Data protection law changed in May 2018 with the introduction of the General Data Protection Regulation (GDPR). This replaces the Data Protection Act.
Under GDPR, Penderels Trust is responsible for the personal data that we collect, process, and store from you as a customer. If you are an employer of PAs, you are also responsible for the personal data of your employees.
Copies of these policies can be found and downloaded at the bottom of this page.
GDPR is the new data protection regulation. It applies to all individuals and organisations that collect, process and hold data on individuals.
The regulation contains 6 key principles:
An organisation must have a 'lawful basis' for handling any data. As an organisation, Penderels Trust needs to process the data of our customers as it is 'necessary to enter in to or perform a contract'. This means we need to collect and process your data in order to provide a direct payment support service to you.
If you are an employer, your legal basis for processing the data of your staff is 'necessary to enter into or perform a contract.'
You have a right to ask to access any information we hold on you. If you want to do this, you should complete a 'Subject Access Request' form. All subject access requests require proof of your identity. Once this is verified, your request will be dealt with within the statutory 40 calendar day period. Please click here to access the form.
If you feel any data we hold on you is incorrect, you have the right to request that we correct it.
If you are an employer, your PA has a right to ask to access any information you hold on them. Unless you have good reason, you should provide your employee with the information they request quickly and without charge.
For more general information on GDPR, please go to the Information Commissioner's Office (ICO) website.