Changes to UK data privacy law came into effect on 25th May 2018, under the General Data Protection Regulations (GDPR) which give people additional rights about the way their personal information is collected and used.
We recognise the importance of the personal information we receive from our customers, candidates, suppliers and all other parties. We take seriously our responsibility to use it appropriately and we welcome these additional protections.
We process this personal information primarily to provide services to you. By processing, we mean obtaining, recording, holding and using your data. You may also provide us with personal information about other people. In these instances, we ask that you have their authority to provide this information to us.
We will collect only personal information that you consent to provide, and hold it only on grounds permissible under GDPR; such as your explicit consent, to enter into or perform a contract, to satisfy a legal obligation, to maintain or protect your vital interests, to carry out public tasks or for legitimate business interests that are balanced and fair.
We will keep your personal information for as long as we provide you with our services and support. We may sometimes be obliged to keep your data longer for legal, regulatory or other governance reasons. If you would like any more details on our GDPR policy, or to request access to your data that we hold please email us at email@example.com. We will endeavour to update you on a regular basis regarding any changes we make to ensure the protection of your data.
GDPR Compliance: Privacy Notice 25th May 2018
This privacy notice applies to the processing (holding and using) of our customers and business partners personal data.
All personal data processed (held and used) by Vallum Associates Ltd is held for the purposes stated at the time of submission or collection and not for any other purpose, unless with your explicit consent.
Lawful grounds upon which we will process your data
We will only process your data on the following grounds that are approved and permitted under General Data Protection Regulations (GDPR); these being
Consent: Your explicit consent for us to hold and use your information: Under GDPR your consent must be informed, unambiguous, detailed, and require a positive action from you. We will never assume your consent, or infer it upon the grounds that you have not withheld it.
Contract: Processing your data is necessary to enter into or perform a contract with us.
Legal obligation: We are obliged to hold your personal data because of a common law or statutory requirement:
To protect or maintain your vital interests
To carry out public tasks
For legitimate business reasons
Purposes for which Vallum will process your data
Storing our customers’ and candidate's personal data in our systems for the purposes of administering our business
Grounds for processing: Your explicit consent when providing these contact details; To contact you for legitimate business purposes; To enter into or perfrom a contract with us
To verify your identity in anticipation that you exercise your rights in respect of your personal data
Gropunds for processing: For legitimate business purposes; To protect your vital interests
To offer and provide services and products you request from us or which we may think you are interested in, via email, telephone or other media.
Grounds for processing: Your explicit consent as to both your details, and the particular method which we use to contact you.
Sharing your data
We will not sell or rent your details to any third party.
We will not share your details with a third party except where specifically authorised to do so on lawful grounds: your explicit consent; to perform a contract, to fulfil a legal obligation; to protect your vital interests; to carry out public tasks or for legitimate business purposes
Retaining your data
We will only retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Notice. This may be up to 5 years, unless a longer retention period is required or permitted by law (which is typically the case in the context of our obligations under tax law).
Should you choose to unsubscribe from our mailing list, please note that your personal data may still be retained on our database to the extent permitted by law. Normally this will be on a ‘suppression list’ to ensure that we do not contact you in circumstances where you have withdrawn your consent.
Protecting and storing your data
We make all reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. We will store your data in the most secure environment possible, whether physically or electronically. A limited amount of people will have access to your personal data and only ever for the purposes and upon the grounds detailed in this Privacy Notice.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under GDPR, you have the following rights:
Right to be informed: You have the right to know how we process your information, you have the right to expect that we will hold all personal details in a secure and protected environment, and to know how we are meeting that obligation, you have the right to know how long your data will be kept for.
Right of access: You have the right to access any personal data that we. You can request access by making a Subject Access Request. Subject Access requests should typically be processed within 40 days.
Right of rectification: You have the right to expect that we will, without delay, rectify any data held about you that is inaccurate or requires updating.
Right to erasure (‘The Right to be Forgotten’): You have, at any time, the right to request that we delete any personal data we hold about you (unless we are obliged to hold it for legal reasons or to carry out public tasks). Any request under the Right to be Forgotten should be processed within 28 days.
Right to restrict processing: You have the right to request that we not process your data in any circumstances where you have concerns as to its accuracy, or in circumstances where you prefer this option to the erasure of your data.
Right to data portability: You have the right to have your data transmitted to you in a commonly used electronic format (e.g. by e-mail) and the right to share that data with another party without hindrance from us.
Right to object: You have the right to object to our processing your data on grounds relating to any particular situation, except in cases where you have explicitly consented to our processing your data (a consent you may withdraw), or in cases where we are required to process your data to perform a contract or fulfil a legal obligation.
The right not to be subject to automated decision-making: We are obliged to provide safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
We will be pleased to answer any queries you may have about our collection, use and storage of your data. Please contact: firstname.lastname@example.org
We will always work with you to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you always retain the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.