Privacy Notice

undefined

Genting Privacy Notice

for prospective employees, workers and contractors

What is the purpose of this document?

Genting Casinos UK Limited (registered in the United Kingdom under company number 01519689 and with the registered office of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA) ("Genting", "we", "our" or "us") is committed to protecting the privacy and security of your personal information.

This privacy notice explains what we do with your personal data, when you apply for a role at Genting / participate in our recruitment process.

It describes how we collect and use your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, together with the “Data Protection Laws”.

Throughout this document we may also refer to the “Genting UK Group” and “Genting Worldwide Group”.

“Genting UK Group” includes:

  • Genting UK Plc, Genting Solihull Limited and Genting Casinos Egypt Limited all incorporated and registered in England and Wales under company numbers 01519749, 06601106 and 02885976 respectively and each with the registered office address of Genting Club Star City, Watson Road, Birmingham, England, B7 5SA.

“Genting Worldwide Group”includes:

  • Genting Berhad (listed in Malaysia under No. 7916-A) and Genting Hong Kong Limited (listed in Hong Kong under stock no. 678), their subsidiary companies, jointly controlled entities and associated companies.

Genting is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under the data protection legislation to notify you of the information contained in this privacy notice.

This notice applies to current and former candidates including prospective employees, workers and contractors at all levels and grades of the business (“you” or “your”). This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notices we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

This notice explains what personal data Genting holds about you, how we share it, how long we keep it and what your legal rights are in relation to it.

Contact Details

The Genting UK Group has a Data Protection Officer, whose contact details are: DPO@GentingUK.com. The Data Protection Officer works across all the Genting UK Group Companies and can answer any questions you might have regarding this privacy notice.

Data protection principles

We will comply with the data protection legislation when processing your personal data. This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

The kind of information we hold about you

Personal data, or personal information, means any information relating to you as a living individual from which you can be identified. It does not include data where the identity has been removed (anonymous data).

There are "Special Categories" of more sensitive personal data which require a higher level of protection (please see below).

The categories of personal information that we may collect, store, and use about you include (but are not limited to):

  • The contact details that you provide to us, including names, titles, addresses, telephone numbers and personal email addresses;
  • Personal details/data such as date of birth, gender, marital status etc;
  • Family details such as next of kin and emergency contact information;
  • National Insurance number;
  • Lifestyle and social circumstances;
  • Your current position, role, contract terms, grade, salary, benefits and entitlements. Working hours, training records and your reason for leaving previous employment;
  • Records linked to your recruitment, including your application paperwork, details of your qualifications/education, past employment, references and referee details, requests for special arrangements, communications regarding our decisions, and relevant committee and panel reports;
  • Details of any relevant criminal convictions or charges that we ask you to declare to us when you apply to work for us;
  • Copies of passports, driving licence and driving history, right to work documents, visas and other immigration data;
  • Pensions membership data, including identification numbers, quotes and projections, terms benefits, current remunerations and contributions;
  • Details of any medical issues and/or disabilities that you have notified to us, including any consideration and decision on reasonable adjustments made as a result;
  • Equality monitoring data;
  • Visual images, personal appearance/photographs, audio and video recording (including CCTV);
  • Gambling Commission personal licence information;
  • Information on your interests and needs regarding future employment, collected directly and inferred, for example from jobs viewed or articles read on our website;
  • Copies of your CV and cover letters;
  • Other information that you choose to tell us;
  • Extra information that your referees choose to tell us about you;
  • Extra information that third party recruitment agents may tell us about you, or that we find from other third-party sources such as job sites or social media platforms;
  • The dates, times and frequency with which you access our services.

We may also collect, store and use the following "Special Categories” of more sensitive personal information:

  • Information about your ethnicity (including nationality) - this information will only be collected during the recruitment process as part of our voluntary equal opportunities monitoring questionnaires, or in instances where it is visible in CCTV or photographs.
  • Information about your health, including any medical conditions or disabilities that you choose to disclose to us during the recruitment process.

Please note that the above categories of personal data are not exhaustive, and we may collect additional date where appropriate.

