The General Data Protections Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union. The GDPR is a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a greater level of control over their personal data.
“Personal data” is defined in both the Directive and the GDPR as any information relating to an person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
What sort of data will fall under the General Data Protections Regulation?
- Email address
- Social media posts
- Personal medical information
- IP addresses
- Bank details
The GDPR covers any information that can be classified as personal details or that can be used to determine your identity.
Data breaches and the GDPR
A data breach is any situation where an outside entity gains access to user data without the permission of the individual. Data breaches often involve the malicious use of data against users.
If a data breach should occur, the GDPR specifies that companies must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.”
So in many cases online identifiers including IP address, cookies and so forth will now be regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.
To be clear there is no distinction between personal data about individuals in their private, public or work roles – the person is the person.
- We will be transparent about the information we are collecting and what we will do with it.
- We will also use the information to help us understand you better and so that we can give you relevant offers.
- If you tell us you don’t want to receive marketing messages we will stop sending them.
- We will respect your data protection rights and aim to give you control over your own information by opting in or out.
- We do not sell your personal data.
Please note that if you tell us that you do not wish to be sent further marketing communications, you will still receive service communications (as described above) which are necessary, for example, to confirm your hire or to provide you with an update on its status.
What is our legal basis of using your personal information:
Richard Martin Lighting will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons Richard Martin Lighting collected and needs to use your information. Under EU and UK data protection laws in almost all cases the legal basis will be:
- Because we need to use your information so that we can process your hire, fulfil your transport arrangements and otherwise perform the contract we have with you.
- Because Richard Martin Lighting needs to use your personal information to comply with a legal obligation.
- Because you have consented to Richard Martin Lighting using your information for a particular purpose.