Data Privacy Notice
We are committed to protecting the privacy and security of your personal information. This notice describes how we collect and use your personal data submitted to us online, by email, on paper or face-to-face, in accordance with the General Data Protection Regulation (GDPR) and associated data protection legislation.
The Oxus Technologies Limited is the “data controller” for the information that you provide to us. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR.
DATA PROTECTION OFFICER
The Oxus Technologies Protection Officer can be contacted at firstname.lastname@example.org.
ACCESS TO YOUR DATA
Access to your personal data within the organisation will be provided to those staff who need to view it as part of their work.
WHERE WE STORE OR USE YOUR DATA
We may store the data we collect in hard copy or electronically. The data is stored on secure servers and/or in our premises within the UK. We will not share your data with third parties or transfer your data outside the EAA under any circumstances.
RETAINING YOUR DATA
We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.
Your rights under the General Data Protection Regulation
Under the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018, you have the following rights in relation to the information that we hold about you (your ‘personal data’).
The right to request access to your data (commonly known as a “subject access request”). This enables you to receive a copy of your data and to check that we are lawfully processing it.
The right to request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
The right to request erasure of your data. This enables you to ask us to delete or remove your data in certain circumstances for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
The right to object to the processing of your data, where we are processing it to meet our public tasks or legitimate interests (or the legitimate interests of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
The right to request that the processing of your data is restricted. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your data to another party
Further information on these rights is available from the Information Commissioner’s Office.
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing (for example, where you have asked us to contact you for marketing purposes) you can withdraw your consent at any time by emailing the department that is processing your data.
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact the Oxus’s Information Compliance Team (email@example.com). We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.