Your rights

1. Overview

From 25 May 2018, the General Data Protection Regulation (GDPR) as supplemented by the UK Data Protection Act 2018 will have legal effect.

This replacement data protection framework places new obligations on us and strengthens the rights that you have over the processing of your personal information.

You have the right:

• to be informed
• to ask us for access to copies of the personal information we hold about you
• to ask us to rectify your personal information if it is inaccurate or incomplete
• to ask us to stop processing your personal information (this is known as the ‘right to object’)
• to ask us to erase personal information we hold about you (this is also known as the ‘right to be forgotten’)
• to ask us to ‘restrict’ the processing of your personal information (e.g. restrict our access and use pending our consideration, for example, of any objection or erasure request you have submitted)
• to ask us ensure that a decision which legally affects you is reviewed by a person if the decision has been made solely using an automated computerised process
• to ask us to put the personal information you have given us into a portable electronic machine readable format so it is capable of being transmitted to someone else

These rights are not absolute and are dependent on conditions and exemptions. In some cases the rights described above only apply if the processing activity is undertaken on specific legal grounds and/or in defined circumstances. Therefore all of these rights are unlikely to be engaged in all cases.

You can find more detailed information about your rights from the Information Commissioner’s Office (the ICO). The ICO is the UK’s independent regulator responsible for upholding and enforcing your rights under data protection law.