As part of our commitment to data handling and the GDPR, we regularly review and update our internal practices, processes and documentation regarding how we handle your data, the rights an individual has, and the actions taken in the event of a data breach.
UK Postbox is committed to the practices outlined in the GDPR, and follows the guidance around privacy by design, the right to be forgotten, consent, and a risk-based approach. Our aims are to:
- Offer complete transparency regarding how we handle and use data.
- Only process data in a lawful, fair and transparent way for necessary purposes.
- Ensure all data is up to date, accurate and removed when redundant.
- Safely and securely handle and process any data.
We have assigned a designated Data Protection Officer (DPO) who has received training and holds responsibility for promoting awareness of GDPR throughout UK Postbox. Their role is to demonstrate best practice and support employees throughout the workforce to ensure data is being handled compliantly.
Right to be forgotten
We recognise and practice the right to be forgotten, also known as the right to erasure. As outlined in Article 17 of the GDPR, customers have the right to request that their personal data is erased without delay.
Subject access requests
Individuals have the right to submit a request for their personal data and other related information to be provided within one month of the initial submission. In most cases, there will be no charge for this request, unless it is unfounded, excessive or repetitive. In these cases, we may charge a ‘reasonable fee’ due to the works involved. Individuals can contest this decision with the supervisory authority (the Information Commissioner’s Office (ICO) if they deem a charge to be unfair.
We will implement data protection “by design and by default”, as required by the GDPR. Safeguards will be built into products and services from the earliest stage of development and privacy-friendly default settings will be the norm. The privacy notice, which is on our website and which is provided to anyone from whom we collect data, explains our lawful basis for processing the data and gives the data retention periods. It makes clear that individuals have a right to complain to the ICO. We have conducted a privacy impact assessment (PIA) to ensure that privacy risks have been properly considered and addressed.
Privacy Information Notice
Our privacy notice has been made readily available and details who we collect data from, how we process data, and the data retention period. The privacy information notice for website visitors can be accessed here: https://www.ukpostbox.com/legals/privacy-policy.
In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will notify these individuals as well as the ICO as soon as possible, within 72 hours of a breach occurring.