This policy contains the core information around personal data processing at Entity Group. It sets out information that would need to be provided in relation to all processing, to be supplemented with more specific information where necessary.
Entity Group is committed to absolute transparency around what we are going to do with your data. This policy sets out in a single, accessible place, the common processing that we undertake with your data.
The Entity website has contact forms for different purposes where you are able to provide your name and contact details. We may also collect names and contact details through telephone, email or letter communication. Your details, which includes name, address, email, telephone number etc, all form what is known as your Personal Data.
When you visit this website, and even if you do not enter your details into a form, we may collect technical information about you such as your IP Address (Internet Protocol), the type of device that you used to access the website, browser type and version, the country, the telephone code for the area your computer is located, the pages that you visited, response rates of the web pages, your length of visit to certain pages. A cookie is a small file which is placed on your computer.
Where data is collected by Entity Group, Entity Group becomes the Data Controller. Our contact details are the same as those for our Data Protection Officer.
If you have any comments or queries regarding the use of your data or you wish to express your individual rights.
Please contact the Entity Data Protection Officer (DPO) by email – firstname.lastname@example.org or by post Data Protection Officer, Entity Group, 980 Cornforth Drive, Kent Science Park, Sittingbourne, Kent. ME9 8PX or by phone +44 (0) 1795 415800.
Categories of recipient will be defined at point of data entry for personal data, or your consent will be sought before sharing data with a new recipient.
Technical data may be used with other organisations in the Entity Group for the same purposes, but will not be used beyond the Group.
Data will be shared with hosting companies and similar organisations who support our infrastructure, subject to appropriate controls and security measures that we define.
We will never sell your personal data to any external organisation
The following sets out your rights under GDPR and when they arise
1. The right to be informed
This is your right to be informed about the collection and use of your personal data that we hold. This document provides the details of this to be read in conjunction with more specific information provided where personal data is collected.
2. The right of access
This is your right to see your personal data that we hold, together with supplementary information around the processing it is undergoing.
3. The right to rectification
This is your right to have inaccurate personal data we hold corrected, or completed if it is incomplete.
4. The right to erasure
This is your right to have your personal data erased, this is also known as ‘the right to be forgotten’. A request for erasure can be verbally or in writing, and Entity has 1 month to respond to a request. The right is not absolute and only applies in certain circumstances
5. The right to restrict processing
This is your right to request that Entity restricts the use of your personal data. This is not an absolute right and only applies in certain circumstances. If you exercise your right to restrict processing is restricted, Entity is still permitted to store the personal data, but not use it. You can make a request for restriction verbally or in writing and Entity Group has 1 month to respond.
6. The right to data portability
This is your right to data portability, this allows you to obtain and reuse for your personal data for your own purposes across different services. We will provide your data in a structured, commonly used and machine-readable format and will transmit it directly to another data controller if required.
7. The right to object
You have the right to object to:
Entity Group do not carry out profiling based on personal data for any purpose.
You have the right not to be subject to any automated decision making (making a decision solely by automated means without any human involvement) that has a legal or other similar significant effect on you.
Entity group do not carry out such automated processing on any personal data for any purpose.
1. Right to withdraw consent
Where processing for a specific purpose is based on consent you have given, you can withdraw consent at any time, and we will no longer process your data for that purpose. This does not affect the lawfulness of the processing prior to withdrawal.
2. Right to lodge a complaint
You have the right to lodge a complaint with the Information Commissioner’s Office
To exercise any of the above rights please contact our Data Protection Office using the link above.
We never keep personally identifiable information for any longer than is necessary for the specific purpose(s) for which it has been collected. We consider each purpose carefully and separately to ensure that this is the case. Specific retention periods may be defined at point of data entry.