The right to be informed
Individuals have a right to understand when their personal data is being held and processed, even when this has been obtained indirectly.
The right of access
You can request access to your personal data at any time to be aware of and verify the lawfulness of the processing, this is via a Subject Access Request (see below).
The right to rectification
Personal data can be easily rectified if inaccurate, incomplete or out of date. This can be done by updating your control panel (insert link) or by written request (please see below for information)
The right to erasure
Under qualifying criteria, you can request your data to be deleted where there is no lawful reason for its continued processing. Please refer to the GDPR regulation or ico.org.uk for full details.
The right to restrict processing
Under qualifying criteria, you can request the processing of your data to be restricted. This means your data will still be held but not processed and may apply where information is inaccurate or if there is an objection over the lawfulness of the processing. Please refer to the GDPR regulation or ico.org.uk for full details. Please send your request in writing as per the below instructions.
Where data is restricted, We shall, where possible, also inform any involved 3rd parties of the restriction.
The right to data portability
Individuals can request personal data to be provided in order to reuse elsewhere and/or moved from one IT environment to another in a secure manner without hindrance. Please send your request in writing as per the below instructions.
The right to object
Where processing of your data is taking place under certain purposes and no legitimate reason exists for this, you have the right to object. Please send your request in writing as per the below instructions.
Rights in relation to automated decision making and profiling
We do not use Automated decision making, But third party suppliers may and profiling can only take place where consent or a lawful reason apply. Processors are also required to notify individuals when their data is processed by automated means and provide information about the processing and lawful reason for doing so. It should be straightforward for an individual to challenge or request intervention.
Subject access requests
To Make a Subject access request please email privacy@cyber-cottage.co.uk, You will need to provide proof of identity as part of your application.
3rd Parties
In order to deliver our services, we may disclose your identifiable data to our sub-contactors who are required to maintain the same standards of security and integrity as ourselves, under full non-disclosure agreements.
At time of this document creation these included
Gradwell Ltd. Telephony services
Diva Telecom Telephony services
Provu Communications Hardware supplies
Sangoma Hardware and software (Freepbx)
Rapidswitch Servers
Digital Ocean Servers
Vultr Servers