Need expert advice? Call us:
This policy outlines the rights that you have, under the General Data Protection Regulation (GDPR), in relation to the data we hold of you.
B) THE RIGHT TO BE INFORMED
Our privacy notice sets out:
a) the types of data we hold and the reason for processing the data;
b) our legitimate interest for processing it;
c) details of who your data is disclosed to and why, including transfers to other countries. Where data is transferred to other counties, the safeguards used to keep your data secure are explained;
d) how long we keep your data for, or how we determine how long to keep your data for;
e) where your data comes from;
f) your rights as a data subject;
g) your right to make a complaint to the Information Commissioner if you think your rights have been breached;
C) THE RIGHT OF ACCESS
You have the right to access your personal data which is held by us. You can find out more about how to request access to your data by reading our Subject Access Request policy.
D) THE RIGHT TO ‘CORRECTION’
If you discover that the data we hold about you is incorrect or incomplete, you have the right to have the data corrected. If you wish to have your data corrected, you should email email@example.com
Usually, we will comply with a request to rectify data within one month unless the request is particularly complex in which case we may write to you to inform you we require an extension to the normal timescale. The maximum extension period is two months.
You will be informed if we decide not to take any action as a result of the request. In these circumstances, you are able to complain to the Information Commissioner and have access to a judicial remedy.
Third parties to whom the data was disclosed will be informed of the rectification.
E) THE RIGHT OF ‘ERASURE’
In certain circumstances, we are required to delete the data we hold on you. Those circumstances are:
a) where it is no longer necessary for us to keep the data;
b) where we relied on your consent to process the data and you subsequently withdraw that consent. Where this happens, we will consider whether another legal basis applies to our continued use of your data;
c) where you object to the processing (see below) and the Company has no overriding legitimate interest to continue the processing;
d) where we have unlawfully processed your data;
e) where we are required by law to erase the data.
If you wish to make a request for data deletion, please contact firstname.lastname@example.org
We will consider each request individually, however, you must be aware that processing may continue under one of the permissible reasons. Where this happens, you will be informed of the continued use of your data and the reason for this.
Third parties to whom the data was disclosed will be informed of the erasure where possible unless to do so will cause a disproportionate effect on us.
F) THE RIGHT OF ‘RESTRICTION’
You have the right to restrict the processing of your data in certain circumstances.
We will be required to restrict the processing of your personal data in the following circumstances:
a) where you tell us that the data it holds on you is not accurate. Where this is the case, we will stop processing the data until it has taken steps to ensure that the data is accurate;
b) where the data is processed for the performance of a public interest task or because of our legitimate interests and you have objected to the processing of data. In these circumstances, the processing may be restricted whilst we consider whether our legitimate interests mean it is appropriate to continue to process it;
c) when the data has been processed unlawfully;
d) where we no longer need to process the data but you need the data in relation to a legal claim.
If you wish to make a request for data restriction, you should contact email@example.com
Where data processing is restricted, we will continue to hold the data but will not process it unless you consent to the processing or processing is required in relation to a legal claim.
Where the data to be restricted has been shared with third parties, we will inform those third parties of the restriction where possible unless to do so will cause a disproportionate effect on us.
You will be informed before any restriction is lifted.
G) THE RIGHT TO DATA ‘PORTABILITY’
You have the right to obtain the data that we process on you and transfer it to another party. Where our technology permits, we will transfer the data directly to the other party.
Data which may be transferred is data which:
a) you have provided to us; and
b) is processed because you have provided your consent or because it is needed to perform the employment contract between us; and
c) is processed by automated means.
If you wish to exercise this right, please speak to your manager.
We will respond to a portability request without undue delay, and within one month at the latest unless the request is complex or we receive a number of requests in which case we may write to you to inform you that we require an extension and reasons for this. The maximum extension period is two months.
We will not charge you for access to your data for this purpose.
You will be informed if we decide not to take any action as a result of the request, for example, because the data you wish to transfer does not meet the above criteria. In these circumstances, you are able to complain to the Information Commissioner and have access to a judicial remedy.
The right to data portability relates only to data defined as above. You should be aware that this differs from the data which is accessible via a Subject Access Request.
H) THE RIGHT TO ‘OBJECT’
You have a right to require us to stop processing your data; this is known as data objection.
You may object to processing where it is carried out:
a) in relation to the Company’s legitimate interests;
b) for the performance of a task in the public interest;
c) in the exercise of official authority; or
d) for profiling purposes.
If you wish to object, you should contact firstname.lastname@example.org
In some circumstances we will continue to process the data you have objected to. This may occur when:
a) we can demonstrate compelling legitimate reasons for the processing which are believed to be more important than your rights; or
b) the processing is required in relation to legal claims made by, or against, us.
If the response to your request is that we will take no action, you will be informed of the reasons.