A cookie is simply a very small file of letters or numbers, stored on your computer, mobile or other device. They help track use of the website, and personalise your shopping experience. When you return to a site, the settings and information from your last visit are ‘remembered’ – like items in your shopping bag, or automatic account log-in.
Cookies are safe to store on your computer. Most web browsers have cookie storage enabled as a default setting, but all browsers offer you the option to disable this if you prefer. If you choose to disable some or all cookies, you might not be able to make full use of our website. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.
9. OUR RESPONSIBILITIES
- Analysing and documenting the type of personal data we hold
- Checking procedures to ensure they cover all the rights of the individual
- Identify the lawful basis for processing data
- Ensuring consent procedures are lawful
- Implementing and reviewing procedures to detect, report and investigate personal data breaches
- Store data in safe and secure ways
- Assess the risk that could be posed to individual rights and freedoms should data be compromised
10. YOUR RESPONSIBILITIES
- Fully understand your data protection obligations
- Check that any data processing activities you are dealing with comply with our policy and are justified
- Do not use data in any unlawful way
- Do not store data incorrectly, be careless with it or otherwise cause us to breach data protection laws and our policies through your actions
- Comply with this policy at all times
- Raise any concerns, notify any breaches or errors, and report anything suspicious or contradictory to this policy or our legal obligations without delay
11. RESPONSIBILITIES OF THE DATA PROTECTION OFFICER
- Keeping the SMT updated about data protection responsibilities, risks and issues
- Reviewing all data protection procedures and policies on a regular basis
- Arranging data protection training and advice for all staff members and those included in this policy
- Answering questions on data protection from staff, board members and other stakeholders
- Responding to individuals such as clients and employees who wish to know which data is being held on them by us
- Checking and approving with third parties that handle the company’s data any contracts or agreement regarding data processing
- Approving data protection statements attached to emails and other marketing copy
- Addressing data protection queries from clients, target audiences or media outlets
12. ACCURACY AND RELEVANCE
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform the DPO.
13. DATA SECURITY
Ecovair Energy Ltd. will keep personal data secure against loss or misuse. Where other organisations process personal data as a service on our behalf, the DPO will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.
14. STORING DATA SECURELY
- In cases when data is stored on printed paper, it should be kept in a secure place where unauthorised personnel cannot access it
- Printed data should be shredded when it is no longer needed
- Data stored on a computer should be protected by strong passwords that are changed regularly. We encourage all staff to use a password manager to create and store their passwords.
- Data stored on CDs or memory sticks are not allowed within Ecovair Energy Ltd.
- The DPO must approve any cloud used to store data
- Servers containing personal data must be kept in a secure location, away from general office space
- Data should be regularly backed up in line with the company’s backup procedures
- Data should never be saved directly to mobile devices such as laptops, tablets or smartphones
- All servers containing sensitive data must be approved and protected by security software
- All possible technical measures must be put in place to keep data secure
15. DATA RETENTION
We will retain personal data for no longer than is necessary. What is necessary will depend on the circumstances of each case, considering the reasons that the personal data was obtained, but should be determined in a manner consistent with our data retention guidelines.
16. RIGHTS OF INDIVIDUALS
Individuals have rights to their data which we must respect and comply with to the best of our ability. We must ensure individuals can exercise their rights in the following ways:
Right to be informed
- Keeping a record of how we use personal data to demonstrate compliance with the need for accountability and transparency.
Right of access
- Enabling individuals to access their personal data and supplementary information
- Allowing individuals to be aware of and verify the lawfulness of the processing activities
Right to rectification
- We must rectify or amend the personal data of the individual if requested because it is inaccurate or incomplete.
- This must be done without delay, and no later than one month. This can be extended to two months with permission from the DPO.
Right to erasure
- We must delete or remove an individual’s data if requested and there is no compelling reason for its continued processing.
Right to restrict processing
- We comply with any request to restrict, block, or otherwise suppress the processing of personal data.
- We are permitted to store personal data if it has been restricted, but not process it further. We must retain enough data to ensure the right to restriction is respected in the future.
Right to data portability
- We provide individuals with their data so that they can reuse it for their own purposes or across different services.
- We provide it in a commonly used, machine-readable format, and send it directly to another controller if requested.
Right to object
- We respect the right of an individual to object to data processing based on legitimate interest or the performance of a public interest task.
- We respect the right of an individual to object to direct marketing, including profiling.
- We respect the right of an individual to object to processing their data for scientific and historical research and statistics.
Rights in relation to automated decision making and profiling
- We respect the rights of individuals in relation to automated decision making and profiling.
- Individuals retain their right to object to such automated processing, have the rationale explained to them, and request human intervention.