When you buy your local discount card, we need to record a few details so we know who and where you are. Our policy is in place to protect the data we collect from your card holders.
All users of mylocality.me have a right to access information held by All About Newport Ltd and have it corrected if it is factually inaccurate. See information regarding SAR's below.
We are committed to:
• Ensuring that we comply with the eight data protection principles, as listed below
• Meeting our legal obligations as laid down by the Data Protection Act 1998
• Ensuring that data is collected and used fairly and lawfully
• Processing personal data only in order to meet our operational needs or fulfill legal requirements
• Taking steps to ensure that personal data is up to date and accurate
• Establishing appropriate retention periods for personal data
• Ensuring that data subjects' rights can be appropriately exercised
• Providing adequate security measures to protect personal data
• Ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
• Ensuring that all staff are made aware of good practice in data protection
• Providing adequate training for all staff responsible for personal data
• Ensuring that everyone handling personal data knows where to find further guidance
• Ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
• Regularly reviewing data protection procedures and guidelines within the organisation
1. Personal data shall be processed fairly and lawfully
2. Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
4. Personal data shall be accurate and, where necessary, kept up to date
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
6. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998
7. Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
We will not pass information about an individual to another business or organisation unless we have asked for - and you have given - your consent. However, there are exceptions to this. If the police ask us for information about someone, we can give this information without telling the individual - if doing so could obstruct the investigation or stop a crime being prevented. Disclosures can also be made if they are necessary for a court case or to obtain legal advice, for example, in connection with an employment tribunal.
The Data Protection Act 1998 gives individuals certain rights in relation to the use of their personal data. These rights are as follows:
• The right of subject access - gives people the right to obtain information held about themselves. See information regarding SAR's below.
• The right to prevent direct marketing - individuals can ask us at any time not to use their personal information for direct marketing purposes. They need to make their request in writing and we will act on it in a reasonable period of time. In most cases, this should be within 28 days.
• The right to have personal information corrected - an individual has the right to have incorrect or misleading personal information held about them corrected.
• The right to prevent automated decisions - this allows individuals to stop important decisions about them being made by solely automated means - for example, decisions made only by a computer. This can include recruitment decisions made solely on the basis of psychometric testing.
The Data Protection Act 1998 gives individuals the right to access the personal information you process about them. Individuals have the right to:
• Know whether we, or someone else on our behalf, is processing personal information about them.
• Know what information is being processed, why it is being processed and who it may be disclosed to.
• Receive a copy of the personal information about them
• Know about the sources of the information.
To obtain access to personal information held about them, an individual must send either a written or electronic request - known as a subject access request (SAR). The SAR doesn't have to refer to the Act but should make it clear that it is a formal request from the individual and not just an everyday enquiry. We can charge a fee of up to £10 to provide the information requested.
If you are not sure about the identity of an individual requesting information, you can ask for proof. This could be an official document - eg a council tax bill, driving licence or passport. You can request additional information that you might need to respond to the SAR. For example, if an individual has requested emails you could ask when the emails were sent, or for the senders or recipients of the emails.
We will respond to a SAR no later than 40 days after receiving it. The 40-day period does not start until we receive any additional information we need. We will supply the information after we receive any fee payable. We will provide the information requested in a permanent format - such as a computer printout, letter or form - unless:
• The individual agrees otherwise
• It is not possible to supply such a copy
• It will involve 'disproportionate effort'