GDPR (General Data Protection Regulations)
As controllers under the GDPR, organisations such as Your2020Vision Ltd, that process personal data, must establish and publish the lawful basis that they are relying on for processing personal data. The GDPR sets out conditions for lawful processing of personal data (Article 6), and further conditions for processing special categories of personal data (Article 9).
Being transparent and providing accessible information to clients about how we will use their personal information is a key element of the GDPR Regulations.
The following notice reminds you of your rights in respect of the above legislation and how Your2020Vision Ltd will use your information for lawful purposes in order to deliver clients needs and the effective management of the services delivered.
GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps you build trust and leads to enhanced reputation.
Your2020Vision assumes will endevour to seek consent from clients for data used and stored, at the point of establishing contact and building rapport..
SAR (Subject Access Request)
Under Article 15 of the GDPR all clients have the right to a Subject Access Request (SAR):
This gives clients the right to obtain a copy of their personal data as well as other supplementary information. It helps them to understand how and why Your2020Vision are using their data, and check you we are doing so lawfully.
Clients have the right to obtain the following from you:
confirmation that you are processing their personal data;
a copy of their personal data; and
other supplementary information – this largely corresponds to the information that you should provide in a privacy notice.
Recital 59 of the GDPR recommends that organisations ‘provide means for requests to be made electronically, especially where personal data are processed by electronic means’. You should therefore consider designing a subject access form that individuals can complete and submit to you electronically.
If a client makes a request, You2020Vision will provide the information in a commonly used electronic format, unless the individual requests otherwise.
Your2020Vision will respond to all Subject Access Requests in full within 30 days.
Your2020Vision Ltd Subject Access Request
Your2020Vision Ltd collects the following personal data from the following categories of data subjects:
Retention of data:
Except as otherwise permitted or required by applicable law or regulation, Your2020vision Ltd retains personal data for a maximum duration of 10 years. Your2020Vision undertakes an annual review which considers the volume, the nature, and the sensitivity of personal data being held, and the potential risk of harm from unauthorised access or disclosure of personal data.
What are clients entitled to know about how Your2020Vision Ltd handles their data:
Informed if personal data is being processed.
Given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people.
Given a copy of the personal data.
Given details of the source of the data (where this is available).
Your2020Vision Ltd is registered with the ICO. Ref No. ZA494415
Your2020Vision Ltd successfully achieved Cyber Essentials Certification on 20th June 2019.