You may be aware that on 25 May 2018, certain legal changes will come into effect concerning data protection and privacy.
Under the General Data Protection Regulation (or GDPR as it is more commonly known), we are required, as are all businesses that hold your personal data, to provide you with certain information in relation to the lawful grounds for our ongoing processing of your personal data.
In order to fulfill that obligation, we have put together a new privacy notice that clearly sets out how we collect and process your personal data, for what purposes we use your data, the legal grounds of processing such data, how we keep your data secure and your rights in relation to such data.
In relation to our direct marketing communications sent by email [text, or fax], you have previously opted in to receive such communications. However, we would like you to confirm that you would still like to receive such communications [and provide us with more details about what you would like to receive so that we can tailor our communications for you. Please tick the relevant boxes below to confirm your consent to receive our following email communications:
We work hard to create content that we hope will be of value to you. Saying that, if you don’t think it’s awesome, you can opt out of our marketing emails at any time by clicking on the unsubscribe link at the bottom of every email.
Your obligations don’t end when you get consent. You should view consent as a dynamic part of your ongoing relationship of trust with individuals, not a one-off compliance box to tick and file away. To reap the benefits of consent, you need to offer ongoing choice and control. It is good practice to provide preference-management tools like privacy dashboards to allow people to easily access and update their consent settings. If you don’t offer a privacy dashboard, you will need to provide other easy ways for people to withdraw consent at any time they choose.
You should keep your consents under review. You will need to refresh them if anything changes – for example, if your processing operations or purposes evolve, the original consent may not be specific or informed enough.
If you rely on parental consent, you will also need to refresh consent as the children grow up and can consent for themselves.
If you are in any doubt about whether the consent is still valid, you should refresh it. You should also consider whether to automatically refresh consent at appropriate intervals. How often it’s appropriate to do so will depend on the particular context, including people’s expectations, whether you are in regular contact, and how disruptive repeated consent requests would be to the individual. If in doubt, we recommend you consider refreshing consent every two years – but you may be able to justify a longer period, or need to refresh more regularly to ensure good levels of trust and engagement. If you are not in regular contact with individuals, you could also consider sending occasional reminders of their right to withdraw consent and how to do so.