The General Data Protection Regulations (GDPR) Policy – Pearson Lloyd Design Ltd.
1. Under the GDPR individuals have the right to be informed about how their Personal Data is being processed. The Regulation clearly stipulates that this must be done in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
2. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonise data protection legislation across EU member states, enhancing the privacy rights for individuals. It applies to organisations processing Personal Data which have an establishment within the EU and also those organisations which operate outside the EU but offer goods or services to, or monitor the behaviour of individuals in the EU. The GDPR is applicable from 25 May 2018.
3. Overall the GDPR provides the following rights for individuals, many of which apply whatever the basis of processing, although there are some exceptions:
a. The right to be informed how Personal Data is processed (Article 13)
b. The right of access to their Personal Data (Article 15)
c. The right to rectification (Article 16)
d. The right to erasure (Article 17)
e. The right to restrict processing (Article 18)
f. The right to data portability (Article 20)
g. The right to object (Article 21)
h. Rights in relation to automated decision making and profiling (Article 22)
4. The GDPR sets out six lawful grounds for processing, and these are set out in Article 6.1 as follows:
Consent: the individual has given their Consent to the processing of their Personal Data.
Contractual: processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual.
Legal Obligation: processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject.
VItal Interests: processing of Personal Data is necessary to protect the vital interest of the individual or of another individual.
Public Tasks: processing of Personal Data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Legitimate Interests: processing is necessary under the Legitimate Interests of the Controller or Third Party, unless these interests are overridden by the individual’s interests or fundamental rights.
5. In addition to ‘Consent’ the options under which we can operate as a business allows the application of either (or both) of ‘Contractual’ and ‘Legitimate Interests’. Of these we have decided that the lawful ground of ‘Contractual’ best fits the business model.
How do we use your personal information?
1. We store your personal data on a secure drive and where further user privileges are used to maintain a secure data boundary. We will retain your personal data until such time as you request its deletion.
2. If any submission requires the transfer of your personal data outside the United Kingdom we will request your explicit permission by way of an email from you.
3. You always have the right to request that we delete any of your personal data that we hold.
4. To avoid the possibility of an unauthorised release of your personal data all documents containing such data will be transferred to third parties in an encrypted form.
5. All communication concerning your personal data will be archived on our secure server.
6. We will only store personal data that is relevant to our business.
7. We will store data for as long as is necessary and to ensure that we meet our legal obligations.
8. We do not send any of our data outside of the EEA.
If you have any questions about our use of your data, please contact us as soon as possible.
Pearson Lloyd Design Ltd
Registered No 4579758
1-3 Yorkton Street
London E2 8NH
+44 (0)20 7033 4440