The General Data Protection Regulation, GDPR for short, became UK law with effect from May 25th 2018 through the Data Protection Act 2018.
The essential change the new law makes is to give you more control over the data we hold about you.
As providers of recycling equipment to third parties, we have only ever collected your name, job title and work address, plus details about the company for whom you work.
That’s all we need in order to provide our business products and support to your business.
Under the latest legislation, you will have the right to see what personal information we hold about you. How we collect it and use it. You also have the right not to be included in the readership of any of our products, this is referred to as “The Right to be Forgotten” in the new legislation.
We understand the importance of maintaining the confidentiality of any information you may provide and we remain committed to your to privacy.
Personal Data – What it is and why we hold it.
It is your name, the job title or job function associated with your employment; the address at which you work and the name of the company that employs you. We hold no personal details beyond this unless you have provided your home address or a personal telephone number or email address as an alternative delivery point for our information.
The Data Subject – who is it?
This is any person who provides Personal Data directly, or indirectly via a colleague who provides their contact details. The Data Subject has the right to know what information is held, how it is being used and by whom, and to end their inclusion on such lists.
Data Controller – what it is and what it does.
Is the entity responsible for the collection, maintenance, security and use of Personal Data.
Its obligations include the maintenance of privacy and security of Personal Data; to provide the Data Subject with access to the information on file; to meet the requests of the Data Subject in relation to their personal record. This may ultimately include a restriction of use, or the removal of that data.
The Right to be Forgotten
Perhaps GDPR’s strongest element, is the conformation in law of the right of the individual to stop the inclusion of their Personal Data in any distribution list, where there is not a legal requirement for such inclusion.
This is the most flexible lawful basis for data processing. It is most appropriate where personal data is used in a way data subjects would reasonably expect, and which has a minimal privacy impact upon them. Legitimate Interests can be those of the Data Controller or third parties, or the Data Subject their self. It can embrace commercial interests but the processing must be that necessary to achieve the end result, whilst taking account of the individual’s interests and rights of privacy.
Request to be Forgotten
Where you wish to exercise your right to be forgotten, please do so by contacting Shaun Perry on 01458 860264 or via firstname.lastname@example.org . We will remove all personal data relating to you within the regulation’s statutory 30 day period.
Is it a legal (statutory or contractual) requirement for you to provide us with your personal data?
If you chose not to provide certain information when requested, we may not be able to perform any contract we have entered into with you or we may be prevented from complying with our legal obligations. For example, not providing us with your company email address then we are unable to e-mail you quotes for our products and services.
Who might we share your personal data with?
We have outsourced IT support. We have a contract in place that requires them to keep your personal data secure and in accordance with the requirements of UK data protection law and never to use it for their own purposes.
We may transfer your personal information to a third party as otherwise permitted by UK data protection law, for example to our legal advisors or in order to comply with a legal requirement or obligation placed on us by law.
Other than as referred to above, Middleton Engineering limited will never sell or share personal information with third parties.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
How long do we keep your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for satisfaction of any legal, accounting, or reporting requirements.
What are your data protection rights?
As a “data subject” under GDPR you have a set of specific rights and we are required to make you aware of the existence of these rights. They are in outline:
- The right to request from us, as the data controller, access to your personal data;
- The right to request rectification of your personal data;
- The right to request erasure of your personal data;
- The right to request a restriction on the processing of your personal data;
- The right to object to the processing of your personal data;
- The right to data portability.
For further details on these rights, when they apply, how to exercise them and the exemptions and wider rules that apply to such rights, please visit the Information Commissioner’s website at www.ico.org.uk.
Your right to complain to the Information Commissioner’s Office
If you are unhappy with how Middleton Engineering Limited is using your personal data we would encourage you to raise this concern with us.
You have the right to lodge a complaint about our compliance with the UK data protection legislation with the applicable regulator for data protection. This is the Information Commissioner’s Office. For more information you can visit their website at www.ico.gov.uk
Use of automated decision making or profiling
We do not carry out automated decision making or profiling.
Our systems are protected against unauthorised access using security devices and firewalls. We have put in place other appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes to the personal data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Middleton Engineering Ltd.