The General Data Protection Regulation (GDPR) is a European law that governs how all organisations handle people’s information and sets out any requirements they’ll need to follow. It also outlines the rights people have over their information and how it’s used.
In line with GDPR, our Privacy and Cookies Notices clearly explain the data we collect, how we use it, and what rights and tools are available to you. We may update the notice, so it’s best to keep checking back to see how we use your data.
Want to check and/or update your communication preferences online?
- Login to your Client Portal
- Select Account Details from the home page, go to Email preferences section and use the tick box options next to each preference to set them to on or off.
Data Subject Rights #
What is a Data Subject Right? #
People whose personal information is processed are called data subjects.
Data Protection laws give data subjects certain rights over their data, known as data subject rights. Any individual can raise a data subject rights request to us at any time. You might make this request verbally or in writing. All individuals (data subjects) have the right to:
- Be informed about how their data is being used
- Have their personal data rectified, restricted or erased
- Receive a copy of the information that a data controller holds about them
- Object to the processing of their personal data
Anyone can exercise these rights to us at any time.
Requests can be made in any format (over the phone or live chat, by letter or email, etc.).
Requesters do not need to provide a reason or explanation and in most cases you we can not charge a fee to comply with a SAR. However, we may charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data.
We must respond to all requests within one month. If we need to provide people with information in response to a request, this is usually done digitally.
Types of Requests #
Right to Access
Any individual has the right to access the data we hold about them. This is also known as a Subject Access Request or SAR.
When you make a SAR, we have to give all the personal data we hold about you. This could include notes, emails, support tickets, account information, call recordings, and live chats.
Right to Erasure
Individuals have the right to ask that some or all of their personal data is deleted or removed from our systems.
Some information needs to be kept even if we’re asked to delete it. For example, to maintain our customer records or for legal and regulatory purposes. Any information we hold is kept only for these purposes, and it’s securely deleted when we don’t need it anymore. This is in-line with our Privacy Policy & Terms of Service.
Right to Rectification
Individuals have the right to ask us to correct errors in their personal data or update data that’s incomplete.
Good to know: Most changes can be made via your client portal (excluding forename and surname).
Right to be informed
Individuals have the right to be given specific information whenever we collect or use their data. This is delivered through our privacy notice when the data is collected. The purpose of a privacy notice is to be open and transparent about how and why we’re using this data.
What to expect after making a request? #
Our Legal Team will be in touch by email to acknowledge your request.
- You have 14 days to respond to any additional information we require in relation to your request, or your request will be closed.
- A completed request may take up to 28 days from the date a confirmed request is received.
- You’ll receive their Request through a secure online portal – which you’ll get a link to when you receive the completed request.
If you require any assistance with your request please respond to the client portal ticket or alternatively email legal@octaweb.co.uk
