Legal & Regulatory Obligations
Hooelake.org recognises the requirements of the current legislation relating to data protection & privacy and electronic communications.
EU Regulation 2016/679 General Data Protection Regulation(“GDPR”)
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018.
Under the GDPR, the data protection principles set out the main responsibilities for organisations.
- Lawfulness, fairness and transparency – Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
- Purpose limitation – Personal Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation – Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy – Personal Data shall be accurate and, where necessary, kept up to date.
- Storage limitation – Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed.
- Integrity and confidentiality – Personal Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Accountability – The Data Controller shall be responsible for, and be able to demonstrate compliance with the GDPR.
Please read the ICO guide to General Data Protection Regulation for more details.
Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003)
The Privacy and Electronic Communications Regulations are derived from European law. They implement European Directive 2002/58/EC, also known as ‘the e-privacy Directive’.
The e-privacy Directive complements the GDPR and sets out more-specific privacy rights on electronic communications. It recognises that widespread public access to digital mobile networks and the internet opens up new possibilities for businesses and users, but also new risks to their privacy.
PECR have been amended four times. The more recent changes were made in 2015, to allow emergency text alerts and to make it easier to take action for breaches of the marketing rules; and in 2016, to require anyone making a marketing call to display their number. This guide covers the latest version of PECR, which came into effect on 16 May 2016.
PECR covers the following areas:
- Marketing by electronic means, including marketing calls, texts, emails and faxes.
- The use of cookies or similar technologies that track information about people accessing a website or other electronic service.
- Security of public electronic communications services.
What Personal Data Do We Collect?
Hooelake.org collects information about your name, email, and address when you subscribe to the website newsletter.
How We Use The Personal Data We Collect?
Personal data is collected to facilitate the sending of the newsletter service only.
How Long Is Personal Data Retained?
Personal Data will be kept until the user unsubscribes from the newsletter service or is deleted by hooelake.org.
How is Your Personal Data Protected?
A range of administrative, electronic and physical security measures are used to protect Customer and End User Personal Data. These measures protect Personal Data against loss, unauthorised access or alteration without permission.
Cloud services used by Hooelake.org for Processing Personal Data either have a Data Processing Agreement that meets the requirements of the GDPR or participate in the EU-U.S Privacy Shield Framework.
Marketing
Hooelake.org will not share your Personal Data with 3rd parties for marketing purposes.
Hooelake.org will send you information about the area, its history, its wildlife and local concerns about environmental issues which may be of interest to you. If you no longer wish to be contacted, please click on the unsubscribe button at the bottom of our emails.
Cookies
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers.
The Hooelake.org website uses session cookies. Session cookies are files that are needed to store information while a customer is browsing the website, such as the pages they visit. These cookies don’t record Personal Data.
Data Subject Rights
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your Personal Data, please email info@hooelake.org
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.