Privacy Notice

Table of content

Your personal information
Your privacy
How long we keep your data
Our legal basis
How to exercise your rights under the UK GDPR
How to make a complaint

How we treat your personal information and how to check what details we hold about you.

This privacy notice sets out what you can expect from us when we ask for, or hold, personal information.

Your privacy

We know how important it is to protect your privacy and to comply with the UK General Data Protection Regulations (UK GDPR).
If we ask for personal information we will:

• Let you know why we need it
• Only ask for what we need, and not collect excessive or irrelevant information
• Make sure nobody has access to it who shouldn’t
• Let you know who we share your information with
• Tell you if we need to transfer your information overseas and what safeguards are in place
• Let you know whether we’re are asking because of a statutory or contractual obligation
• Not share it with other organisations unless we have told you in advance, unless we are obliged to do so by law
• Only keep it for as long as we need to and tell you how long
• Not make it available for commercial use, such as marketing
• In dealing with your personal information, we will also:
• Value the personal information entrusted to us and make sure we respect that trust
• Abide by the law when it comes to handling personal information
• Consider the privacy risks when we are planning to use or hold personal information in new ways, such as introducing new systems or processes
• Provide training to staff who handle personal information and respond appropriately if personal information is not used or protected properly

How long we keep your data

We only keep any personal data until the end of your contract with Lisa The DPO. After your contract ceases the data is deleted.

Our legal basis

When you use Lisa The DPO, we use your information to enable us to provide our data protection services. Our legal basis for using any personal data collected is performance of a contract.

How to exercise your rights under the UK GDPR

You have a number of rights under the UK GDPR which you can exercise by contacting us at the details provided below. You can find out what personal information, if any, we hold about and if we do hold information about you we will:

• Give you a description of it
• Tell you why we are holding it
• Tell you who it could be disclosed to
• Let you have a copy of the information in an intelligible form

It will help us locate any data we might hold about you if, in making your request, you could state what dealings we have had with you and why you expect us to hold information about you.
You are entitled to request that we correct information about you if it is incomplete or inaccurate.
You can ask us to remove or delete personal information we hold about you. Please note however, that this right is only applicable in certain circumstances. We will let you know whether information can be deleted when you make your request. You can ask us to restrict how we use your information. Again, this right is only applicable in certain circumstances and we will explain those to you when you make your request.
You can find out more information about your rights under UK GDPR on the Information Commissioner’s website.

How to make a complaint

If you’re unhappy with the way we have handled your personal information or you believe that we have not handled your information in a way that is compliant with the UK GDPR, please email us. We will acknowledge your complaint within 2 working days and let you have a full response within 20 working days. If it is not possible to respond fully within this timescale, we will write and let you know why and say when you should expect to receive a full response. If you are not satisfied with our response you can complain to the Information Commissioner’s Office.

Menu