Further categories of personal data that we hold in relation to you are set out in the following Record of Data Processing Activities:

Record of Data Processing Activities
Personal Data Collected Use of Personal Data Processing condition
Name and other contact information (including title, date of birth, place of birth, address, telephone numbers, email address, gender, nationality, national insurance number, username, marital status, emergency contact details).
  • To carry out our obligations under your prospective employment contract with us.
  • To administer your application for employment.
  • To provide you with information about your prospective employment.
  • To check you are legally entitled to work in the UK.
  • To ascertain your fitness to work.
  • To comply with our legal obligations.
  • Performance of a prospective or actual employment contract.
  • Compliance with a legal obligation.
  • Necessary for the purposes of our legitimate business interests.
Employee records (including CV, training history, employment status, academic and professional qualifications, eligibility to work document, language, gaming licence details, ID documents, marriage certificate)
  • To carry out our obligations under your prospective employment contract with us.
  • To administer your application for employment.
  • To provide you with information about your prospective employment.
  • To check you are legally entitled to work in the UK.
  • To ascertain your fitness to work.
  • Sharing with, or processing by, third parties.
  • To comply with our legal obligations.
  • Performance of a contract.
  • Compliance with a legal obligation.
  • Consent.
  • Necessary for the purposes of our legitimate business interests.
Closed circuit television (CCTV), photographs, or audio recordings of you
  • To carry out our obligations under your prospective employment contract with us.
  • To comply with our legal obligations.
  • Compliance with a legal obligation.
  • Necessary for the purposes of our legitimate business interests.
Criminal Offences Data
  • Compliance with legal and regulatory obligations.
  • Sharing with, or processing by, third parties.
  • Consent
General correspondence
  • To carry out our obligations under your prospective employment contract with us.
  • To administer your application for employment.
  • To provide you with information about your prospective employment.
  • To check you are legally entitled to work in the UK.
  • To ascertain your fitness to work.
  • Sharing with, or processing by, third parties.
  • To comply with our legal obligations.
  • Performance of a contract.
  • Compliance with a legal obligation.
  • Necessary for the purposes of our legitimate business interests.
Health related data
  • To carry out our obligations under your prospective employment contract with us.
  • To administer your application for employment.
  • To provide you with information about your prospective employment.
  • To ascertain your fitness to work.
  • To consider whether you require any reasonable adjustments to be made as part of your role.
  • Consent
Technical / device information (including IP address, cookies, geo-location, browser information and operating system information) (through the use of Cookies and Similar Technologies).
  • To carry out our obligations under your prospective employment contract with us.
  • Sharing with, or processing by, third parties.
  • To comply with legal obligations
  • Performance of a contract.
  • Compliance with a legal obligation.
  • Necessary for the purposes of our legitimate business interests.

Third party data received from candidates and staff:

In order to process your application, we will also need to collect certain details about other people. This includes details of your workplace / academic / other referees for the purposes of supplying a reference and your next of kin / emergency contact details.

If your application is successful, we will as part of our standard recruitment process contact your nominated referees to obtain a reference for you. We will only contact your referees if you are offered a position with us.

If the circumstances arise, we may also contact your next of kin / emergency contact details in the event of an accident or emergency.

How is your personal data collected?

We typically collect personal data directly from candidates through the application and recruitment process as follows:

  1. Personal data that you provide directly:
    Examples include:
    • entering your details on the Genting Careers website (or via one of our job application forms);
    • leaving a hard-copy CV at a Genting Casino, office, recruitment event or job fair;
    • emailing your CV to Genting;
    • entering your information on a social media channel such as Facebook or Twitter.
  2. Personal data that we receive from other sources
    We may also receive personal data about you from other sources. Examples include:
    • if you are making a job application via a recruitment agency;
    • where your referees disclose personal information about you;
    • where we obtain information about you from searching for potential candidates from third party sources, such as LinkedIn and other job sites.
    • if you 'like' our page on Facebook or 'follow' us on Twitter we may receive limited personal information from those sites;
    • we may sometimes collect additional information from third parties including former employers, recruitment agencies, the UK Gambling Commission, credit reference agencies or other background check agencies.
  3. Cookies and Similar Technologies – website / mobile app users:
    • Our websites and mobile applications (including our Genting Careers website) make use of Cookies and Similar Technologies to help us operate our websites and analyse their performance and use. Please see our Cookies Policy for more information – you can find this on our website.

How we will use your personal data

  • to review and administer your application for employment;
  • to administer your prospective employee file and employment contract;
  • to provide you with information relevant to your prospective employment;
  • to monitor and improve our commitment to equal opportunities in the workplace;
  • to verify that you are legally entitled to work in the UK;
  • to ascertain your fitness to work and to assess whether reasonable adjustments are required;
  • at the end of your recruitment process to contact you about future opportunities.

Our lawful bases for these activities are:

  • necessity to perform our (prospective) employment contract with you,
  • to allow us to comply with our legal obligations; and
  • further to our legitimate interests where these do not override your fundamental rights and freedoms.

In limited circumstances, we may also use your personal data where and to the extent necessary to protect your vital interests, or someone else’s vital interests. This will typically be limited to circumstances where we need to provide your personal data in an emergency, such as where you have an accident or become unwell on our premises.

