icon-what-and-why

3. Transparency

We tell people what we do with their personal information.

Glossary GDPR

What our promise means to us

We promise to be transparent about the personal information we process.

We understand that Lawfulness, Fairness and Transparency is one of the GDPR Principles which we must comply with.

This means letting individuals know in a clear, honest and open way what personal information we collect, why we collect it, how we use it, who we share it with, what effect such processing will have on them and how long we will keep it. We understand that being clear about the lawful basis we are relying on for each processing operation and giving individuals control over their personal information is key to privacy compliance.

icon-what-and-why

What we all need to do to keep our promise

A. Privacy notices

Our primary method of being transparent about what we do with personal information is using accurate and up to date privacy notices which are brought to the attention of individuals at the time they provide us with personal information for us to process. For example, this may be a privacy notice on our website for our customers; a privacy notice provided to employees as part of our onboarding process; or a privacy notice given to candidates as part of our recruitment process.

We will ensure that our privacy notices are and remain:

true;

concise, transparent, intelligible and easily accessible;

written in clear and plain language;

written to be understood by their target audience (including children, if applicable);

in our house style and aligned with our organisation’s values and principles;

in line with our research regarding effective privacy notices;

compliant with any other rules in our organisation’s industry;

regularly reviewed;

consistent and quickly updated when necessary; and

free of charge.

We will ensure that they include all the necessary information required by law.

We will consider using other methods to ensure transparency and to give individuals choice and control over how their personal information is processed by us. This may include notices embedded within our products or use of privacy dashboards. We will ensure that privacy information is clearly accessible on mobile devices, perhaps by making use of layered privacy notices or video.

We will take particular care in providing privacy information to individuals where:

we are collecting special category data

our intended use of the personal information is likely to be unexpected or objectionable;

our intended use will have a significant effect on the individual; or

we intend to share the personal information in a way that individuals would not expect.

We will always process the personal information of individuals fairly, openly and honestly by, for example, ensuring that such processing is not unduly detrimental, unexpected or misleading to the individuals concerned.

B. Lawful basis

We recognise that we must be clear with individuals about which lawful basis we are relying upon in respect of each processing activity we carry out.

The possible lawful bases for processing are:

consent

legitimate interests

contractual necessity

legal obligation

vital interests; and

public task.

If we intend to use personal information for marketing purposes, we will be particularly careful to ensure that we obtain the correct quality of consent (if required) and we will carefully manage our marketing lists to ensure we never communicate with an individual who does not want to hear from us.

C. Fairness

When we tell people what we do with their personal information we comply with the GDPR principle of transparency. When we adopt the correct lawful basis for processing personal information, we comply with the GDPR principle of lawfulness. We must also always process the personal information fairly. This essentially means processing it in a way that people would expect and not in a way which would cause unreasonable adverse effects. We know that not telling people the truth (or not telling people at all) about how their personal information is being used is unfair. We also know that to comply with the fairness principle, we must carefully consider from where and how we obtained the personal information we process.

Our documents demonstrating compliance with our promise

TEMPLATES - Generic documents for us to customise
If you'd like to see these documents, speak to a Hub Owner or Privacy Champion.
RECORDS - Documents recording our compliance activities
If you'd like to see these documents, speak to a Hub Owner or Privacy Champion.
INFORMATION - Documents containing information to help us comply
No documents made available yet
POLICIES - Documents containing our policies
No documents made available yet