Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Our marketing communications
We may use your personal information to contact you to inform you about services we believe might be of interest to you via email or text message (we call this marketing communications).
You can ask us to stop sending you marketing communications at any by following the unsubscribe links on any marketing communications sent to you or by contacting us at any time.
Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us as a result of the provision of our services and we will still be required to contact you in relation to the services we provide.
Sharing personal information
Normally, only our employees will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of data protection law.
Where necessary or required, we may share your personal information as follows:
- With third party service providers, in connection with services performed on our behalf.
- With government bodies and law enforcement agencies.
- With our insurers and legal advisers.
This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:
- To meet our legal obligations.
- In connection with legal proceedings (or where we are instructed to do so by Court order).
Our relationships with third party service providers are governed by contractual provisions with us and they only have access to personal information to perform the described purposes and may not use it for other purposes.
Where we store personal information
The personal information that we collect is stored within the UK and European Economic Area (EEA). However, there may be some circumstances where it is necessary to transfer and store personal information at a destination outside the UK or the EEA.In these circumstances, we will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with data protection law and, in the event that personal information is transferred outside the UK or the EEA, shall ensure that this is carried out subject to the requirements of the UK GDPR.
How long we keep it for
We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are available upon request. After this period, we will securely destroy or anonymise personal information in accordance with data protection law.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under the UK GDPR and the Data Protection Act 2018, you have the following rights:
- Right of access – You have the right of access to information we hold about or concerning you.
- Right of rectification or erasure – If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.
- Right to restriction of processing – In certain circumstances, you have a right to request that we refrain from processing your data.
- Right of portability – In certain circumstances, you have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller.
- Right to object – In certain circumstances, you have a right to object to our processing of your personal data.
- Right to withdraw consent – In the circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose has been provided, you have the right to withdraw consent for that specific processing at any time.
To exercise any of these rights, please contact us using the contact details below.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have a concern about the way we are collecting or using personal information, we would ask that you raise your concern with us in the first instance by using the contact details below.
You also have a right to lodge a complaint with the Information Commissioner’s Office (ICO) should you feel that we have not handled your information in line with legislative and regulatory requirements. They can be contacted at:
Information Commissioner’s Office
0303 123 1113 | www.ico.org.uk
For further information on how to request your personal information, exercise any of your data protection rights or request further information in relation to how and why we process your information, you can contact us by emailing firstname.lastname@example.org