On 25 May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). We hereby inform you of what data we collect and how we store/handle it in order to be compliant.
What We Collect and How We Use Your Data
We may collect and use personal information for the performance of a contract to which you are party. We have a duty to ensure that your data is secure and confidential at all times and we will only collect data that is required by us to perform the contract into which we have entered with you. This could also include passing on information to certain third parties in order to comply with our contractual duties, such as Local Authority, Consultants and Building Contractors. Personal information could include name, job title, postal address, email address, telephone numbers and site address. We do not sell any information to third parties and we do not transfer any personal data to countries outside the EEA.
The Company will generally hold personal data belonging to clients, customers and suppliers for a period of one year after the termination of the business relationship, but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records and (b) the retention of some types of personal data for up to twelve years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a County Court or High Court.
Personal data which are no longer to be retained will be permanently erased from our IT systems or securely and effectively destroyed, e.g. by cross-shredding of hard copy documents or placing them in confidential waste bins or by physical destruction of storage media, and we will also require third parties to destroy or erase such personal data where applicable.
Data Subject Rights
Under GDPR, in respect of individuals for whom we hold personal data, they have the right, on request, to obtain a copy of the personal data that the Company holds about them by making a written data subject access request (DSAR). This allows the data subject to check that we are lawfully processing their personal data. The data subject has the right to:
- confirmation as to whether or not their personal data are being processed
- access to copies of their specified personal data
- have inaccurate data corrected
- erasure, although this is not an absolute right and only applies in certain circumstances
- request a restriction or suppression of the processing of their data, again only applies in certain circumstances
- lodge a complaint with the Information Commissioner’s Office if they think the Company has failed to comply with their data protection rights
- data portability – this is the right to have your data provided in a format that is easily transferrable to other data processors
- object to the processing, however this will depend upon the legal basis for processing your data.
If you have any queries about how we use your personal information, you can contact our Practice Manager – Wendy Kelly: wendykelly@WestWaddyArchadia.co.uk