Data Protection & GDPR
Privacy and Personal Data Protection Policy
In collecting and using personal data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps Greenpoint Computer Services Limited is taking to ensure that it complies with GDPR in this regard.
1 Privacy and Personal Data Protection Policy
1.1 Personal Data
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
1.2 Your Rights
The data subject has rights under the GDPR. These consist of:
- The right to be informed
- The right of access
- The right to rectification
- The right to be forgotten
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Each of these rights is supported by appropriate procedures within Greenpoint Computer Services Limited that allow the required action to be taken within the timescales stated in the GDPR.
If you would like to exercise any of these rights, please contact us via the details within section 1.7 of this document.
1.3 Lawfulness of Processing
We will only collect and use customers personal data when the law allows us to under one of the following areas:
- We have a legal obligation
- We have a legitimate requirement
- We have obtained consent to use it in a certain way
- We need it to perform an official task in the public interest
- We need to protect the individual’s vital interests (or someone else’s interests)
Most commonly we will collect and use customers personal data when:
- We have a contract with your organisation
- Where the personal data collected and processed are required to fulfil a contract with the data subject. This will often be the case where the contract cannot be completed without the personal data in question e.g. contact information to deliver support services or a purchase cannot be made without an address to deliver or invoice to.
1.4 Security By Design
Greenpoint Computer Services Limited has adopted the principle of security by design and will ensure that the definition and planning of all new or significantly changed systems that may collect or process personal data will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments.
The data protection impact assessment will include:
- Consideration of how personal data will be processed and for what purposes.
- Assessment of whether the proposed processing of personal data is necessary.
- Assessment of the risks to individuals in processing the personal data.
- Assess what controls are necessary to address the identified risks and demonstrate compliance with legislation.
Use of techniques such as data minimisation and pseudonymisation will be considered where applicable and appropriate.
For any data we currently hold or may hold in the future we will:
- Only store data for as long as it is required or as long as you have given us your consent to retain it.
- Only store your data within the EU.
- Ensure all necessary steps have been taken to safeguard and secure your data.
As transmission of data via the internet is not completely secure it is advised you also take precautions when transferring data to us.
1.5 International Transfers of Personal Data
If Greenpoint Computer Services decides to transfer any personal data outside the European Union, the decision will be carefully reviewed prior to the transfer taking place. We will ensure that all measures are in place to secure information and fall within the limits imposed by the GDPR.
We take any complaints about how we collect and use your personal data very seriously. If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
You can make a complaint at any time by contacting our data protection officer using the contact details in section 1.7.
You can also complain to the Information Commissioner’s Office in one of the following ways:
- Report a concern online at https://ico.org.uk/concerns/
- Call 0303 123 1113
- Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
1.7 Contact Us
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice please address them to firstname.lastname@example.org