General Data Protection Regulation (GDPR)
This policy pertains to this website by Envira Ltd, a company headquartered in West Bromwich, UK. This includes www.envira.co.uk additional Envira websites, and digital assets produced and or managed websites (together, the “Site”).
Envira Ltd is responsible for the processing of personal data and is a data controller for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation (‘GDPR’)).
General Data Protection (GDPR)
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. It becomes enforceable on 25 May 2018.
According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life.
A lawful basis for data processing
Data will not be processed unless there is at least one lawful basis to do so. Mainly this will be when the data subject has given consent to the processing of personal data for one or more specific purposes.
Consent will be assumed if the data subject has made their personal details available through a recognised business community and has volunteered to join one of Envira Ltd networking groups. For example they may have agreed to join Envira Ltd LinkedIn Network, have ‘friended’ on Facebook or other Social Media platforms or has provided a business card at a face to face meeting. In these circumstances the data subject is taken to represent their company and has joined Envira Ltd network in order to receive information from Envira Ltd. In addition it will be assumed that the details given are the data subject’s business contact details
Envira Ltd offers a services that provide, management of recycling and recycling services pavement as well as other commercial services. Activities for which consent has been assumed includes but is not limited to:
• Receiving community based notifications such as up-dates and newsletters relevant to our services
• Email marketing
• Order processing
• Support queries
Processing may also be necessary under certain other conditions such as but not limited to:
• for the performance of a contract
• for compliance with a legal obligation
• to protect the vital interests of the data subject or of another natural person
Records of Processing Activities
Records of processing activities will be maintained that include purposes of the processing, categories involved and envisaged time limits.
Data protection by design and by default (Article 25) requires data protection to be designed into the development of business processes for products and services. Privacy settings will therefore be set at a high level by default, and technical and procedural measures will be taken by the controller to make sure that the processing, throughout the whole processing lifecycle, complies with the regulation.
GDPR makes special provision for special categories of personal data (Article 9). Envira Ltd does not process any of these categories.
The web hosts and social media providers that we use also all conform to GDPR standards.
In all circumstances where we collect personal data from you, we will only collect the minimum amount of data required for us to perform the defined processing purpose/s.
Right of access
Citizens have the right to access their personal data and information about how this personal data is being processed. These include information on the data subject, details about the processing of data, such as the purposes of the processing, with whom the data is shared, and how Envira Ltd acquired the data.
Right to erasure
Article 17 provides that the data subject has the right to request erasure of personal data related to them on any one of a number of grounds.