We are committed to complete compliance with the General Data Protection Regulation ("GDPR") and all other applicable data protection legislation, as well as being completely transparent about how we collect and use your personal data.
We only control and process personal data in accordance with the following data protection principles:
· we control and process personal data lawfully, fairly and in a transparent manner;
· only for specified, explicit and legitimate purposes;
· in ways that are limited to what is strictly necessary for the purposes of controlling and/or processing;
· we ensure all personal data we control and/or process is accurate and we take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay;
· we do not keep personal data any longer than strictly necessary; and
· we apply appropriate measures to make sure that personal data is secure, protected against unauthorised or unlawful processing and accidental loss, destruction or damage.
We will always tell individuals the reasons why we control and/or process their personal data, how we use such data and the legal basis for our doing so. We will not control or process personal data for other reasons. Where we rely on our legitimate interests as the basis for controlling and/or processing data, we will carry out an assessment to ensure that those interests are not overridden by the rights and freedoms of the relevant data subjects.
We hold personal data under one or more of the following permitted reasons provided by GDPR, so at least one of these reasons will apply to your personal data if we hold it:
(a) Consent: you have given clear and informed consent for us to process your personal data for a specific purpose;
(b) Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations); and
(d) Legitimate interests: the processing is necessary for our legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
As a data subject, individuals have a number of rights in relation to their personal data.
Individuals have the right to make a subject access request. To make a subject access request, you should send the request to firstname.lastname@example.org. We may need to ask for proof of identification before a request can be processed.We will respond to a request within a period of one month from the date we receive it. If a request is unfounded or excessive, we will notify the data subject that this is the case and whether we will respond to it.
Individuals have a number of other rights in relation to their personal data. You can require us to:
· rectify inaccurate data;
· stop processing or erase data that is no longer necessary for the purposes of processing;
· stop processing or erase data if the individual's interests override the organisation's legitimate grounds for processing data (where the organisation relies on its legitimate interests as a reason for processing data);
· stop processing or erase data if processing is unlawful; and
· stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual's interests override the organisation's legitimate grounds for processing data.
To ask us to take any of these steps, you should send a request email@example.com.
We take the security of personal data extremely seriously. If we discover that there has been a data security breach involving personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner on discovery.