THE GENERAL DATA PROTECTION REGULATION (GDPR)

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new privacy legislation that replaces the EU Data Protection Directive (Directive 95/46/EC) within the European Union. The GDPR regulates the collection, use, transfer, and sharing of personal data with the key purpose of protecting it. The legislation comes into effect from 25th May 2018.

The Law in the UK will be in the form of the Data Protection Act 2018.

What constitutes personal data?

Personal data includes any information related to a living resident or citizen of the EU that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, medical information.

Who does the GDPR affect?

The GDPR affects companies processing the personal data of individuals residing in the European Union, regardless of a company’s location. It applies not only to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of EU residents and/or citizens.

How will the GDPR affect businesses?

The GDPR requires organisations to be transparent on how personal data is collected, used, and stored. This requires transparency from organisations on what personal data is collected, purposes for which it is collected, and who it is shared with. It also requires companies to enable individuals whose personal data is being processed to exercise their rights in relation to their data. The GDPR also requires companies to ensure appropriate protections when EU personal data is transferred outside the EU (including transfers to the US).

What new user rights does GDPR regulate?

  • Right to Access. EU residents and citizens (or “Data Subjects,” as they are called in the regulation) have the right to obtain confirmation from the organisation that has collected their data as to whether their personal data is being processed, where, and for what purpose. They also currently have (and will continue to have under the GDPR) the right to receive a copy of this personal data.
  • Right to Be Forgotten (or Data Erasure). Data Subjects can demand that the organisations erase their personal data and cease further dissemination of the data.
  • Data Portability. Data Subjects can receive the personal data concerning them (which they have previously provided) in a machine-readable format and have the right to transmit that data to another organisation.

Why is it so important for businesses to be compliant?

The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU persons and for transactions that occur within EU member states.

 

Sirius Voice & Data Ltd and the GDPR

What changes is Sirius Voice & Data making for the GDPR?

Sirius Voice & Data has made the following changes to become compliant with the GDPR:

  • Support for Data Subject Deletion/Access Rights for customers
  • Updated, GDPR-compliant privacy framework
  • Registration with the Information Commissioners Office

How does Sirius Voice & Data ensure data security?

Sirius Voice & Data has carried out a robust security audit to safeguard the confidentiality, integrity, and availability of personal data. These audits ensure data security and will be reviewed regularly.

Where can I learn more on how Sirius Voice & Data’s processes data for customers and/or prospects?

Sirius Voice & Data maintains a Privacy Policy on our website that outlines how we collect and use data, how we share the data of customers, end users and leads. Please note, the existing Privacy Notice will be updated for GDPR prior to the GDPR effective date, May 25th.

Where can I go for more information?

Information Commissioners Office: www.ico.org.uk

 

 

Privacy Policy

We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.

Our website uses cookies.  By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

 

(1) What information do we collect?

We may collect, store and use the following kinds of personal information:

(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation);

(b) information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services;

(c) information that you provide to us for the purpose of registering with us;

(d) information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;

(e) any other information that you choose to send to us;

 

(2) Cookies

A cookie consists of a piece of text sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you visit.

Session cookies will be deleted from your computer when you close your browser.  Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies.  For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.  Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.

 

(3) Using your personal information

Personal information submitted to us via this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use your personal information to:

(a) administer the website;

(b) improve your browsing experience by personalising the website;

(c) enable your use of the services available on the website;

(d) send to you goods purchased via the website, and supply to you services purchased via the website;

(e) send statements and invoices to you, and collect payments from you;

(f) send you general (non-marketing) commercial communications;

(g) send you email notifications which you have specifically requested;

(h) send to you our newsletter and other marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);

(i) provide third parties with statistical information about our users – but this information will not be used to identify any individual user;

(j) deal with enquiries and complaints made by or about you relating to the website

Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.

We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.

 

(4) Disclosures

We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose your personal information:

(a) to the extent that we are required to do so by law;

(b) in connection with any legal proceedings or prospective legal proceedings;

(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and

(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Except as provided in this privacy policy, we will not provide your information to third parties.

 

(5) International data transfers

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

Information which you provide may be transferred to countries which do not have data protection laws equivalent to those in force in the European Economic Area.

In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world.  We cannot prevent the use or misuse of such information by others.

You expressly agree to such transfers of personal information.

 

(6) Security of your personal information

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website).

 

(7) Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

 

(8) Your rights

You may instruct us to provide you with any personal information we hold about you.  Provision of such information will be subject to:

(a) the payment of a fee (currently fixed at £10.00); and under GDPR no fee can be charged anymore.

(b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

We may withhold such personal information to the extent permitted by law.

You may instruct us not to process your personal information for marketing purposes, by sending an email to us. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.

The GDPR provides the following rights for individuals:

1.       The right to be informed

2.       The right of access

3.       The right to rectification

4.       The right to erasure

5.       The right to restrict processing

6.       The right to data portability

7.       The right to object

8.       Rights in relation to automated decision making and profiling.

 

(9) What to do (Questions or use or rights)

An individual is only entitled to their own personal data.  If an individual makes a subject access request, this needs to be put in writing and submitted to the board of directors.

 

(10) Third party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

 

(11) Updating information

Please let us know if the personal information which we hold about you needs to be corrected or updated.

 

(12) Legal Basis for Processing

Our legal basis for being able to process information on our staff and our customers is:

 

Contract: the processing is necessary for a contract you have with the individual, or because  they have asked you to take specific steps before entering into a contract.

We will always make you aware of any changes to how we are using your information and be transparent at all times.

 

(13) Contact

If you have any questions about this privacy policy or our treatment of your personal information, please use the contact us page.

You can also learn more about Data Protection Law by Visiting the ICO Website