Data protection principles
When collecting and processing your personal data we will comply with the data protection principles as outlined in the General Data Protection Regulation 2018, which say that personal data must be:
- Processed fairly, lawfully and in a transparent manner.
- Processed for the specific purposes for which it was collected.
- Adequate, relevant and not excessive for the purpose for which it was collected.
- Accurate and up to date.
- Not kept longer than necessary for the purpose for which it was collected.
- Processed in a secure manner.
"Personal data" means any information relating to an identified or identifiable natural person. It may include contact details, other personal information. "Processing" means doing anything with the data, such as storing, accessing, disclosing, destroying or using the data in any way.
Fair and lawful processing
To process your personal data, we must have a “lawful basis” for doing so. As a customer of Glendining signs Ltd we will collect personal data (such as your name and phone number) relating to you to enable us to fulfil our transaction with you. This transaction may include interactions such as a reply to an enquiry, quote, or order to supply products. The lawful basis on which we will be relying to process your personal data is “for the performance of a contract with you (the data subject) or to take steps to enter into a contract”. For the avoidance of doubt the term “Contract” in this instance shall mean any transactional interaction between you (the data subject) and Glendining Signs ltd.
How we are likely to use your personal data
As outlined above, we will use your personal data to allow us to fulfil your enquiry or contract with Glendining Signs Ltd.
We will not keep your personal data for longer than is necessary for legal reasons or the purposes outlined above. All personal data is retained in accordance with our Data Retention Policy, based on current legislation.
Processing in line with your rights
You have the right to:
- Request access to any personal data we hold about you.
- Ask to have inaccurate data held about you amended.
- Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
- Object to any decision that significantly affects you being taken solely by a computer or other automated process.
Providing information to third parties
As part of a business relationship transactional interactions between your employer and Glendining Signs ltd. may contain personal data, such as your name and contact details, as necessary for the purposes of our joint legitimate interests. This data will be kept to a minimum and only shared as required to fulfil the organisation’s contract. For the avoidance of doubt the term “Contract” in this instance shall mean any transactional interaction between your organisation and Glendining Signs ltd.
We will not provide your personal data to any third party unless it is essential for the performance of a contract with you (the data subject) and only then providing that the third party satisfies all GDPR requirements and other relevant data security requirements as specified by Glendining Signs Ltd.
Or if it is for the purposes of:
- the prevention or detection of crime.
- the capture or prosecution of offenders.
- the assessment or collection of tax or duty.
Or if the Company is required to disclose it:
- by or under any UK enactment.
- by any rule of common law.
- by an order of a court or tribunal in any jurisdiction.
In these circumstances, the legal obligation overrides any objection the individual may have.
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. As previously stated, we will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they have in place their own adequate measures that are satisfactory to us.
Subject access requests
You have the right to know what personal data we hold about you. If you wish to access your personal data please contact Chris Lake at email@example.com or 0118 932 3788 who will arrange for your personal data to be provided to you in accordance with our legal obligations under the Act.
Breaches of data protection principles
If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with Chris Lake at firstname.lastname@example.org or 0118 932 3788. All such concerns will be investigated with the utmost seriousness and professionalism and in accordance with our obligations under the Act.
If you believe that we have not handled any complaints relating to your personal data appropriately, you can contact the Information Commissioner’s Office (www.ico.gov.uk) who will be able to guide you as to the your options should you wish to pursue the matter further.