GDPR requires Aeorema Limited (“the Company”) to provide this notice which sets out how the Company will process personal information which it receives. Where your details are provided to the Company as a consequence of your engagement with it, we will process your personal information or, if applicable, that of your Directors, Officers and/or Employees. This personal information may include names, addresses, telephone numbers and email addresses.
Purposes of processing and legal basis for processing
Your personal data may be processed by the Company to comply with specific legislation only for the following purposes:-
- To comply with any legal obligation imposed on the Company or to fulfil the services included in your Contract with the Company.
- To update and maintain records.
The Company may disclose your personal information
- To its third-party service providers engaged by the Company in order to process the data for the above-mentioned purposes.
The disclosure of personal information to a third party set out above may involve the transfer of data to jurisdictions outside the European Economic Area in accordance with the requirements of the GDPR. Such countries may not have the same data protection laws as the EEA. The Company has sought confirmation from such parties that they comply with GDPR. The Company has not verified the compliance referred to above and cannot be held responsible if any party does not comply with GDPR.
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from Andrew Harvey.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
For how long does the Company keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, or such longer period as may be required by its legal and other obligations.
Your rights in connection with your personal information
You have the following rights, in certain circumstances, in relation to your personal information:
- request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected.
- request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected.
- restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy.
- object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground.
- data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data relating to you, carried out by the Company, or its service providers, infringes the General Data Protection Regulation.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
If you have any questions about this privacy notice or how we handle your personal information, please contact Andrew Harvey at firstname.lastname@example.org