The EU General Data Protection Regulation (GDPR) became EU law in May 2016 and replaces the 1995 Data Protection Directive. Together GDPR and the Data Protection Act 2017 form the legal framework that now protects information that organizations’ hold about individuals in the UK.
The new legal framework represents the most far reaching data protection reforms in over 20 years and takes effect from 25 May 2018. The GDPR is designed to protect citizens from privacy and data breaches and we as an organization are fully compliant.
This new law is built around the principles of transparency and control. Whilst we have always ensured your Privacy is important to us, in light of the new regulation coming into force across the EU, we have updated our Privacy. This will apply from the 25 May 2018.
Keeping your data safe
- Who we are
- Who is in control?
- What data do we collect and where from?
We collect your data directly from you when you make enquiry with the Organizations and enter into a legally binding agreement to include: -
- Your full name.
- Your full address to include your postcode.
- Your date of birth.
- Your telephone number.
- Your email address (should you chose to provide it).
- A copy of a recent utility bill.
- A copy of your photographic identification.
- What do we use your data for?
We do not share your data with any other body outside the Organization and we do not use your data for marketing purposes. We use your data for the necessity of performance of a contract. We also use your data to inform you of any promotional offers within the Organization. If you do not want to be kept informed of any promotional offers you should contact our Head Office in writing or email firstname.lastname@example.org.
- What is our legal basis for using your Data
We only process your data on a legitimate basis and the processing of your data in the context of a contract or the intention to enter into a contract. This is the legal basis upon which we are entitled to retained and use your data.
The new Money Laundering Regulations 2017 provide that personal data must only be processed for the purposes of money laundering and terrorist financing. This is the legal basis upon which we are entitled to use and retain your data.
- Are you able to see the data we hold?
GDPR gives everyone the right known as “subject access” free of charge. Provided your request is not clearly unfounded you are entitled to see all the information we hold and if the data we hold is inaccurate or incomplete you are entitled to have the information we hold rectified. Any request should be made to our Data Protection Officer via the email address.
The request is made under the Freedom of Information Act 2000. When making a request we will need your full name, address, email address, phone number and information about your request.
- How long do we keep your data for?
We only keep your data for 6 years after the performance of the contract expires. We only keep your data as required by law.
- What rights to you have?
You have a number of rights under data protection law. These rights and how you can exercise are set out below: -
You have a right to access your information.
You can request your data from our Data Compliance Officer.
We will respond to any legitimate request under the Freedom of Information Act 2000 within 30 days of receiving from you your request and any necessary proof of identity. If your request is particularly difficult or complex, or if you have made a large volume request, we will inform you within 30 days why we need longer to respond and will inform you how long we envisage it will take to comply with your request.
- What if you have a complaint?
You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data. You can find out how to do this by visiting www.ico.org.uk.
- How can you contact us?
Policy Updated on 25 May 2018