We are committed to protecting the privacy and the confidentiality of the personal information of visitors to our website and of members/enquirers to our organisation. There is a lot of information here but we want you to be fully informed about your rights and how Jefferson Studios uses your data.
We undertake to ensure that all personal information in our possession is processed in accordance with the requirements of the European General Data Protection Regulation (‘GDPR’) and Data Protection Act (‘DPA’).
We will only use your personal information in a way that is fair to you. We will only collect information where it is necessary for us to do so and we will only collect information if it is relevant to our dealings with you. We have implemented appropriate technology and policies to safeguard your data from unauthorised access and improper use.
We may update this Policy from time to time and you are welcome to come back and check it whenever you wish to.
Explaining the legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive emails from us – for example finding out more information about our service.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you order a resource from us, we’ll collect your address details to deliver your purchase, and if necessary pass them to our courier. We never ever share your address details with other companies.
What sort of personal data do we collect?
- If you are an enquirer to our service we will might collect your email address, your postal mailing address, your telephone number.
- Details of your interactions with us by telephone calls, emails, letters and text
- Your comments and product/service reviews.
How we protect your personal data?
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
How long we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
We operate under GDPR and DPA. We ensure lawful processing of personal data by obtaining your consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.
The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.
We must ensure that personal data shall be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and where necessary kept up to date;
- kept for no longer than is necessary for the purposes for which the personal data are processed. We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For details of our current retention policy contact our Privacy Officer at: firstname.lastname@example.org
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.We use up-to-date industry procedures to protect your personal information. We have appropriate security measures in place to protect against the loss, misuse or alteration of information that we have collected from you via our websites. However please be aware that the internet is not a 100% secure medium of communication. Jefferson Studios cannot therefore guarantee the security of any information you input on the website or send to us on the internet. Jefferson Studios is not, and will not be, responsible for any damages you or others may suffer as a result of the loss of confidentiality of any such information.
Under GDPR you have the following specific rights in respect of the personal data we process:
- The right to be informed about how we use personal data. .
- The right of access to the personal data we hold. In most cases this will be free of charge and will be provided within one month of receipt.
To obtain a copy of the personal information we hold on you, please write to us and provide us with your details or email; email@example.com
- The right to rectification where data is inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
- The right to erasure of personal data, but only in very specific circumstances, typically where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but will not further process it until such time as we have resolved the issue.
- The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is necessary for the performance of a public interest task.
- Rights in relation to automated decision making and profiling
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.