Controllers are defined by the GDPR as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
As a controller, we have certain obligations under the GDPR when collecting, storing and using the personal information of individuals based in the European Economic Area (EEA). If you are an individual located in the EEA, your personal data will:
• be processed lawfully, fairly and in a transparent manner by us;
• only be collected for the specific purpose;
• be collected in a way that is adequate, relevant and limited to what is necessary about the purpose for which the personal information is processed;
• be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information);
• be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected; and
• be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Specifically, we have the following measures in place, in accordance with the GDPR:
• Data protection policies: We have internal policies in place which set out where and how we collect personal information, how it is stored and where it goes after we get it, in order to protect your personal information.
• Right to ask us to erase your personal information: You may ask us to erase personal information we hold about you.
• Right to ask us to restrict data processing: You may ask us to limit the processing of your personal information where you believe that the personal information, we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal information rather than it being erased.
• Notification of data breaches: We will comply with the GDPR in respect of any data breach.