The GDPR requires organisations handling personal data to do so according to its six data processing principles, namely that:

  1. a) it is processed fairly, lawfully and transparently
  2. b) it is collected and processed for specific reasons and stored for specific periods of time, and that it is not used for reasons beyond its original purpose
  3. c) only the data necessary for the purpose it is intended is collected, and not more
  4. d) it is accurate and that reasonable steps are taken to ensure it remains accurate
  5. e) it is kept in a form that allows individuals to be identified only as long as is necessary
  6. f) it is kept securely and protected from unlawful access, accidental loss or damage

From these principles, GDPR requires organisations collecting, using and storing personal data to define a lawful basis that the organisation will use to explain its use of personal data. These are, for example, that they have the individual’s consent, or that they need to do so in order to provide a product or service the individual has asked for, or that they are legally obliged to do. Every bit of personal data held by an organisation must be justified according to one of the six lawful bases.

Your privacy rights

The GDPR also defines the rights that individuals have to access and control their data:

  1. The right to be informed

When they are collecting data from you, organisations must properly inform you what data they are collecting, what they are using for, how long they are keeping it and which organisations it is being shared with.

  1. The right of access

You have the right to contact an organisation and ask them to provide the data they hold on you. This includes the data they hold, why they hold it, and what they are doing with it, including which organisations it is shared with.

  1. The right to rectification

You have the right to ensure that information about you is correct, and to ensure that information is corrected if found to be inaccurate.

  1. The right to erasure

Also known as the “right to be forgotten”, this means you have the right to demand that information a company holds about you is deleted, in part or entirely. This is not an absolute right, and in some circumstances this request can be refused.

  1. The right to restrict processing

You have the right to deny consent for an organisation to process your data, even if you have given consent for it to do so in the past. This right also is not absolute and can in some circumstances be refused. But an organisation must be able to show you what it is doing with your data so you can decide to restrict processing if you wish.

  1. The right to data portability

This right gives you the opportunity to take the data an organisation holds on you and extract it for use elsewhere. A good example are the features that Facebook or Google offers that allow you to download the profile information accumulated on the service. This is to promote competition, so that users are not forcibly tied to an uncompetitive service due to the weight of accumulated data.

  1. The right to object

This allows you to demand that organisations stop using your data in ways you object to. For example, sending direct marketing, or making nuisance commercial phone calls.

  1. Rights in relation to automated decision making and profiling

Finally, with the growth in profiling and the use of data to make automated, from targeted advertising or content to credit decisions or job applications, this provides individuals with the right to object to or appeal against automated decisions that affect them. This is particularly the case where decisions have serious legal consequences or similar. All such processing requires the explicit, informed consent of the individual.

Real Soca Deal Privacy Rights Statement

Should you wish to remove your data from the Real Soca Deal database or believe that your details are being held without your consent, please contact where your issue will be dealt with immediately.

At any time, your details can be removed by subscribing here.