The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier (as explained in Article 6 of GDPR). For example, name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data
The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
KR Group (Scotland) Limited is the data controller. This means we decide how your personal data is processed and for what purpose. Our contact details are:
Unit 6 Loanhead Croft, Newburgh, AB41 6BX.
For all data matters contact Nicola Fraser, Data Supervisor on firstname.lastname@example.org or 01358 788907.
We use your personal data for the following purposes:
Personal data (article 6 of GDPR)
Our lawful basis for processing your general personal data:
Your personal data will be treated as strictly confidential and will be shared only as outlined above.
We keep your personal data for no longer than reasonably necessary for a period of 7 years for financial information and 1 year for enquiries to ensure we offer good customer service.
We require your personal data as it is a contractual requirement.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
WE DO NOT TRANSFER PERSONAL DATA OUTSIDE THE EEA.
WE DO NOT USE ANY FORM OF AUTOMATED DECISION MAKING IN OUR BUSINESS.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 0303 123 1113 or via email – https://ico.org.uk/global/contact-us/email/
Or at the Information Commissioner’s Office –
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.