What information we collect about you
We collect your data when you:
We use your personal data to:
Lawful basis of processing your data
The GDPR set out the following lawful bases: (a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose. (b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. (c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations). (d) Vital interests: the processing is necessary to protect someone’s life. (e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. (f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. We will only use your personal information when the law allows us to, for example:
Access to your information and correction
You have specific rights in relation to the personal information we hold about you. These include your rights to request we:
We encourage you to become familiar with the privacy practices of every website you visit and third part service provider that you deal with. You should always exercise caution before clicking any external link and please remember that use of these links is at your own risk and we cannot be held responsible for damages from your use of any links.
Keeping your personal data safe
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include firewalls and encrypted back-ups. In addition, we limit access to your personal information to employees. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Where we keep personal data files on local devices, these devices are protected and accessible only to authorised employees. We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. We regularly review our security systems to ensure that your personal data remains safe and secure.
How long do we keep your personal data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, this includes satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.