Data Privacy Notice
Our Data Protection Lead can be contacted at firstname.lastname@example.org.
We have produced this privacy notice in order to keep you informed of how we handle your personal data.
All handling of your personal data is done in compliance with the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”).
The terms “Personal Data”, “Special Categories of Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process”
(in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation.
“Data Protection Lead” is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.
What are your rights?
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
The right to be informed of how your Personal Data is used (through this notice);
The right to access any personal data held about you;
The right to withdraw consent at any time, by opting-out using the options present in communications;
The right to rectify any inaccurate or incomplete personal data held about you;
The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy;
The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
You can access certain of your personal data held about you by logging in to your account on the Webstore where you made your purchase.
You can also gain access to your personal data by emailing email@example.com with the subject line: “Subject Access Request”.
When you submit a ‘subject access request’, you will need to provide confirmation of your identity by contacting us using the email address associated with your profile or attaching a photocopy of your driver’s license or passport.
This is provided free of charge and our response will be made within thirty (30) days unless our Data Protection Lead deems your request as being excessive or unfounded.
If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request.
If you believe we have made a mistake in evaluating your request, please see the section ‘Who can you complain to?’.
What are the lawful bases for processing personal data?
Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are:
- your consent
- performance of a contract
- compliance with a legal obligation
- protection of your, or another’s vital interests
- public interest/official authority’
- our legitimate interests
If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at firstname.lastname@example.org.