PRIVACY NOTICE – GDPR-Comply

Please read and acknowledge this privacy notice relating to the processing of your personal data by our organisation.

Our aim is to ensure that at all times your personal data is protected by our
organisation and that when processing your personal data we are in compliance with
the General Data Protection Regulations (GDPR).

Purpose of this Privacy Notice

This Privacy Notice is aimed at ensuring that you are aware of:

Services Provided by Us

GDPR-Comply is a trading named owned by LCATE Ltd. It is in the business of providing the following services:

Roles & Responsibilities

The Controller are responsible for ensuring that the terms of the privacy notice are adhered to by all the employees, sub-contractors etc of the organisation.

Contact Details of the Controller

You can contact the following Controller if you require any assistance regarding the processing of your personal data:

Yasmine Lupin
Contact: info@lcate.co.uk

Your Personal Data that we will process

We will require the following information from you:

1. Your full name;
2. Your address;
3. Your email address;
4. Your phone number/mobile number.

Special Categories of Personal Data (Sensitive Data)

We will require the following information from you, this is personal data which is linked to your:

– Ethnic origin;
– Race
– Political opinions;
– Religion;
– Philosophical beliefs;
– Trade union membership;
– Genetic data;
– Biometric data;
– Health data;
– Concerning a natural person's sex life;
– Sexual orientation

If we do take sensitive data such as ethnic origin or race including gender. This will be because of the fact that we also need to comply with legal compliance obligations such as equal opportunities policy.

How we collect your Personal Data

We collect personal data via the following means:

If we do obtain some personal data from third parties, we will inform you of the source.

Third parties to whom we share your Personal Data

In order for us to carry out our services on your behalf we may need to transfer your personal and sensitive data to the following third parties:

We aim to only transfer personal data to third parties that comply with the GDPR.

Reasons for Transfer to Third Parties

We will be transferring your personal data to third parties for the following reasons:

1. In order that we can fulfill our contractual obligations with you under our contract of services;
2. For legal/tax compliance reasons;
3. For legitimate interest reasons;
4. If you have provided us with explicit consent.

Reasons for Processing your Personal Data

Principle 1 – Lawful Purpose
Personal Data

We will be processing your personal data in order to ensure that we can:

Sensitive Data (Special Categories of Personal data)

If we do process any personal data which is ‘sensitive data’

We will provide you with a lawful reason for processing it.

If you provide us with affirmative consent which constitutes clicking on a button. Please be aware that this consent can be withdrawn at any time.

Principle 2 – Specific Purpose & Limited

At all times when we process your personal data including sensitive data will aim to
process it for a specific and limited purpose in order that we fully comply with this
principle.

Principle 3 – Adequate, Relevant & Limited

We only want to keep your personal data and sensitive data which is adequate, relevant & limited for the purposes used by our organisation.

Principle 4 – Accuracy of your Personal Data and keeping it up to date

We want to ensure that your personal data is kept up to date and therefore if any of your personal data changes please kindly update us by contacting our Controller.

We will take reasonable steps to ensure that your personal data is kept accurate and up-to-date.

Principle 5 – Retention Periods

We will keep your personal data for the duration of our contractual relationship with you and for a further period as specified in our ‘Retention Policy’.

Our aim is to ensure that we limit the retention periods and retain only personal data for legitimate purposes.

Principe 6 – Ensuring Security

We have received assurances from our processors that all the personal data which is held on our automated systems and in our filing systems (hard-copies) is secure and protected against any damage, accidental loss, unauthorized, unlawful processing and we have the appropriate technical and organisational measures in place.

We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.

We may disclose your information to trusted third parties for the purposes set out in this Privacy Policy. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU law on data protection rules.

Transfer of Your Personal Data to Third Countries/International organisations

In certain circumstances we may need to transfer your personal data overseas to third countries or international organisations.

If this is the case, we will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

However, by you using the services of LCATE Ltd, you could be voluntarily transferring your personal data to a user abroad.

Our Services are to data subjects who are 18 or over

We will not be processing personal data of any person under the age of 18 years.

Your Rights

While we keep your personal data you have the following rights:

Subject Access Request requirements

If you require your personal data, you can request this verbally, however as we need to first verify your ID you will need to carry out the following:

a) Complete a SAR Form; and
b) complete and return the SAR Form with the respective ID documents.

We will not be under any obligation to provide you with any personal data unless we receive your SAR Form and we have verified your ID.

Subject Access Requests – Time-scale

We aim to process the SAR within 1 month from the point we receive verification of your ID, however as your personal data may also be with an external archiving company it may take a further 2 months to be retrieved.

We aim to provide your SAR, free of charge, in an electronic format, unless you require your personal data in a hard-copy format.

Subject Access Request Notice – SAR Notice

When we provide you with your personal data we will also provide you with a SAR
Notice which will comprise of the following information:

1. The purposes of the processing;
2. The categories of personal data (including sensitive data);
3. The recipients to whom the personal data have been disclosed;
4. The recipients to whom the personal data has been disclosed (third countries);
5. Retention periods
6. Right to request restriction, rectification or erasure, the right of objection concerning the subject or object of such processing;
7. If the some of the personal data has been collected from a third party source, details of the third party source;
8. Compliance with the key principles which are disclosed in this privacy document
9. The existence of automated decision making processing including profiling (if applicable)
10. Your right to make a complaint to the ICO

YOUR RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA

Right to object to certain types of processing of personal data such as:

– legitimate interests reasons
– public interest reasons
– marketing
– automated decision making processing
– profiling

In certain circumstances if you do exercise your right to object this could give rise to the termination of our contract of services with you.

This right to object does not apply if the personal data is required:

1. in order to fulfil contractual obligations with you
2. It is sanctioned by law (tax evasion or fraud)
3. The agreement does not have a legal or equally important impact
4. The processing is necessary for the performance of a task carried out for reasons of public interest

 

Marketing

Currently we do not send marketing material to any of our customers/clients.

Our aim is to invite data subjects to a free seminar. This seminar is voluntary and you can choose to attend the seminar by inserting your contact details or you can choose not to attend by not inserting the relevant information.

During the seminar we will invite you to purchase a product. We call this the ‘soft option opt-in’.

The purchase of this product is optional and you can decide to purchase the product or you may decide to decline.

By clicking on the relevant buttons you are choosing to purchase the product.

If we do send any marketing material via email then our emails will also notify you of:

You have the right to withdraw your consent to receiving marketing material at any time. By clicking the ‘opt-out’ button you will be will withdrawing your consent to receiving marketing material.

 

Consent

 

If you do provide us with ‘consent’, this means that you are providing us with permission to process your personal data lawfully.

Please also note the following:

Please contact our organisation for our ‘Consent & Withdrawal Policy’.

Complaints

You have the right to lodge a compliant directly with the ICO.

The ICO’s details are: 0303 123 1113.

We also take complaints seriously and we do our utmost to resolve complaints internally. Please also contact the Controller or Data Protection Officer including any member of staff regarding your complaint.

Controller

Yasmine Lupin: info@lcate.co.uk

By clicking the button – you have read and understood the contents of the privacy notice.