General Data Protection Regulation
To our customers,
The European General Data Protection Regulation (GDPR) is coming into effect on the 25th of May. It is our duty to inform every one of our customers of all the data we hold of them and what privacy rights they have.
Customer data is used for invoicing and sending out any information crucial to the company and its client.
The only data we have of our customers is:
- Telephone Number
- Email address
- Bank details
Which is stored in a secure computer, and/or in the office, accessible only by staff.
Due to the nature of our business (VermEx Limited), we have little, if any, sensitive personal data, such as racial/ethnic origin, religious/philosophical beliefs, data about health, etc (see ico.org.uk for more).
All data will be kept for no longer than necessary, however, if a customer were to no longer require our services, it is prudent that we keep a record of their contact details and treatments for 1 year after cancellation. During this time, customers will not be contacted for marketing purposes.
After this period, data will be deleted where appropriate, and any physical copies destroyed.
Customers data will only be shared between employees here in the company. As stated before, this may include; name, address, email address, and if necessary, bank details. If we need to pass customer data and information on to a subcontractor/third person, the customer will be asked for their consent.
Under the new GDPR, customers have new and increased privacy rights, which can fall under several separate headings:
- The right to be informed about the collection and use of their personal data
- The right of access to their personal data and supplementary information.
- The right to rectification: for individuals to have inaccurate personal data rectified or completed if it's incomplete.
- The right to erasure/the right to be forgotten: for individuals to have their personal data erased (can only apply under certain circumstances)
- The right to restrict processing so an individual can limit the way an organisation uses their data (can only apply under certain circumstances)
- The right to data portability which allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
- Direct marketing
- Processing for purposes of scientific/historical research and statistics
- Rights in relation to automated decision making and profiling which applies to:
- Automated individual decision making (making a decision solely by automated means without any human involvement), and
- Profiling (automated processing of personal data to evaluate certain things about an individual)
For more information about privacy rights, please visit ico.org.uk.
Please note that not all these rights apply to our company and situation, however, it is our responsibility to make sure that all our customers are aware of their new rights under GDPR.
If there are any questions regarding data and Vermex Limited, please don't hesitate to get in touch.