GDPR Customer Communication Policy

As part of our operational communication activity Optima Control Solutions Limited contact individuals that are employed by companies with whom we are either currently working with, have previously worked with or with those that have actively expressed an interest and agreed to us forwarding to them additional sales and marketing information about the services we offer.

In order to conduct that communication we hold personal data (Individuals’ names, employing company names, email addresses etc.) that enables us to forward any correspondence.

On May 25th, 2018 the General Data Protection Regulation (GDPR) became effective.

The GDPR rules provide specific rights for all individuals. Optima Control Solutions Ltd. commit to abide fully by the rules set out in the GDPR.

Below we have provided brief descriptions that explain the most salient.

Individual Rights “At a glance”

  1. The right to be informed

    Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

  2. The right of access

    Individuals have the right to access their personal data and supplementary information.The right of access allows individuals to be aware of and verify the lawfulness of the processing.

  3. The right to rectification

    The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.An individual can make a request for rectification verbally or in writing.The hosting company has one calendar month to respond to a request. In certain circumstances the hosting company can refuse a request for rectification.This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)).

  4. The right to erasure

    The GDPR introduces a right for individuals to have personal data erased.The right to erasure is also known as ‘the right to be forgotten’.Individuals can make a request for erasure verbally or in writing.The hosting company have one month to respond to a request.

    The right is not absolute and only applies in certain circumstances.

    This right is not the only way in which the GDPR places an obligation on the hosting company to consider whether to delete personal data.

  5. The right to restrict processing

    Individuals have the right to request the restriction or suppression of their personal data.

    This is not an absolute right and only applies in certain circumstances.

    When processing is restricted, the hosting company are permitted to store the personal data, but not use it.

    An individual can make a request for restriction verbally or in writing. The hosting company have one calendar month to respond to a request.

  6. The right to data portability

    The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.Doing this enables individuals to take advantage of applications and services that can use this data to find them a better deal or help them understand their spending habits.The right only applies to information an individual has provided to a controller.Some organisations in the UK already offer data portability through mi data and similar initiatives which allow individuals to view, access and use their personal consumption and transaction data in a way that is portable and safe.

  7. The right to object
  8. Individuals have the right to object to;

    • Processing of their personal data based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • Direct marketing (including profiling); and Processing for purposes of scientific/historical research and statistics.

  9. Rights in relation to automated decision making and profiling

    The GDPR has provisions on:

    • Automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual).
    • Profiling can be part of an automated decision-making process.

The ICO website (ICO are the controlling body for GDPR) contains a detailed explanation of an individual’s rights.

The security and protection of data is of prime importance to Optima Control Solutions Ltd. Any personal data that we retain on our servers is held securely and our cloud based back-up regime employs strong encryption for both data transmission and storage. We also take our Cyber Security seriously and adhere to the guidelines set out in the government-backed Cyber Essentials scheme.

Furthermore, we have never sold or passed on any data of any type to any third parties for any reason other than operational requirements and we never will.