1. Data protection principles
We are committed to processing data in accordance with our responsibilities under the GDPR. Article 5 of the GDPR requires that personal data shall be:
a. processed lawfully, fairly and in a transparent manner in relation to individuals;
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, is erased or rectified without delay;
e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
2. What type of information we have
We collect and process the following information:
- Names of individuals
- Postal addresses
- Email address
- Telephone numbers
- Job titles
- Employee data
- Website user stats
- Social media posts
3. How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- interacting with us in person, through correspondence, by phone, by social media or through our website
- entering into a contract with us.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting email@example.com
(b) We have a contractual obligation.
(f) We have a legitimate interest
4. What we do with the information we have
We use the information that you have given us in order to:
- Perform contractual obligations
- Deliver our services
- Follow up on incoming requests (email, phone calls)
- Reply to emails sent through our website
- Meet legal obligations
- Recruitment and processing job applications.
We do not share, sell, rent or trade your information with any third parties.
5. How we store your information
Your information is securely stored on a computer hard drive, protected by strong passwords that are changed on a regular basis and never shared between employees. The computer is protected by approved security software and a firewall.
Access to personal data is limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information.
We keep personal data for two years, unless legally required to retain it for longer. After that time, we will then dispose of your information by deleting it from the computer hard drive and from any back-ups.
6. Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113