The General Data Protection Regulation (GDPR) standardises data protection across all European Union (EU) countries. This regulation was introduced to tighten the EU’s data protection regulations to ensure its laws apply to all businesses irrespective of where they are located. They must now be more responsible for the way they handle the personal data of EU citizens. Since SynergERP operates in the UK, we are required to offer more clarity on how we process personal data.
What are your rights?
- The right to be informed about the collection and use of your personal data including the purpose for processing your personal data, the business’s retention periods for that personal data, and who it will be shared with.
- The right of access to your personal data. A business has one month to respond to such a request.
- The right to the rectification of personal data. This means that individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete.
- The right to erasure. The individual can request that their personal data be erased.
- The right to restrict processing. Individuals (under certain circumstances) can request that their personal data be restricted or suppressed.
- The right to data portability gives individuals the right to receive the personal data they have provided to a controller in a structured, commonly used and machine-readable format. Data provided to a controller is collected from the observation of an individual’s activities, i.e. website usage, location or using a device or service.
- The right to object to the processing of their personal data in certain circumstances.
- Rights in relation to automated decision-making and profiling. The processing of activity which is wholly automated and leads to decisions that affect individuals in a sufficiently significant way is prohibited unless it can be justified by one of three bases set out as exceptions under Article 22(2). These are performance of a contract, authorised under law, or explicit consent.
How SynergERP abides by the GDPR
We carry out processing under Article 22(1) because we have the individual’s explicit consent recorded and more information on the use of personal data will be given when requested. We offer individuals a simple way to withdraw their consent.
Here are the steps we will take to ensure our compliance:
- We will add consent boxes to all forms to ensure you are aware that you are opted into our direct marketing.
- We will have an unsubscribe option in all email communications so you can opt out at any point.
- We will not share your information with third parties.
- If you download something, but do not want us to use your details for marketing thereafter, you can opt out in the thank you follow-up email.
- If you request to be removed from all communications, we will not continue to keep your details in our database or marketing platforms. This will need to be requested by email to the sender or by contacting us directly.