Your rights under GDPR
This contract is between you, the data subject, and Aegis Compliance Limited.
The contract is at the request of the data subject.
Your privacy is important to us and we take it very seriously. We want to help everyone who uses the Aegis Compliance Limited (ACL) services to get the most out of them. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC).
The policy below lays out in simple English how GDPR applies to the way ACL handles your personal data. Our aim is to be responsible, relevant and secure when using your data. ACL content is centred around sharing knowledge in our specialist subjects, sharing opportunities we offer including our services and events. By subscribing to ACL updates you have read and understood the terms and conditions of the policy.
Below we have outlined what information we collect about you, who it is shared with and how we use this information:
Controlling the data
- The Data Controller is Aegis Compliance Limited, the Meadows, Hind Heath Road, Sandbach, Cheshire, CW11 3LZ. Registered in England and Wales No: 9437816
- You can contact them at firstname.lastname@example.org
- You can call them on 01270 768019
- Aegis Compliance Ltd is registered as a Data Controller with the Information Commissioner’s Office Certificate Number: ZA295258
Purpose and legal basis of the processing
- ACL rely on your consent when processing personal data
- GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subjects’ wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’
- By consenting you have accepted that you understand and accept this as a valid legal basis for processing your personal data
- Your data will not be shared with any third parties without your prior knowledge, but may be used by us to help a selected, GDPR compliant and professionally relevant group of industry suppliers to share their knowledge and insights with you through our carefully selected strategic partners
- Your personal data will not be shared with any third parties unconnected with ACL
What data will the Controller collect and process?
- The categories of personal data are your name, your job title, your company name, your company address and your business email. If you have an entry in our professional directories it may also include information you have provided on your areas of sector expertise or specialism
- Personal Data may also include a link to a professional profile photograph if one is available in the public domain e.g. LinkedIn
Who will have access to the data?
- The recipients of personal data are limited to ACL
- We use data processors like Linkedin, Twitter, Google Analytics, Mailchimp, and Goldmine to help us run our communities. We only work with GDPR compliant suppliers
Data leaving the UK and Safeguarding
- ACL has advised all parties that data may not be transferred outside of the UK without submitting satisfactory proof of their safeguarding methods and proof of a certified privacy shield
How long will the data be kept for?
- The Retention period for personal data is five years
- ACL will be required to remove personal data after the relevant retention period, or when they are in receipt of a data subjects request to do so, whichever is earlier. The data subject has the right to change their mind and withdraw consent at any point during the retention period
What are my rights?
ACL confirms the following rights to each Data Subject:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling