The EU General Data Protection Regulation (GDPR) became EU law in May 2016 and replaces the 1995 Data Protection Directive. Together GDPR and the Data Protection Act 2017 form the legal framework that now protects information that organisations hold about individuals in the UK. The new legal framework represents the most far reaching data protection reforms in over 20 years and takes effect from 25 May 2018. The GDPR is designed to protect citizens from privacy and data breaches and we as an organization are fully compliant.
This new law is built around the principles of transparency and control. Whilst we have always ensured your Privacy is important to us, in light of the new regulation coming into force across the EU, we have updated our Privacy. This will apply from the 25 May 2018.
We collect your data directly from you when you make an enquiry with Keith Davidson Partnership and also when you enter into a legally binding agreement to include:
We do not share your data with any other body outside Keith Davidson Partnership and we do not use your data for marketing purposes.
We use your data for the necessity of performance of a contract. We also use your data to inform you of any promotional offers within the organisation. If you do not want to be kept informed of any promotional offers you should contact our Head Office in writing or by email at firstname.lastname@example.org.
We only process your data on a legitimate basis and the processing of your data in the context of a contract or the intention to enter into a contract. This is the legal basis upon which we are entitled to retained and use your data.
The new Money Laundering Regulations 2017 provide that personal data must only be processed for the purposes of money laundering and terrorist financing. This is the legal basis upon which we are entitled to use and retain your data.
GDPR gives everyone the right known as “subject access” free of charge. Provided your request is not clearly unfounded you are entitled to see all the information we hold and if the data we hold is inaccurate or incomplete you are entitled to have the information we hold rectified. Any request should be made to our Data Protection Officer via the email address.
The request is made under the Freedom of Information Act 2000. When making a request we will need your full name, address, email address, phone number and information about your request.
We only keep your data for 6 years after the performance of the contract expires. We only keep your data as required by law.
You have a number of rights under data protection law. These rights and how you can exercise are set out below: –
You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data. You can find out how to do this by visiting www.ico.org.uk.
Policy Updated on 20 March 2019