GDPR - Fair Processing Notice
When processing your personal data we are required to comply with the Data Protection Act 1998 (“DPA”) up to and including 24 May 2018, and from 25 May 2018, the General Data Protection Regulation 2016 (“GDPR”) (the DPA and GDPR are together referred to as the “Data Protection Legislation”).
Your personal data includes all the information we hold that identifies you or is about you, for example, your name, email address, postal address, date of birth, location data and in some cases opinions that we document about you, as well as special categories of data including but not limited to medical and health records, care plans and information about your religious beliefs, ethnic origin and race, sexual orientation and political views [Update as necessary to reflect the personal data that is being processed about the Data Subjects to whom this fair processing notice will be provided].
Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We are therefore required to comply with the Data Protection Legislation to make sure that your information is properly protected and used appropriately.
This fair processing notice provides information about the personal data we process, why we process it and how we process it.
is the data controller of the personal data you provide. We have appointed as and they will have day to day responsibility for ensuring that we comply with the Data Protection Legislation and for dealing with any requests we receive from individuals exercising their rights under the Data Protection Legislation.
Why do we process your personal data?
We process your personal data in order to provide you with the services you have requested, to fulfil the contract we have entered into with you and/or to receive services or goods from you. We may also process your personal data to respond to any queries or comments you submit to us and to correspond with you on a day to day basis. [Note this paragraph tries to cover all bases including provision and receipt of services. may feel it is more appropriate to use more than one fair processing notice for non- employees].
We may need personal data from you to be able to provide services to you, to meet our legal obligations, to enter into a contract with you and/or to provide you with all the information you need. If we do not receive the personal data from you, we may be unable to fulfil our obligations to you.
We process most of your information on the grounds of consent from you, legitimate interests (such as [please insert a description of the legitimate interests you are pursuing when you process personal data], performance of a contract we have entered into with you, protection of the vital interests of a Data Subject or, in the case of special categories of data, processing for the provision of health or social care or treatment or the management of health or social care systems or services [Please delete any that are not appropriate, particularly if chooses to use more than one fair processing notice depending on the type of Data Subject].
If we obtain consent from you to the processing of your personal data, you can withdraw your consent at any time. This won’t affect the lawfulness of any processing we carried out prior to you withdrawing your consent.