Privacy policy.
The General Data Protection Regulations (GDPR) Policy
1) Under the GDPR individuals have the right to be informed about how their Personal Data is being processed. The Regulation clearly stipulates that this must be done in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.
2) The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonise data protection legislation across EU member states, enhancing the privacy rights for individuals. It applies to organisations processing Personal Data which have an establishment within the EU and also those organisations which operate outside the EU but offer goods or services to, or monitor the behaviour of, individuals in the EU. The GDPR is applicable from 25 May 2018.
3) Overall the GDPR provides the following rights for individuals, many of which apply whatever the basis of processing, although there are some exceptions:
a. The right to be informed how Personal Data is processed (Article 13)
b. The right of access to their Personal Data (Article 15)
c. The right to rectification (Article 16)
d. The right to erasure (Article 17)
e. The right to restrict processing (Article 18)
f. The right to data portability (Article 20) g. The right to object (Article 21)
h. Rights in relation to automated decision making and profiling (Article 22)
4) The GDPR sets out six lawful grounds for processing, and these are set out in Article 6.1 as follows:
a. CONSENT – the individual has given their Consent to the processing of their Personal Data.
b. CONTRACTUAL – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual.
c. LEGAL OBLIGATION – processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject.
d. VITAL INTERERSTS – processing of Personal Data is necessary to protect the vital interest of the individual or of another individual.
e. PUBLIC TASK – processing of Personal Data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
f. LEGITIMATE INTERESTS – processing is necessary under the Legitimate Interests of the Controller or Third Party, unless these interests are overridden by the individual’s interests or fundamental rights.
How do we use your personal information?
1) We store your personal data on a secure drive and where further user privileges are used to maintain a secure data boundary. We will retain your personal data until such time as you request its deletion.
2) If any submission requires the transfer of your personal data outside the United Kingdom we will request your explicit permission by way of an e-mail from you.
3) You always have the right to request that we delete any of your personal data that we hold.
4) To avoid the possibility of an unauthorised release of your personal data all documents containing such data will be transferred to third parties in an encrypted form.
5) All communication concerning your personal data will be archived on our secure server.
6) The integrity of our processes will be tested at least yearly by way of penetration testing of our network.
This policy will be communicated to clients in proposal documents with the following words: By confirming my acceptance of this proposal, you are agreeing to the use of personal and company data given for the purposes of the contract by Trevor Waldock and that you consent to Trevor Waldock storing such data in order to carry out the obligations of the assignment until such time as you request its erasure.