Like every organisation, we are required to comply with the new EU General Data Protection Regulation (GDPR), which came into force on 25th May 2018 replacing the 1998 Data Protection Act. The GDPR aims to protect the privacy, rights and freedoms of all EU citizens, and places stricter requirements on organisations relating to how they process personal information. This new law will not be affected by Brexit. The UK Government is currently processing further law (the Data Protection Bill), which will enhance the provisions of the GDPR and clarify areas of it that have been left to individual states to govern.
Although we’ve always been very careful with the data we hold, we have taken this opportunity to declutter and create a fresh look to help you find what you need more easily.
Personal Information is defined as any information (data) which can be used to directly or indirectly identify a living individual. This can include obvious things like: your name; date of birth; National Insurance number; driving licence number; home or work address, postcode; telephone and mobile numbers; email addresses. It also protects your identification through less obvious things like your computer IP address and device location data. There are also categories of data which are considered as Sensitive Personal Information such as: health and medical details, including biometric and genetic data; political or religious beliefs; sexual preferences and orientation. Processing Sensitive Information is prohibited except under certain circumstances.
Your Rights: The GDPR brings clarity to your rights whenever a company collects information about you. You are entitled to the following:
Principles of Data Protection: In addition to your rights as a “Data Subject”, the GDPR also outlines several specific principles that organisations should adhere to in order to help maintain the integrity and security of your data. These principles are intended to support your rights as outlined above. Processing should be:
Data Sharing: We don’t usually share your information with any other parties, however, there are occasions when we might have to, for example to provide a delivery agent with your address. If we do, we will endeavor to obtain your consent before sharing your information although there may be times when we do this without obtaining your permission, for example where a third party performs a duty directly on our behalf and under our instruction.
Data Privacy Notices (DPNs): Where we collect your information for any purpose, we are required to inform you: who we are, what information we are collecting, why we need it, the lawful basis for obtaining it, how long we will keep it for and how we will use it. You can view examples of our DPNs via the links below – we will have specific notices for certain events or actions, for example store openings, customer feedback, customer services, promotions/competitions/draws and your online account management.
You’re in Control: We take Data Protection very seriously, for you, other customers, our staff. If you need to get in touch with our Data Protection Officer, email firstname.lastname@example.org
You may also write to: B There, PO Box 1621, Berkhamsted, HP4 9EL.