You have certain rights over your personal data, including:
- Information and access: You may request to access your personal data, be provided with supplemental information, and be provided with a copy of your personal data.
- Rectification: You may request to rectify and/or update your inaccurate or out-of-date personal data.
- Erasure: You may have the right to have your personal data erased.
- Restriction: You may have the right to have your personal data restricted. Restriction means that your personal data is only stored by us, and not further processed. The restriction of processing is typically only temporary and may be lifted once we’ve dealt with your complaint.
- Object to processing: You may have the right to object to specific types of processing. These types are direct marketing, processing for research or statistical purposes and processing based on legitimate interests. The right to object to processing based on legitimate interests may be subject to demonstration by us of grounds which override your right to object.
- Data portability: You may have the right to request data portability. Data portability is the provision of your personal data in a structured, commonly used and machine-readable form so that it may be transferred by you or by us to another company easily.
- Right not to be subject to decisions based solely automated decision making: You may have the right not to be subject to decisions based solely on automated processing (i.e. without human intervention), if those decisions produce legal effects or significantly affect you. Automated processing is processing of your personal data by automated means.
These rights are not absolute: they do not always apply and there may be restrictions or exemptions. For example, your right to access may be denied in the case of recurrent access requests within a short time interval, or where providing such access or correction could compromise the privacy of another person or unreasonably expose sensitive company information.
If you want to review, verify, correct or request erasure of your personal information, restrict or object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please submit your request via the contact details provided above in the section “Who is the data controller?”.
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.