What is happening to data protection law?
From the 25th May 2018 data protection law has changed and we now have to comply with the General Data Protection Regulation (GDPR). The main concepts and principles of the GDPR are much the same as those contained in the Data Protection Act (DPA). However there are some new elements and significant enhancements to consider, so please take time to read the following policy which should help you to familiarise yourself with your rights under the GDPR.
John McNally & Co Ltd are committed to respecting and protecting the privacy of anyone using our products or services either directly or via our website and the confidentiality of any information that is provided to us. The purpose of this statement is to set out how we collect and use any personal data that we may obtain from you and advise you of your rights relating to your data under the GDPR.
We take all reasonable steps to ensure that your personal data is stored safely & securely.
We do not sell your personal data.
We provide you with ways to manage and review your personal data.
General Data Protection Regulation (GDPR)
We are legally obliged to comply with the General Data Protection Regulation in relation to the collection, use and storage of your personal data.
How we collect, use and store your data.
We collect data from you in different ways. This includes direct contact by telephone or fax, in person, or via e-mail and by your use of our website. The type of data we collect from you will consist of the following: contact details.
We may store your personal data in one or more different ways. These include electronically (e-mails and attached files stored on our server system) or in the form of hard copy files. The data retention periods we employ will be subject to the rights of the individual as stated in the GDPR and any other prevailing legal obligations we may have.
How the GDPR protects you
As well as our promise to protect and manage your personal data securely, your privacy is protected by law and the following section explains how.
The GDPR states that we are allowed to use personal data only if we have a lawful basis for processing that data. This includes sharing some data with third party suppliers directly involved in the supply of goods and services provided by us.
The GDPR states that we must have one or more of the following reasons in order to process personal data:
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract. For example to fulfil an order placed by the data subject or to take the necessary steps prior to the data subject entering into a contract with us.
- Processing is necessary in order to comply with any legal obligations that apply. For example legal obligations to HMRC.
- Processing is necessary on the basis of legitimate interests pursued by us or any third party directly involved in the supply of goods and services provided by us, except where such interests are overridden by the interests, rights and freedoms of the data subject.
- Consent of the data subject. Where we have obtained written consent directly from the data subject.
Your rights under GDPR
The following is a list of your rights under the GDPR.
- The right to be informed. You have the right to be informed about the ways we collect and use your personal data. This includes how it is collected, the ways in which we use it, how long we will retain it for and who we share it with.
- The right to access your data. You have the right to access your personal and supplementary data to verify that we are processing your data lawfully. We must comply with your request to access within 30 days from the date of receipt of your request.
- The right to rectification. You have the right to the rectification of any inaccurate or incomplete personal data. We must comply with your request and confirm the rectification(s) have been made within 30 days from the date of receipt of your request.
- The right to erasure. You have the right to request the erasure of your personal data. We must comply with your request for erasure and confirm this to you within 30 days from the date of receipt of your request.
- We can refuse your request to erase your personal data if it is subject to any legal obligation(s) to retain it. You will be advised of this also within 30 days.
- The right to restrict processing. You have the right to restrict or supress the processing of your personal data. This will only apply in certain circumstances which you will be advised of within 30 days of receipt of your request.
- The right to data portability. This only applies in certain circumstances:
- When an individual provides personal data to a controller.
- Where the processing is based on an individual’s consent or for the performance of a contract.
- When processing is carried out by automated means.
- The right to object. You have the right to object to the processing of your data based on legitimate interests or performance of a task in relation to direct marketing.
- The right not to be subject to automated decision – making including profiling.
- The right to complain: You have the right to raise a complaint with us if you feel that we are not handling your personal data correctly. You can contact us directly using the address details printed below. We will then fully investigate your complaint and advise you of the outcome. If you are not satisfied with our response, and think there still may be a problem with the way we are handling your personal data, you have the right to complain to the Information Commissioner’s Office (ICO).
- The right to opt in and out. You have the right to opt in or out regarding the processing of your personal data. You can request this at any time by simply contacting us using the contact details below.
John McNally & Co Ltd
Company registration number: 05417386
Tel: 01453 753003
This site has security measures in place to protect the loss, misuse and alteration of the information under our control. All data is protected using the most advanced methods available. We do not store financial information like credit card numbers or personal information like social security numbers on this site.