The following is to explain your rights and give you the information you are entitled to under the General Data Protection Regulation 2018 and the UK Data Protection Act 1998.
Data Controller contact
The QEII Centre is the data controller. The Data Protection Officer can be contacted at firstname.lastname@example.org
Why we are collecting your data?
Your personal data is being collected to enable us to carry out our function with regards to running events at the Centre.
We may also use it to contact you about invitations to showcases, surprise treats through the post as well as news and offers. Use of your data for this purpose will only be carried out on an opt-in basis.
Our legal basis for processing the data
Data protection legislation sets out when we are lawfully allowed to process your data. The lawful basis that applies to this processing is Article 6, section 1(b) of the GDPR which states that ‘processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.
Alternatively, for marketing data we use Article 6, section 1(a) of the GDPR which states that ‘the data subject has given consent to the processing of his or her personal data for one or more specific purposes’.
We may also have to hold certain types of data by law. This is covered under Article 6, section 1(c) of the GDPR which states that ‘processing is necessary for compliance with a legal obligation to which the controller is subject’.
With whom we will be sharing the data?
In order for us to provide services and equipment for events, it will occasionally be necessary to share information with our suppliers. We will ensure that only the minimum data required is shared and that each of our suppliers follows our strict instructions on the processing and security of the supplied data.
How long will we keep your data for?
Your personal data will be held for as long as you are an active customer. With regards to marketing data, this will be held until you request to opt-out from our mailing list.
Under the GDPR you have eight rights. These are listed below with their relevant article of the GDPR. Should you wish to invoke any of these rights, please carry out a Subject Access Request by contacting email@example.com
- Right to be Informed (article 13 & 14)
- Right of Access (article 15)
- Right to Rectification (article 16)
- Right to Erasure (article 17)
- Right to Restriction of Processing (article 18)
- Right to Data portability (article 20)
- Right to Object (article 21)
- Right regarding Automated Individual Decision-Making, including Profiling (article 22)
Sending data overseas
Your personal data may be sent overseas (outside of the EU’s jurisdiction) when using services such as Microsoft, Amazon Web services or Survey Monkey. We have taken all necessary precautions to ensure that your rights in terms of data protection will not be compromised by this.
Automated decision making
We will not use your data for any automated decision making.
Storage, security and data management
Your data will be stored in a combination of secure internal systems and third-party storage systems such as Microsoft cloud and Amazon Web-Services. All third-party storage systems will have defined and published GDPR compliance policies.
Complaints and more information
When we ask you for information, we will keep to the law, including the General Data Protection Regulation 2018 and the Data Protection Act 1998 and any new legislation coming into force.
If you are not happy with how we are using your personal data, you should first contact firstname.lastname@example.org
If you are still not happy, or for independent advice about data protection, privacy and data sharing, you can contact:
The Information Commissioner’s Office
Telephone: 0303 123 1113 or 01625 545 745