This policy was last updated on 21st August 2019
1. Data Protection Act 1998
We comply with the principles of the Data Protection Act 1998 when dealing with all data received from visitors to the site.
2. Our Services
We only hold the data necessary to offer services provided on our website.
3. Data Storage
For administrative reasons data may be passed to and stored securely with third party service providers located outside the EEA (European Economic Area).
4. Email Updates
We regularly email website news and information updates to those customers who have specifically subscribed to our email service. All subscription emails sent by us contain clear information on how to unsubscribe from our email service.
5. Our Promise
We never sell, rent or exchange mailing lists.
6. Data Shared With Partners
We may however share commercial and technical data with our partners where a customer has accessed and used our website via a site belonging to one of our partners. However, such information will also be subject to our partners’ privacy policies.
7. Email Options
If you subscribe to our email service via a partner site, that partner may wish to send you details via email of other products and services, which may be of interest to you. However when you subscribe directly to our email service you will be asked whether or not you wish to receive such emails.
8. Partner Privacy Policies
In accordance with the Privacy and Electronic Communications (EC Directive) Regulations 2003, we never send bulk unsolicited emails, (popularly known as Spam) to email addresses.
10. Product Updates
We may send emails to existing customers or prospective customers who have enquired or registered with us, regarding products or services directly provided by us.
11. Email Content
All emails sent by us will be clearly marked as originating from us. All such emails will also include clear instructions on how unsubscribe from our email service and any future emails. Such instructions will either include a link to a page to unsubscribe or a valid email address to which you should reply, with “unsubscribe” as the email subject heading.
Our website uses “cookies” to track use of our website. Please see our separate Cookies Policy.
Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
The Information Lab supports the GDPR and will ensure all our services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
We have taken steps to ensure that we will be compliant with the GDPR by May 25, 2018.
Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
What is The Information Lab’s role under GDPR?
We act as both a data processor and a data controller under the GDPR.
The Information Lab as a data processor: When customers share data with The Information Lab, for the purposes of marketing communications, support requests or our day-to-day consulting engagements, we act as a data processor. This means we will, in addition to complying with our customers’ instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
The Information Lab as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
What have we done to comply with GDPR?
We have conducted an extensive analysis of our operations to ensure we comply with the new requirements of the GDPR. With the help of external advisors, we have reviewed our services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR. We can confirm we will be fully compliant with the GDPR by May 25, 2018.
What personal data do we collect and store from our customers?
We store data that customers have given us voluntarily. For example, in our role as data controller, we may collect and store contact information, such as name, email address, phone number, or physical address, when customers sign up for our information services, attend our events or seek support help.
We do not collect or store data used for any other purpose than communication and keeping business records such as in our accounting and support systems.
Do we transfer data internationally?
The GDPR replicates the Data Protection Directive restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria.
Although we are headquartered in the EU, The Information Lab uses services which are based outside of the EU – to provide support and communication services for example. In order to conform to GDPR, we have validated that all the services we use are also compliant under GDPR rules.
How do we handle delete instructions from customers?
GDPR rules provide a ‘right to be forgotten’. We have audited our systems to be sure we understand all the possible locations of client data, and are able to action and evidence delete instructions on request.
14. Contact Us