Your Consent; Opting Out – Access Request Policy
By using this website or by engaging with us as a client, you consent to the collection and use, in accordance with this policy, of the information you provide to us. We do not use the website as a means of collecting personal information, unless you contact us by the Contact Form(s). Our Facebook Account may receive and disseminate personal information through third party use, general use, and give details such as your, name, location, comments, etc. However, these are subject to the terms, data protections and privacy policies of Facebook.
By being a website user and / or by being our client, you consent to the collection and use, in accordance with this policy, of the information you provide to us. We will remove you and your personally identifiable information from our records or refrain from using your personally identifiable information in connection with certain services on request if you contact us with your request at firstname.lastname@example.org. Please note that this may prevent you from accessing our services and effect the ability for you to receive information.
Access, Erasure, and Correction
Upon request Gregory Archaeology will provide you with information about whether we hold any of your personal information. If you would like to review, delete or update your information, you may contact us using the Contact Form below. We will permit you to correct, amend, or delete information that is demonstrated to be inaccurate. We will respond to your request within a reasonable timeframe. Please note, because of the way we maintain certain services, after you delete or amend your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.
You will need to provide sufficient identifying information, such as your name and email address and possible additional identifying information as a security precaution.
Subject Access Request Policy
You have a right, under the General Data Protection Regulation, to access the personal data we hold on you. To do so, you should make a subject access request, and this policy sets out how you should make a request, and our actions upon receiving the request.
“Personal data” is any information relating to an identifiable person who can be directly or indirectly identified, in particular, by reference to an identifier, including your name.
“Special categories of personal data” includes information relating to:
- ethnic origin
- trade union membership
- biometrics (where used for ID purposes)
- sex life or
- sexual orientation.
Making a Request
Although subject access requests may be made verbally, we would advise that a request may be dealt with more efficiently and effectively if it is made in writing. Requests that are made directly by you should be accompanied by evidence of your identity. If this is not provided, we may contact you to ask that such evidence be forwarded before we comply with the request.
Requests made in relation to your data from a third party should be accompanied by evidence that the third party is able to act on your behalf. If this is not provided, we may contact the third party to ask that such evidence be forwarded before we comply with the request.
Usually, we will comply with your request without delay and at the latest within one month. Where requests are complex or numerous, we may contact you to inform you that an extension of time is required. The maximum extension period is two months.
We will normally comply with your request at no cost. However, if the request is manifestly unfounded or excessive, or if it is repetitive, we may contact you requesting a fee. This fee must be paid in order for us to comply with the request. The fee will be determined at the relevant time and will be set at a level which is reasonable in the circumstances.
In addition, we may also charge a reasonable fee if you request further copies of the same information.
Information you will Receive
When you make a subject access request, you will be informed of:
- whether or not your data is processed and the reasons for the processing of your data;
- the categories of personal data concerning you;
- where your data has been collected from if it was not collected from you;
- anyone who your personal data has been disclosed to or will be disclosed to, including anyone outside of the EEA and the safeguards utilised to ensure data security;
- how long your data is kept for;
- your rights in relation to data rectification, erasure, restriction of and objection to processing;
- your right to complain to the Office of the Data Protection Commissioner if you are of the opinion that your rights have been infringed;
- the reasoning behind any automated decisions taken about you.
Enforcement and Dispute Resolution
Circumstances in which your Request may be Refused
We may refuse to deal with your subject access request if it is manifestly unfounded or excessive, or if it is repetitive. Where it is our decision to refuse your request, we will contact you without undue delay, and at the latest within one month of receipt, to inform you of this and to provide an explanation. You may appeal the decision to:
You will be informed of your right to complain to the Office of the Data Protection Commissioner and to a judicial remedy.
We may also refuse to deal with your request, or part of it, because of the types of information requested. For example, information which is subject to legal privilege or relates to management planning is not required to be disclosed. Where this is the case, we will inform you that your request cannot be complied with and an explanation of the reason will be provided.
If you have an unresolved privacy or data concern that we have not addressed satisfactorily, please contact us. If you remain unsatisfied, European Union data subjects may seek an administrative or judicial remedy or to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Information on how to file such a complaint is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
We subject ourselves in Gregory Archaeology to the Implementation of Privacy to the Highest Practicable Standards and maintain a reasonable duty of care to all those impacted by our activities. We agree to adhere to the EU GDPR in recognition of their importance in ensuring the protection of user information.