Like every organisation, we are required to comply with the new EU General Data Protection Regulation (GDPR), which is in force from 25th May 2018 replacing the 1998 Data Protection Act. The GDPR aims to protect the privacy, rights and freedoms of all of our customers, and places stricter requirements on organisations relating to how they process personal information.
Although we’ve always been very careful with the data we hold, we have taken this opportunity to declutter and create a fresh look to help you find what you need more easily.
Personal Information is defined as any information (data) which can be used to directly or indirectly identify a living individual. This can include obvious things like: your name; date of birth; National Insurance number; driving licence number; home or work address, postcode; telephone and mobile numbers; email addresses, it is unlikely that we will ever ask you for this type of information.
Your Rights: The GDPR brings clarity to your rights whenever a company collects information about you. You are entitled to the following:
· To be informed when and how we collect, process or store your data. Ideally, this is done before your data is collected, however there may be times when this is not possible, for example when your data is not collected directly from you. In this case, organisations are now required to inform you that they have acquired your data within one month of its collection.
· To access information we hold about you. This information may include your address and email address.
· To rectify any discrepancies or errors in the information we hold about you. If we have stored any information about you, and you believe it to be incorrect, you may ask that it be rectified.
· To restrict processing. We’ll be honest here, other than processing your orders and handling service communications and marketing emails, we don’t tend to process your identifiable information. However, you may ask us to stop processing it, for example, if you want to take a break from receiving marketing communications.
· The right to data portability. If you want to transfer your data that we hold, we can.
· To object to processing, for example to stop receiving direct marketing communications.
· To ask us to erase the data we hold about you. However, you should note that there may be overriding legal statutory or regulatory reasons that prevent us from doing this.
· Where Automated Decision Making is used, there must be an option for human intervention.
Principles of Data Protection: In addition to your rights as a “Data Subject”, the GDPR also outlines several specific principles that organisations should adhere to in order to help maintain the integrity and security of your data. These principles are intended to support your rights as outlined above. Processing should be:
· Lawful, Fair and Transparent – In other words, we should have a legal reason for processing your data, we should be fair in processing your data and we should be transparent in processing your data.
· Limited Purpose – We should only process your data for the purpose that we informed you about, e.g. processing orders, sending product updates and offers, marketing, handling complaints. We should not use data collected for one purpose to fulfil another purpose.
· Data should be Minimal – We won’t ask you for more information than is necessary to carry out the activity we are collecting it for, any data we hold about you should be kept accurate and up to date.
· Storage Limitation – This means that we won’t keep your data for longer than is necessary to perform the purpose for which it was collected, or to satisfy any legal statutory or regulatory requirement to keep it.
· Integrity & Confidentiality – We will take every reasonable organisational effort and technical measure to protect the data we hold about you from unauthorised access, alteration or disclosure.
Data Sharing: We don’t usually share your information with any other parties, however, there are occasions when we might have to, for example to provide a delivery agent with your address. If we do, we will endeavour to obtain your consent before sharing your information although there may be times when we do this without obtaining your permission, for example where a third party performs a duty directly on our behalf and under our instruction.
Data Privacy Notices (DPNs): Where we collect your information for any purpose, we are required to inform you: who we are, what information we are collecting, why we need it, the lawful basis for obtaining it, how long we will keep it for and how we will use it.
You’re in Control: We take Data Protection very seriously, for you, other customers, our staff, and partners. If you need to get in touch with us, email [email protected].
Thank you for taking the time to read this,
Cutting Polishing kft.