The European General Data Protection Regulation and the UK Data Protection Act 2018 gives you the right:
- to ‘concise and transparent information’ about how we handle your personal data - we achieve this by the use of our privacy notices
- of access to the data we hold about you, the reasons it is being processed, and whether it is shared with other organisations, how long we hold it for, and whether there has been a security breach involving your personal data - to see your information, you can make a subject access request
- of erasure of personal data we process about you, where we are relying on your consent to do so
- to object to processing of your personal data, where we are relying on our legitimate interests to do so
- to request that we restrict processing if you wish to object
- to request that we hold off on the destruction of records that are coming to the end of their retention period
- to ask us to correct data that is incorrect
- to ‘port’ your personal data directly to another organisation or individual - to invoke any of the previous six rights, please contact our Data Protection Officer by emailing DPO@n-somerset.gov.uk
- to not be subject to automated decision making, without a legal basis or your explicit consent - if a service relies on automated decision making, this is made clear in their privacy notice
- to make a complaint to the supervisory authority; in our instance the Information Commissioner’s Office (ICO)