Data Protection Law
The EU General Data Protection Regulation 2016/679 (GDPR) came into force on the 25 May 2018, and it is supplemented by the Data Protection Act 2018. We refer to these as “data protection law”.
Data protection law regulates the processing of “personal data” relating to individuals by organisations (known as “data controllers”).
On this page we have used some words and phrases, and these are explained below.
“Personal data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses, etc. but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
“Special category data” means personal data about a person’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.
“Processing” covers all activities relating to the use of personal data by an organisation, from its collection through to its storage and disposal and everything in between.
“Data subject” means the person whose personal data is being processed.
“Data controller” means the organisation which is responsible for processing data and ensuring that personal data is processed in accordance with data protection law.
The Company as data controller
Rheality Ltd (the “Company”) is the data controller for the personal data that we process in relation to you.
Occasionally, the Company may be a joint data controller with other organisations, or we may be processing data about you on behalf of another organisation, but when this is the case, we will make you aware of this when the information is collected.
Personal data must be processed in accordance with specific principles set out in data protection law. These include the principle that personal data should be processed ‘lawfully, fairly and in a transparent manner’. In order to comply with this principle, the Company will tell you how it will deal with your information at the time we collect it. This information is normally set out in a “privacy notice”.
In addition to the privacy notices, more information is set out below, in particular “Your rights as a data subject” and “Exercising your rights, queries and complaints”.
How we protect personal data
The Company handles information about people. It is important that they have trust and confidence that the Company will protect their privacy and the Company takes great care to ensure that personal data is handled, stored and disposed of confidentially and securely. The Company has put in place organisational and technical measures so that personal data is processed in accordance with the 6 data protection principles set out in data protection law.
Your rights as a data subject
As a data subject, you have the following rights in relation to your personal data which is processed by the Company:
- to access the personal information the Company holds about you. This is known as a Subject Access Request;
- to correct inaccuracies or, where appropriate and taking into account the purpose for which we process your data, the right to have incomplete data completed;
- to have your personal data erased. This is a limited right which applies, among other circumstances, when the data is no longer required or the processing has no legal justification. There are also exceptions to this right, such as when the processing is required by law or in the public interest (e.g. when the Company needs to retain a historical archive);
- to object to the processing of your personal data for marketing purposes. If you ask us to delete your personal data, we will continue to maintain a core set of personal data comprising very brief information to ensure that we do not inadvertently contact you in future. We may also need to retain some financial records for statutory purposes;
- to object to the processing of your personal data when that processing is based on specific criteria such as the public interest or other legitimate interests, unless we have compelling lawful grounds to continue;
- to restrict the processing of your personal data. This is a limited right which will apply in specific circumstances and for a limited period;
- to ask for the transfer of your data electronically to a third party;
- where the legal basis for us processing your personal data is your consent, to withdraw that consent at any time.
Exercising your rights, queries and complaints
- you would like more information on your rights;
- you would like to exercise any right; or
- you have any queries relating to the Company’s processing of your personal data
- you wish to make a complaint about how your data is being or has been processed
Telephone: +44 7532 047588
You also have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data. You can make a complaint using the ICO’s website.
What personal data will be processed?
The personal data we process is that which you provide to us.
If you consent to receive these communications, we will retain and use only the information which is necessary to communicate with you. This may include:
- Your name and contact details (including your address, email address and telephone number(s));
- Your job title and role (if relevant);
- Details of Company events you have attended (if relevant).
We will also keep records of the communications we send you and any contact between you and the Company in relation to the communication or mailing list you have.
The communications we send you will be tailored to any preferences you have expressed.
What is the purpose of the processing?
The Company will process your personal data to provide you with the communications you have requested. We will not use your data for any other purpose.
What is the legal basis of the processing?
We process your personal information for the purposes above based on your consent. You will be able to withdraw consent and unsubscribe to the communication you receive at any point by contacting us at firstname.lastname@example.org.
Who will your personal data be shared with?
Within the Company, your data is only shared with those Company departments and staff who need access for the processing purpose set out above.
Your details may be shared on a confidential and considered basis with external organisations which assist the Company in delivering communications you have subscribed to. These organisations act on our behalf in accordance with our instructions for the purposes outline above and do not process your data for any other purpose over and above what we have asked them to do. We make sure we have appropriate contracts in place with them. Sometimes your data is processed outside the European Economic Area (e.g. because they use a cloud-based system with servers based outside the EEA), and, if so, appropriate safeguards are in place to ensure the confidentiality and security of your personal data.
Except as we have explained above, we will not publish or disclose any personal data about you to other external enquirers or organisations unless you have asked us to do or have consented to it, or unless it is in your vital interests to do so (e.g. in an emergency situation).
How long is your data kept?
We will continue to keep your data until you withdraw your consent or unsubscribe from receiving a specific communication. We will delete your details if we become aware that your contact details are out of date or incorrect.
Are changes made to this webpage?
This webpage is effective from 22 July 2020. It is reviewed when necessary and at least annually. Any changes will be published here and you will be notified by email or as appropriate.