Policies for data handling concerning individuals rights under the GDPR
The right to be informed
Our privacy policy must include information on what personal data is processed and why, along with details of any third parties that information is shared with, in an easy to understand language for the end user.
The following information must be maintained on the privacy policy and be available at the time the data is obtained:
accessible sources
or obligation and possible consequences of failing to provide the personal data
how decisions are made, the significance and the consequences
The right of access
Individuals are able to access a large portion of their stored information via the SyncCloud platform, if they have created an account with a set password. This includes (but is not limited to) historic order data, contact information. Users can access and view this data by logging into their SyncCloud account.
People wanting information that is not available via the website will need to submit information requests via the Contact page on SyncCloud.
General user and related information will be provided by SyncCloud free of charge, however requests for excessive data or repeat requests will be subject to charge in proportion to the administrative costs incurred by SyncCloud. In extreme cases the request may be refused.
Within 28 days of the request, SyncCloud must have either:
Provided the data requested
Requested an administration fee
Communicated a refusal of the data
The right to rectification
For the most part users are able to self-rectify data via the SyncCloud website. When this is not possible, contacting SyncCloud directly will be necessary at which point our systems will be updated by staff.
Requests for data rectification can only be invoked by the individual or registered guardian of the individual which the data pertains to. The identity of this individual must be confirmed either over telephone or by direct email before requests are escalated.
Where possible, systems are in place to automatically update recipients of individual data when said data changes.
The right to erasure
Individuals may request for their data to be erased from SyncCloud’s systems via the Contact page on SyncCloud.
Erasure of details related to order information will be handled on a per-case basis, due to SyncCloud needing to retain and process records related to financial transactions.
Data erasure can be requested by any individual user, but only invoked by the administrator of the system.
Individuals must be advised that transactional data can only be anonymised and it’s at SyncCloud’s discretion to do so, due to our lawful basis for processing data.
Any data erasures need to be authorised by management and then submitted to IT within 14 days of submission to allow ample time for the request to be processed.
The right to restrict processing
Individuals can request for processing restrictions to be put in place for them by contacting SyncCloud.
We endeavour to restrict processing of data wherever possible, however, any information related to financial processing may not be able to be restricted. Not all restrictions will be technically possible.
Any processing restrictions need to be authorised by management and then submitted to IT, within 14 days of submission to allow ample time for the request to be processed.
The right to data portability
Individuals may request an export of all held personal data via the SyncCloud platform. This export is in the format of a spreadsheet split into categories of data. Proof of identification may be required.
The right to object
Individuals have the right to object to the processing of their personal data. To do so would mean opting out of using the SyncCloud platform. To exercise the right to object, individual users should contact SyncCloud via the support page from the platform to discuss making arrangements to be excluded.
Administrators should then notify SyncCloud managers, who can suspend or erase user data on a case by case basis.
The right not to be subject to automated decision-making including profiling
SyncCloud does not use any personal data for automated decision making or profiling.