Chapel Process Management Ltd
GDPR Privacy Statement
At Chapel Process Management Ltd we value your privacy and know how important it is to you that your data is handled confidentially. We would, therefore, like to assure you that we comply with all the statutory requirements for data privacy and data security. This statement explains the nature, scope and purposes of the data Chapel Process Management Ltd collects and stores from you, through our interactions with you, and how we use the data supplied.
In accordance with the requirements of the General Data Protection Regulation (GDPR), you have various rights; these include the right to file an objection against the data we hold. More information on this is given in the `your rights’ section of this statement.
GDPR: General Data Protection Regulations (2018). New legislation that came into law in May 2018.
Data Protection: The process of safeguarding Personal Data from unauthorised or unlawful disclosure, access, alteration, processing, transfer or destruction by an individual or individuals.
Personal Data: Any information relating to an identified or identifiable natural person.
Identifiable Individual: An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to their physical or social identity.
Data Controller: Is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Data Processor: Any person who processes the data on behalf of the data controller in relation to information or data means.
Data Subject: is a living individual to whom personal data relates.
Supervisory Authority: The Information Commissioners Office (ICO). The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. (https://ico.org.uk/)
Consent: Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.
Details of the entity responsible for processing data and contacting the Data Controller
This data information applies to data processing conducted by the responsible body:
Chapel Process Management Ltd
Unit 14E Enterprise Centre
Tel: 01249 715364
The data controller can be contacted at the above address, or via firstname.lastname@example.org
Purposes of data processing; legal basis and legitimate interests
Article 6(1) (b) of the GDPR (2018) states the lawful basis for processing data where:
`processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.
All data that Chapel Process Management Ltd collect will be processed lawfully, fairly and in a transparent manner. It will only be used to administer your account for specific and legitimate purposes, and only information that is relevant and limited to what is necessary will be collected. This means Chapel Process Management Ltd must not store any personal data beyond what is strictly required. All information you provide will be given voluntarily and only used with your consent. The data that is held will be accurate to our knowledge, and, where necessary and with your consent, updated to reflect changing circumstances. Under HMRC regulations all financial records must be kept for a minimum of six years. For Chapel Process Management Ltd to comply with this regulation all personal data held by Chapel Process Management Ltd will be held for a minimum of seven years after which a review will take place to determine as to whether Chapel Process Management Ltd will delete or archive any or all data held.
Personal data shall be processed in a manner that ensures appropriate security of the personal data provided, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. Our security measures undergo continuous improvement in accordance with technological development.
All Chapel Process Management Ltd employees will obtain personal data only by lawful and fair means and with the knowledge and consent of the individual concerned. Consent must be a clear affirmation from the data subject to the approval of personal data being processed in the administration of your account. Where a need exists to request and receive the consent of an individual prior to the collection of, use of, or disclosure of their personal data, Chapel Process Management Ltd is committed to seeking such consent. The request for consent will be presented in a manner which is clear and is distinguishable from any other matter and uses clear and plain language.
Chapel Process Management Ltd must ensure that consent is given freely and to provide the data subject with a simple method of withdrawing their consent at any time.
Transfer of Data to third parties
Where subcontractors are used to provide a service on behalf of Chapel Process Management Ltd, only the relevant information of address and post code would be given out. For Chapel Process Management Ltd to be able to do this we will request consent. Consent can be withdrawn by the data subject at any time; this can be done by notifying the Data Controller in writing. Confirmation of the withdrawal of consent will be acknowledged by the Data Controller and a reply to the data subject will
Your rights of access under article 15 of GDPR (but not limited to)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data and the following information:
- The purpose of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipient to whom personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- The existence of the right to request from the controller rectification or erasure (right to be forgotten) of personal data or restriction of processing personal data concerning the data subject or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from the data subject, any available information as to their source.
The controller shall provide a copy of the personal data undergoing processing on request. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request be electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used form.