GDPR Data protection Policy

Processing personal data

‘Processing’ – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal data

‘Personal Data’ – means any information relating to an identified or identifiable natural person (‘data subject’);

who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. (a ‘natural person’ is defined as someone who is living’)

Managing data

For consent to be legal, we will ensure that the data is:

  • Given freely (it cannot be conditional)
  • Be explicit (it cannot be implied)
  • Be demonstrable (if you cannot prove it, then it didn’t happen)
  • If in writing, be clearly distinguishable from other content
  • Be in clear and plain language
  • Allow consent to be withdrawn at any time
  • Be as easy to withdraw consent as it was to give it
  • Have parental consent if under 16 years old

When gaining consent, we will:

  • Identity contact details of the Controller
  • The purpose & legal basis for the processing
  • Details of any other recipients of the data
  • Details of any possible transfer of the data to a third country (see published list)
  • How long the data will be needed/kept
  • The data subject’s rights (access, rectification, erasure, restriction, object, portability, complain)
  • Details of how to withdraw consent
  • Details of any automated decision-making