General Data Protection Regulation (GDPR)
The aim of GDPR is to give European citizens increased rights and control over how companies use their personal data, as well as giving companies like us clear responsibilities in how we use that personal data – including ensuring that we are totally transparent with our customers.
Let’s begin by explaining how and why we process your personal data.
Lawful Basis for Processing
The new law requires that all processing of customer personal data must have a lawful basis. There are 6 potential lawful bases for processing, with 4 of them being relevant to us:
Contract: where we process your personal information in order to provide you the products or services we have agreed to offer you when you signed up or purchased on our website (for example, storing the information you provide us for your account page).
Legal obligation: where we process your personal information in order to comply with a legal obligation.
Legitimate interest: where, in the context of our existing business-customer relationship, we process your personal information in order to continue sending you emails. We started sending you these messages (such as new message notifications) when you signed up with us and you have been able to opt out at any time. We reasonably believe you wish for us to continue processing your personal data for these purposes, where we guarantee that we will only ever contact you about this website and never any 3rd party ads.
If you no longer wish for us to process your personal data in order to keep receiving email notifications, then you can use opt-out in the following ways:
- send an email to: firstname.lastname@example.org advising that you wish to opt out of receiving email notifications to notify that you have a new message, etc
- Click on the opt-out link at the bottom of our emails.
- Log into your account and turn off email notifications from your account settings.
Consent: For processing that goes beyond the above bases, consent is required and will always be sought by us prior to processing your personal data.
Your rights to your Personal Data
The new GDPR also wants to make it clear that you have increased control over your personal data.
It includes some specific “Rights” that you should know about:
- The Right to be Informed
- Subject Access Rights
- The Right to “Erasure” (right to be forgotten)
- The Right to Data Portability
- The Right to Restrict Processing
- The Right to Object
Finally, we would just like to let you know that we take the GDPR law seriously, and are – as we always have been – taking the security and integrity of all the information we process, but particularly your personal data, with the utmost care and attention.
Please don’t hesitate to contact us if you have any further questions.