What is the GDPR?
The 'General Data Protection Directive' (GDPR) is an EU regulation that addresses the processing and free movement of personal data. It consists of data protection principles and requirements which must be adhered to when personal data is processed.
The purpose of the GDPR is to have the same data protection laws across all EU member states and to give its citizens more control over how and when their data is used, even if they are in a different country.
Although the GDPR is an EU regulation, any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation.
What are the lawful bases for processing?
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
What information we collect about you:
When you ring regarding a pest control problem we will collect your Contact/Company Name, Address and Telephone number.
How long is your information kept?
We will retain all relevant data (above) for as long as is necessary, which should be the length of time it takes to do the pest control related work for you and upon receiving payment.
We will respect your rights to object to data processing (right to be informed, right of access, right of rectification, right to erasure, right to restrict processing) and we will delete/ remove your details if there is no compelling reason for us to continue to process. If we are unable to fully delete e.g. for a legal obligation then we will only retain enough data to comply with this legal obligation and/or ensure your right to restriction is respected in the future.
What we use your data for:
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for the performance of a contract ie: to supply you with goods or services.
Your personal data may be used for the following purposes:
* Providing and managing your account and our relationship with you.
* Supplying products and/or services to you, processing orders.
* Providing quotes, invoices and processing payments.
How do we share your personal data?
Exopest Ltd will never sell your personal data.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations such as a court order.
If we were in a position that we had to chase an outstanding debt then we would pass your details to our company solicitors.
Links to other websites:
How can I access my personal data:
If you want to know what personal data we hold about you, you can ask us for details of that personal data by emailing firstname.lastname@example.org. This is known as a “subject access request”
IN A NUTSHELL:
We dont process personal information we dont need
Any information we do process is collected on a legal basis
We use encrypted protocols for Web, mail and file transfers
We keep applications up to date
We restrict access to data
We dont store data any longer than we need, considering operations, financial and legal requirements