HOW WE PROTECT YOUR DATA
Our controls
We are committed to keeping your personal data safe and secure.
Our security measures include:
• encryption of data;
• regular cyber security assessments of all service providers who may handle your personal data;
• regular planning to ensure we are ready to respond to cybersecurity attacks and data security incidents;
• daily penetration testing of systems;
• security controls which protect our IT systems infrastructure and our premises from external attack and unauthorized access;
• internal policies setting out our data security rules for our personnel; and
• regular training for our employees.
HOW LONG WE KEEP YOUR DATA
We will not retain your data for longer than necessary for the purposes set out in this Notice. Different retention periods apply for different types of information, and our Data Retention Policy sets out the length of time we will usually retain personal data and where these default periods might be changed.
In summary, various laws, accounting and regulatory requirements applicable to us require us to retain certain records for specific amounts of time. In relation to your personal data, we will hold this only for so long as we require that personal data for legal or regulatory reasons or for legitimate organizational purposes. We will not keep your data for longer than is necessary for the purposes for which we collect them.
YOUR RIGHTS
You have the following rights:
• the right to be informed about our processing or your personal data which is the aim of this Notice;
• the right to request access to personal data we hold about you at any time;
• the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
• the right to object to the processing of your personal data and/ or to withdraw any consent you have given us and to opt out of any marketing communications that we may send you;
• the right to prevent processing that is likely to cause damage or distress to you or anyone else;
• the certain rights in relation to automated decisionmaking including profiling;
• the right to request that we erase your personal data in certain circumstances (the right to be forgotten) for example when the data are no longer necessary for the purpose for which we collected them;
• the right to have your personal data provided to you by us in a structured, commonly used and machine-readable format and transmitted to another data controller. This is known as the right to data portability.