In a small number of cases, such as where other lawful bases do not apply, we may process your personal data on the basis of your consent – this includes where you provide Special Category personal data as part of the recruitment process, such as where you voluntarily tell us about your ethnicity as part of the equal opportunities section of our application form. Where we process your personal data solely on the basis of your consent (and without relying on any other lawful bases) you are free to withdraw your consent at any time.

If you decline to provide personal data

While Genting is committed to respecting your privacy, there are certain circumstances in which if you decline to provide certain information to us, we may not be able to process your application or make / continue an offer of employment.

For example, there is a clear need for personal data to be disclosed to us in the following circumstances:

  • where we request copies of your passport / visa information to establish your right to work in the UK and to comply with immigration requirements. We may also be required by law to retain that data, along with related information (such as your application paperwork, short-lists and selection committee papers) for a certain period of time after collection; and
  • where a Disclosure and Barring Service check is mandated as part of the role you have applied for, e.g. to determine that you are suitable for a gaming role and able to receive a PFL / PML licence from the UK Gambling Commission.

If you decline to provide certain information to us, we may be unable to enter into, or continue, with your employment or engagement.

Some personal data is provided by you on a voluntary basis which means you have a choice as to whether you share it with us. Examples include:

  • equality monitoring data requested by Genting within its employment application forms – this is typically Special Category personal data relating to your ethnicity; and
  • disability and health information (including medical records). In certain circumstances, you may choose to provide this information so that we can consider whether we need to and / or are able to support you with reasonable adjustments during and after the application process.

Lawful basis for processing

We are required under the Data Protection Laws to only process your personal data where we have a lawful basis to do so.

There are a limited number of lawful bases permitted under the Data Protection Laws – these allow us to process personal data only where:

  • it is necessary for the performance of the prospective employment contract between you and Genting: this applies where we need to process your personal data further to your contract of employment / engagement with us, e.g. we will need to use your bank details and share them with our payroll provider in order to pay your salary
  • it is necessary for us to comply with our legal obligations: e.g. we are required to share certain data about you with HMRC or we may be required to disclose data in connection with legal proceedings;
  • it is necessary to protect your vital interests or the vital interests of another person: this will generally only apply in the event of an emergency, e.g. if you become unwell at work and we need to call an ambulance for you, we may pass certain details to the emergency services where necessary to safeguard your welfare;
  • it is necessary for the performance of a task carried out in the public interest;
  • it is necessary for the purposes of our legitimate interests or the legitimate interests of a third party: these must not be overridden by your interests and fundamental rights and freedoms, however.
  • where we have your consent: in limited circumstances, we may also rely on your consent for certain data processing activities if no other lawful bases apply – please see directly below.

Consent

Do we need your consent to process your personal data?

No, generally, we do not need your consent to process your personal data if there is another lawful basis on which we can rely. E.g. in many cases, we already need to process your personal data to comply with our legal obligations, to perform our side of our prospective employment / engagement contract with you or to carry out processing further to our legitimate interests. As such, your consent is not required for us to use your personal data where those other lawful bases can be relied on instead.

In certain circumstances, we may approach you for your explicit consent to allow us to process certain Special Category personal data. If we believe we need to obtain your consent at any time, we will provide you with full details of the information that we would like to use and the reasons for this so that you can carefully consider whether you wish to provide your consent.

Where you have given consent to the processing of your personal data but then wish to draw it later on, please refer to the other sections of this privacy notice for information on how to do this.

Change of purpose of processing

We will only use your personal data for the purposes for which we originally collected it, unless we reasonably consider that we need to use it for another purpose and that purpose remains compatible with the original purpose and the information provided to you at the time of collection.

If we need to use your personal data for an altogether new or unrelated purpose, we will notify you and explain the legal basis which allows us to do this. This is unlikely to arise during the recruitment process.

Special Category Personal Data

The Data Protection Laws also recognise and provide for additional Special Categories of more sensitive personal data which require a higher level of protection than other forms of personal data.

The Special Categories of personal data are those relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

As part of our recruitment process, we may collect, store and use the following Special Categories of personal data about you:

  • information about your race or ethnic origin and nationality (to the extent that your nationality may reveal your race or ethnic origin): this information will generally only be collected at limited times during the recruitment process, for example, in our standard application forms or induction paperwork, or where it forms part of a grievance, complaint or legal claim about or involving you (e.g. a grievance or Employment Tribunal matter).
    We may also process data which incidentally reveals your race or ethnic origin in instances where we may be able to infer the same from names, paperwork, background information or from CCTV images or photographs featuring you. In such circumstances, the Special Category data is not actively influencing the nature of the data processing activity and features only incidentally to the main purposes of processing;
  • information about your health, medical conditions or disabilities with your consent: e.g. where you tell us about a health condition or disability during the recruitment process.

How we use Special Category personal data

The Data Protection Laws generally prohibit the processing of Special Category personal data unless certain conditions are met.

