This sets out the personal data we collect, from you and others, in the course of using Simwood services and how we use this information as well as formally publishing our data retention periods.
It’s important to remember there are many basis for processing personal data under GDPR. Generally, we do not rely on consent as a legal basis for processing personal data, except where required by law (for example PECR and direct marketing communications). Where we do rely on consent, you may withdraw this at any time.
All other processing of personal data is where required to fulfil a contract, to satisfy our legal or regulatory obligations, or where it is necessary for our legitimate interests, e.g. fraud prevention.
It is a requirement of GDPR to openly explain what data you collect and, significantly, on what basis you are processing this data.
If you’re still panicking about GDPR, and what it means for your business, Neil Brown of decoded:Legal kindly gave us an excellent talk on GDPR for ITSPs at SimCon1 which provides a good overview.