We’ve updated our Privacy Policy to bring it into line with the requirements of the new General Data Protection Regulations (GDPR) but also make it a bit clearer and less “lawyer-ish” whilst still complying with the requirements of the Regulation.
This sets out the personal data we collect, from you and others, in the course of using Simwood services and how we use this information as well as formally publishing our data retention periods.
It’s important to remember there are many basis for processing personal data under GDPR. Generally, we do not rely on consent as a legal basis for processing personal data, except where required by law (for example PECR and direct marketing communications). Where we do rely on consent, you may withdraw this at any time.
All other processing of personal data is where required to fulfil a contract, to satisfy our legal or regulatory obligations, or where it is necessary for our legitimate interests, e.g. fraud prevention.
It is a requirement of GDPR to openly explain what data you collect and, significantly, on what basis you are processing this data.
The ICO publishes guidance on Privacy Notices and we would encourage all customers to ensure that they have a published privacy policy that adheres to this.
Additionally, we’ve recently reviewed our retention policies which are also outlined in our new Privacy Policy.
If you’re still panicking about GDPR, and what it means for your business, Neil Brown of decoded:Legal kindly gave us an excellent talk on GDPR for ITSPs at SimCon1 which provides a good overview.
