Courts to comply with legal requirements and for the administration of justice;
In an emergency or to otherwise protect your vital interests;
Anyone else where we have your consent or where it is required by law.
Your marketing preferences
We will use your home address, telephone numbers and email address to contact you according to your preferences. You can change your preferences or unsubscribe at any time by contacting us.
Criteria used to determine retention periods
The following criteria are used to determine data retention periods for your personal data:
Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your query.
Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us
Retention in accordance with legal and regulatory requirements. We will retain your personal data after the service has been provided based on our legal and regulatory requirements.
Your rights under applicable data protection law
Your rights are as follows:
The right to be informed about our processing of your personal data;
The right to have your data corrected if it’s inaccurate and to have incomplete personal data completed;
The right to object to processing your data;
The right to restrict processing of your personal data;
The right to have your personal data erased (the “right to be forgotten”);
The right to request access to your personal data and information about how we process it;
The right to move, copy or transfer your personal data (“data portability”).
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.