Being transparent and providing accessible information to individuals about how Stergiou Limited will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice. In some situations it will not be effective to use a single document to inform individuals about what Stergiou Limited do with personal data. Stergiou Limited will ensure compliance with the GDPR and develop a blended approach, using a number of techniques to present privacy information to individuals ensuring it is transparent about its processing and complying with the legal requirements to provide privacy information.
Stergiou Limited will make available to a data subject (the individuals whom the data relates to), so far as practicable:
- who the data controller is;
- Purpose of the processing and the legal basis for the processing;
- The legitimate interests of the controller or third party, where applicable;
- Categories of personal data;
- Details of any recipient or categories of recipients of the personal data;
- Details of transfers to third country and safeguards;
- Retention period or criteria used to determine the retention period;
- The existence of each of data subject’s rights;
- The right to withdraw consent at any time, where relevant;
- The right to lodge a complaint with a supervisory authority;
- The source the personal data originates from and whether it came from publicly accessible sources;
- Whether the provision of personal data part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data; and
- The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.
Stergiou Limited will provide the information within a reasonable period of having obtained the data but no longer than one month provided that if the data is used to communicate with the individual, at the latest, when the first communication takes place or if disclosure to another recipient is envisaged, at the latest, before the data is disclosed.
The information Stergiou Limited provides to people about how it processes their personal data will be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to a child; and
- free of charge.
This applies whether the personal data was obtained directly from the data subjects or from other sources.
Version date: 21 May 2018