The European Union (EU) General Data Protection Regulation (GDPR) has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information. In this Appendix, “personal information” means any information relating to an identified or identifiable natural person (the meaning given to the term “personal data” in the GDPR).
Personal information must be processed in a lawful, fair and transparent manner. As such, if you are located in the EU, GDPR requires us to provide you with more information about how we collect, use, share and store your personal information as well as advising you of your rights as a 'data subject'.
If you are located in the EU and have an enquiry relating to your rights under the GDPR, please contact firstname.lastname@example.org.
Special Categories of Personal Information
The GDPR provides additional protection for personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation. We will only process this type of personal information with your consent or where otherwise lawfully permitted.
How long we keep your personal information
We will keep your personal information while you are a customer of the Group. We aim to keep your personal information for only as long as we need it.
We generally keep your personal information for up to 7 years after you stop being a customer but we may keep your personal information for longer:
We can only collect and use your personal information if we have a valid lawful reason to do so. For the Group, these reasons are:
We may use your information for direct marketing purposes. We will only do this with your consent.
The right of access to personal information
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
The right to lodge a complaint with a supervisory authority
See the ‘Regulator Contact Details’ section for more information.
We will seek parent or guardian consent to collect the details of children under 16.
The UK data protection authority is:
Information Commissioner’s Office
Cheshire SK9 5AF
For other European jurisdictions please refer to the European Commission website for details of the relevant data protection authorities.