Categories
legal

Your Rights under GDPR

The right to be informed

Individuals have a right to understand when their personal data is being held and processed, even when this has been obtained indirectly.

The right of access

You can request access to your personal data at any time to be aware of and verify the lawfulness of the processing, this is via a Subject Access Request (see below).

The right to rectification

Personal data can be easily rectified if inaccurate, incomplete or out of date. This can be done by updating your control panel (insert link) or by written request (please see below for information)

The right to erasure

Under qualifying criteria, you can request your data to be deleted where there is no lawful reason for its continued processing. Please refer to the GDPR regulation or ico.org.uk for full details.

The right to restrict processing

Under qualifying criteria, you can request the processing of your data to be restricted. This means your data will still be held but not processed and may apply where information is inaccurate or if there is an objection over the lawfulness of the processing. Please refer to the GDPR regulation or ico.org.uk for full details. Please send your request in writing as per the below instructions.

Where data is restricted, We shall, where possible, also inform any involved 3rd parties of the restriction.

The right to data portability

Individuals can request personal data to be provided in order to reuse elsewhere and/or moved from one IT environment to another in a secure manner without hindrance. Please send your request in writing as per the below instructions.

The right to object

Where processing of your data is taking place under certain purposes and no legitimate reason exists for this, you have the right to object. Please send your request in writing as per the below instructions.

Rights in relation to automated decision making and profiling

We do not use Automated decision making, But third party suppliers may and profiling can only take place where consent or a lawful reason apply. Processors are also required to notify individuals when their data is processed by automated means and provide information about the processing and lawful reason for doing so. It should be straightforward for an individual to challenge or request intervention.

Subject access requests

To Make a Subject access request please email privacy@cyber-cottage.co.uk, You will need to provide proof of identity as part of your application.

3rd Parties

In order to deliver our services, we may disclose your identifiable data to our sub-contactors who are required to maintain the same standards of security and integrity as ourselves, under full non-disclosure agreements.

At time of this document creation these included

Gradwell Ltd. Telephony services

Diva Telecom Telephony services

Provu Communications Hardware supplies

Sangoma  Hardware and software (Freepbx)

Rapidswitch Servers

Digital Ocean Servers

Vultr Servers