GDPR Compliance Statement
We are committed to the principles of the GDPR and particularly to the concepts of privacy, the right to be forgotten and consent. In addition, we aim to ensure:
transparency with regard to the use of data
that any processing is lawful, fair, transparent and necessary for a specific purpose
that data is accurate, kept up to date and removed when no longer necessary
that data is kept safely and securely.
Our GDPR policy is available on request by emailing firstname.lastname@example.org or by completing the request form
A copy has been made available to all clients, employees, contractors and suppliers associated with this Company.
Right to be forgotten
We recognise the right to erasure, also known as the right to be forgotten, laid down in the GDPR. Individuals should contact email@example.com with requests for the deletion or removal of personal data. These will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply. These exemptions include where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
Subject access requests
We recognise that individuals have the right to access their personal data and supplementary information and will comply with the one month timeframe for responses set down in the GDPR. As a general rule, a copy of the requested information will be provided free of charge although we reserve the right to charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the data subject will be informed of their right to contest our decision with the Information Commissioner’s Office (ICO).
Any fee will be notified in advance and will be based on the administrative cost of providing the information.
Privacy information is set out in our policy which is provided to anyone from whom we collect data, explains our lawful basis for processing the data and gives the data retention periods. It makes clear that individuals have a right to complain to the ICO
If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the people affected will be informed as soon as possible and the ICO will be notified within 72 hours.
Any questions related to GDPR or to issues concerning data protection generally should initially be addressed to firstname.lastname@example.org