Types of Data:
Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by the controller [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject [you] which require protection of personal data.”
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
This means that: you have to give us your consent freely, without us putting you under any type of pressure; you have to know what you are consenting to and you should have control over which processing activities you consent to and which you don’t. We will always ask you before we forward your information to any of our clients.
This will most likely be in the form of a tick box on an email or printed material. We will keep records of the consents that you have given in this way.
Your consent is required in order for us to process your personal data.
You may withdraw your consent at any time by using the “contact us” section of the website.
Data collection prior to 25th May 2018.
If you have had previous contact with us and provided personal Data this will be covered by the Data Protection Act legislation and will allow us to maintain our records. However you will receive future requests for consent in line with the GDPR.
Consent obtained under Directive 95/46/EC: Controllers that currently process data on the basis of consent in compliance with national data protection law are not automatically required to completely refresh all existing consent relations with data subjects in preparation for the GDPR. Consent which has been obtained to date continues to be valid in so far as it is in line with the conditions laid down in the GDPR.
We will ensure all forms of data recording are within compliance of the Data Protection Act and GDPR guidelines and that any data processors used are also compliant and have provided confirmation of this.
We will ensure in-house best practice within these guidelines for the manual processing of expenses payments, filing and general office duties.
Electronic Information and communications systems
The Lamb has taken all reasonable steps available in order to prevent unauthorised access to our database, including but not limited to firewalls, cloud services and controlled distribution of passwords.
This relates to: computer equipment, e-mail, the internet, telephones, mobiles, personal digital assistants (PDAs) and voicemail, but it applies equally to the use of fax machines, copiers, scanners, CCTV, and electronic key fobs and cards.
All staff are expected to protect electronic communications systems and equipment from unauthorised access and harm at all times. This involves use of passwords and antivirus software. Staff should use antivirus software as directed by their IT Managers.
All staff are responsible for the security of the equipment allocated to or used by them, and must not allow it to be used by anyone other than as permitted by the IT Team.
DSAR: Data Subject Access Requests: One of main objectives under GDPR is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us.
Please us the “Contact us” section of the website if you wish to discuss these rights. We will endeavour to deal with your request without undue delay, and in any event to respond within one month. Please note that we may keep a record of your communications to help us resolve any issues which you raise. There will be an admin fee of £25 to cover the cost of collating the data.
You may ask us to confirm what information we hold about you at any time, and request that we update, modify or delete that information.
What are cookies?
These pieces of information are used to improve services for you through, for example:
1. enabling a service to recognise your device so you don’t have to give the same information several times during one task 2. recognising that you may already have given a username and password so you don’t need to do it for every web page requested 3. measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast 4. analysing anodised data to help us understand how people interact with govt services so we can make them better
Google Analytics Used to track visitors Collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Google Maps maps.google.co.uk Google uses these cookies for their Google Maps service, but does not provide details on what these cookies are used for at the time of writing.
Twitter Api.twitter.com Used to track visitors Features for sharing via Twitter, and viewing tweets by other people.
Facebook Pixels Used to track visitors Facebook Custom Audiences to deliver advertisements to Website Visitors on Facebook based on email addresses” and that Client may use information they collect from users “to display advertisements from our Customers to their target audience of users