You will no doubt be aware the General Data Protection Regulation (“GDPR”) came into force from 25th May 2018.
What’s new with GDPR?
Whilst in reality the introduction of GDPR is an evolution of existing laws and improvements and sharing of best practice.
Action Enviro Ltd strive to keep up with best practice in relation to collection, storage and processing of your personal data and will continue to do so. We take your privacy very seriously and adhere to the highest standards to protect your personal information.
What data do we hold and what we do with it?
In reality nothing will change in the way in which we use your personal data.
We collect data about you in in relation to our dealings with you as a customer.
The data we collect/store about you is: Name, address and contact details e.g.. Phone and email this we use to contact you for our service and installation information. We would also use it to send out our letters, quotes and invoices.
We always take great care of your personal data giving it the respect and security it deserves. If you have any questions about how we collect, store and use your personal information, or if you have any other privacy-related questions please contact us by email email@example.com an put ‘privacy correspondence’ in the title line.
What happens next?
There is no need for you to take any action, Action Enviro Ltd will keep servicing your equipment.
Thank you for taking the time to read this we hope to continue to be of service to you.
Handles the Personal Data of our customers, suppliers and other third parties.
- Under the GPDR individuals have the right to be informed about how their Personal Data is being processed. The regulation clearly stipulates that this must be done in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
- The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonise data protection legislation across EU member states, enhancing, the privacy rights for individuals. It applies to organisations processing Personal Data which have an establishment within the EU and also those organisations which operate outside the EU but offer goods or services to, or monitor the behaviour of, individuals in the EU. The GDPR is applicable from 25 May 2018
- Overall the GDPR provides the following rights for individuals. Many of which apply whatever the basis of processing, although there are some exceptions:
- The right to be informed how Personal Data is process (Article 13)
- The right of access to their Personal Data (Article 15)
- The right to rectification (Article) 16)
- The right to erasure (Article 17)
- The right to restrict processing (Article 18)
- The right to data portability (Article20)
- The right to object (Article 21)
- Rights in relation to automated decision making and profiling (Article22)
- The GDPR sets out six lawful grounds for processing, and these are set out in Article 6.1 as follows:
- CONSENT – the individual has given their consent to the processing of their Personal Data
- CONTRACTURAL – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual.
- LEGAL OBLIGATION – processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject.
- VITAL INTERESTS – processing of Personal Data is necessary to protect the vital interest of the individual or of another individual.
- PUBLIC TASK – processing of Personal Data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- LEGITIMATE INTERESTS – processing is necessary under the Legitimate Interests of the Controller or Third Party, unless these interests are overridden by the individual’s interests or fundamental rights.
- In addition to ‘Consent’ the options under which we can operate as a business allows the application of either (or both) of ‘Contractual’ and ‘Legitimate Interests’ . Of these we have decided that the lawful ground of ‘Contractual’ best fits the business model.
How do we use your personal information?
- We store your personal data on a secure drive which is also password protected, where further user privileges are used to maintain a secure data boundary. We will retain your personal data until such time as you request deletion.
- In the unlikely event any submission requires the transfer of your personal data outside the United Kingdom we will request your explicit permission by way of an e-mail from you.
- You always have the right to request that we delete any of your personal data that we hold.
- To avoid the possibility of an unauthorised release of your personal data all documents containing such data will be transferred to third parties in an encrypted form.
- All communication concerning your personal data will be archived on our secure server.
- We will only store personal data that is relevant to our business.
- We will store data as long as is necessary and to ensure that we meet our legal obligations.
- We do not send any personal data outside of the EEA.
If you have any questions about our use of your data, please contact us as soon as possible.