Your rights policy

TAKK ESSENTIALS LTD (TAKK) – YOUR RIGHTS POLICY

INTRODUCTION

The General Data Protection Regulation (GDPR) provides you with a number of important rights in relation to the personal data that we at TAKK, as a Data Controller, process about you.

AIMS AND OBJECTIVES OF THIS POLICY

This Policy details our approach to giving effect to your rights and the situations in which they should be implemented and where we may be exempt from compliance with a request received.

OVERVIEW

Each of your rights are set out in detail below.

TIMESCALES

We will always acknowledge any request that you make to us. We will aim to provide you with the information you require as soon as is practically possible, but we will always provide it within one month of your request, unless there are legitimate reasons for extending this period, in which case we will always let you know why we need more time.

IDENTIFICATION

If, on receiving any request, there is any reasonable doubt about the identity of the individual who has submitted the request, we shall take all reasonable steps to confirm the identity of the person making the request. A passport or photographic driver’s license may be used as proof of identity. Where a request is made online, further steps may be taken to ensure that the form of identification provided has originated from you. Where there is any remaining doubt as to the identity of the requester, no personal data will be disclosed until their identity can be confirmed.

SUBJECT ACCESS REQUESTS

You have the right to request information from us about whether your personal information is being processed by us, and if so how this is being done. You also have the right to be provided with access to your personal data.

You also have the right to be provided with the following information:-

In some circumstances we may have to transfer personal data to a country out with the EU or to an international organisation. Where that occurs you are entitled to know what safeguards we have put in place in relation to that transfer.

Whilst we will not charge a fee for you requesting any of the above, TAKK may charge a fee for provision of any data which has been provided on more than one occasion, where there have been repetitive requests or where the request is manifestly unfounded or excessive. Any fee that we charge must be reasonable and reflective of the administrative costs of dealing with the particular request. Where an email or online request for copy data is received, that data shall be provided by email, unless you have requested that it be provided in another form. Any such personal data which is emailed shall be subject to appropriate security measures.

Where we receive a request which is repetitive, manifestly or excessive, we may also may exercise our discretion not to implement the request but must only refuse to do so where it can be proved that the request falls into one of these categories. Where a request is refused, we will advise you of this and provide you of our reasons for refusing your request. We will also notify you of your right to complain to the Information Commissioner and to seek a judicial remedy.

RECTIFICATION OF PERSONAL DATA

Where any personal data held by us is inaccurate, you have the right to require us to rectify this and we will do so without undue delay.

Where we hold any personal data about you which is incomplete, you have the right to have the incomplete data completed by us.

TAKK holds personal data in a central location but holds data in a number of different forms. Where personal data is rectified, care shall be taken to ensure that all personal data is rectified and the data held is consistent.

Where any personal data has been rectified, we shall advise you of this rectification unless doing so proves impossible or would involve disproportionate effort.

ERASURE OF PERSONAL DATA

This right is often known as “the right to be forgotten”. Where this right is exercised, we will erase any personal data without undue delay.
This right can only be exercised by you where:-

  1. the personal data is no longer necessary in relation to the purpose for which it was collected or processed;
  2. where your consent to processing is withdrawn;
  3. where you object to the processing and there are no overriding legitimate grounds for processing;
  4. where there is no legal basis for the processing; or
  5. where there is a legal obligation to delete data.

Where personal data is to be deleted we shall review all data held in all locations and formats to ensure that all relevant personal data is erased. Where we have made any personal data public, we shall take reasonable steps (taking to account technology and cost) to notify other controllers processing the data of your request for erasure.

We are not required to and will not delete personal data where the processing carried out is necessary for:-

  1. exercising the right of freedom of expression;
  2. complying with a legal obligation in the public interest or in the exercise of an official authority;
  3. for public health reasons;
  4. for archiving purposes; or
  5. for the establishment, exercise or defence of legal claims.

Once the relevant personal data has been deleted then you shall be advised that the data has been erased unless doing so is impossible or involves disproportionate effort.

RESTRICTION OF PROCESSING

You are entitled to ask us to restrict the type of processing which is carried out by us. This is not an absolute right and you will only be entitled to a restriction where:-

  1. the accuracy of personal data is contested by the you for a period to enable us to verify the accuracy;
  2. the processing is unlawful and you do not want it to be erased but request restriction instead;
  3. we no longer need the data for the purpose of the processing but the data is required by you for the establishment, exercise or defence of legal claims; or
  4. the processing has been objected to and verification of that objection is pending.

Where you exercise your right to restriction, personal data can then only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights in the public interest for the protection of the rights of another data subject or legal entity.

Where we have restricted any form of processing and that restriction is subsequently lifted, we shall advise you unless doing so is impossible or involves disproportionate effort.

DATA PORTABILITY

Where you request a copy of your personal data for the purposes of transferring it from us to another data controller we shall do so provided:-

  1. the legal basis for processing is based on consent or a contract with you; and
  2. the processing is carried out by automated means.

You shall only be provided with the personal data you have provided to us and the personal data gathered by us in the course of our dealings with you or which has been generated from our monitoring of your activity.

You are entitled to be provided with your personal data in a structured, commonly used and machine readable format for transfer to another controller; or where possible to have us transfer the data direct to another processor.

OBJECTION TO PROCESSING OF PERSONAL DATA

You have the right to object, on grounds relating to your particular situation, where your personal data is processed based on the public interest or in the exercise of official authority; or where we are processing their personal data based on legitimate interests.

If we can demonstrate that we have legitimate grounds for the processing which override the interests, freedoms of your rights or if it is for the establishment, exercise or defence of legal claims, it is not necessary to cease processing. This does not apply to direct marketing.

You are entitled to object to direct marketing (in any form) which is sent to you. This is an absolute right and where such a request is received, we must and we will comply with the request.

AUTOMATED DECISION MAKING

TAKK does not undertake any Automated Decision Making.

EXEMPTIONS TO YOUR RIGHTS

Your right to object to direct marketing is absolute. In other situations, we may be exempt from compliance with your rights if certain exemptions apply. Careful consideration will be given to these exemptions and whether they apply before responding to any request by you. The exemptions for compliance with the request are set out in the Data Protection Act 2018. These are:-