GDPR – Application of the 8 Principals of Data Protection
- Obtain and Process Information Fairly.
As our products are purchased, each package contains a card which requests the following personal details. Name, Address of the property being tested, email address and contact phone number.
2. Keep It for One or more Specific Lawful purpose
We send out a report by email with your results of the property tested. Name and address are important information to ensure people confirm which property was tested and also their name to ensure correct recipient. This is part of our Governance. All data captured is handwritten by the customer and returned to the laboratory to ensure the samples are correctly recorded.
The phone number is needed in case there is serious contamination.
The INAB laboratory is obliged to hold data for compliance with Audit requirements for certifications of their standards.
3. Use and Disclose it only in Ways compatible with these purposes
Personal Data is shared only with our partner laboratory internally to ensure our governance process are correct. We need to have checks and governance around the generating reports on the results of laboratory tests. The laboratory shares the scientific results, we custom the data into a more consumer-friendly format and provided suggested next steps.
4. Keep It Safe and Secure
Data Protection Officer is Stephen O’Connell. All Data is stored on Google servers and on Hubspot. Both companies are legally required to be GDPR compliant companies. No paper copies are printed or stored locally in Bring It To The Lab Ltd. Data is shared with Customers by email, there are minimal scenarios where a person may require a paper copy e.g. in case email is an issue.
5. Keep It Accurate Complete and Up to Date
We get consent to retain data at the point of returning the samples. We will periodically contact customers who have consented to be contacted and post a reminder to complete another test. e.g. The HSE advice that private wells be tested annually.
6. Ensure that It Is Adequate, Relevant and Not Excessive
Name & Address of property tested – Governance to ensure that the report is accurate and reflects the correct property ( e.g. people may own more than 1)
Email – needed to send a report. Where consent is gathered, then reminder sent out for the annual test.
Phone Number – in the case of serious contamination we would contact the individuals directly.
7. Retain It For No Longer than is necessary for the purposes or purposes.
Where we do not have consent to retain information, then we will send the report and delete the record. * The Laboratory will need to retain data for compliance reasons.
8. Give a copy of his/her personal data to that individual on request.
Contact our Customer Service team via the email or phone. All our details are on the website with a portal to contact us directly. All our packaging contains our contact details. In case of any issue then escalate to our Data Officer – Stephen O’Connell. If dissatisfied with our process, please contact the Office of the Data Protection Commissioner.