In relation to your interactions with Genting, the most relevant conditions upon which we rely to lawfully process Special Category personal data are:

  • your consent (e.g. where you tell us about a health condition or disability);
  • where we need to process Special Category personal data to carry out our rights and obligations under employment law;
  • where the processing is necessary for reasons of substantial public interest, such as for equal opportunities monitoring;
  • where it is necessary to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards;
  • where it is necessary in relation to legal claims;
  • less commonly, where it is necessary to protect yours or somebody else’s vital interests and you are not capable of giving your consent; or
  • where you have already made the information public.

    Genting maintains Appropriate Policy Document(s) in the form of its Data Protection Policy, Data Retention Policy and Article 30 records as part of its processing of Special Category personal data.

Criminal Convictions and Offences data

The Data Protection Laws state that additional legal safeguards also apply to personal data relating to Criminal Convictions and Offences (including allegations of criminal activity). We may process such data on the same grounds as those identified for Special Category personal data above.

Generally we will only process Criminal Convictions and Offences data in relation to your prospective employment / engagement for the following purposes:

  • we may collect and process details of any relevant Criminal Convictions and Offences that we ask you to declare to us, either within our application materials when you apply to work for us, or if we come across such information during your employment / engagement. Relevant Criminal Convictions and Offences are those that indicate you might pose an unacceptable risk to our business, customers or staff;
  • certain roles require that we conduct a Disclosure and Barring Service check, which will provide us with details of any relevant criminal convictions, offences and / or cautions that you have received. In circumstances where we require a Disclosure and Barring Service check, we do not receive the certificate in which any convictions are included. This certificate is sent directly by the Disclosure and Barring Service to your home address and we will ask you to consent to provide us with a copy to enable us to consider the impact of any convictions returned in relation to the relevant role. Due to the nature of such checks and their significance to certain roles, if you refuse to provide us with this information, we may no longer be able to continue with your employment / engagement; and
  • roles which currently mandate such a check include but are not limited to those which require a PFL or PML Licence from the UK Gambling Commission.

Genting maintains Appropriate Policy Document(s) in the form of its Data Protection Policy, Data Retention Policy and Article 30 records as part of its processing of Criminal Convictions and Offences data.

Data sharing

We do not, and will not, sell your personal data to third parties. We may, however, share your personal data with third parties, including our third-party service providers and other Genting UK Group Companies as part of our day to day commercial operations and data processing activities.

We may also share your personal data with third parties where required by law, where it is necessary to administer your application for employment or the wider recruitment process, or where we have another legitimate interest in doing so which does not override your fundamental rights and freedoms.

"Third parties" for this purpose include our third-party service providers who act as data processors to process your personal data on our behalf and in accordance with our instructions (such as our IT and HR service / infrastructure providers), recruitment agents and other entities within the Genting UK Group of companies. An example of this is PeopleBank HR, who supply us with certain software services to facilitate our online recruitment application process.

Where personal data is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose for which it is being shared and will ensure that suitable contractual obligations are in place with the third party to safeguard your personal data.

Disclosures by law

Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to:

Organisation Why?

Home Office

UK Visas and Immigration

To fulfil Genting’s obligations as an employer and visa sponsor.
Disclosure and Barring Service (DBS) A DBS check may be required for certain roles to assess an applicant's suitability for positions of trust or where regulatory approval is required – e.g. a PML / PFL Licence from the UK Gambling Commission.

Examples of bodies to whom we may voluntarily disclose personal data, in appropriate circumstances, include but are not limited to:

Organisation Why?
Other entities within the Genting UK Group or Genting Worldwide Group We may share very limited personal data with other entities in the Genting Worldwide Group as part of our regular reporting activities on company performance, sustainability, manpower and equality and diversity, in the context of a business reorganisation or restructuring exercise.
Agencies with responsibilities for the prevention and detection of crime, apprehension and prosecution of offenders, or collection of a tax or duty.

Where legally permitted to do so and in line with our data sharing policies and procedures, we may decide to share limited personal data with certain third party agencies for the prevention, detection or investigation of crime, for the location and/or apprehension of offenders, for the protection of the public, and/or to support national interests.

These third parties include but are not limited to:

  • Local or national policing units;
  • NCA / Serious Fraud;
  • HMRC;
  • Department for Work and Pensions;

Prior to sharing personal data with these agencies we will, as far as is legally permissible and possible in the circumstances, ensure that the relevant data sharing is (a) permitted by law; and (b) necessary for the purposes for which it is requested by these agencies. Any personal data shared will be limited to the extent necessary to achieve the permitted purpose.

Third party service providers To facilitate the recruitment process (such as PeopleBank HR) Any transfer will be subject to an appropriate, formal agreement between Genting and the third party service provider.

Third party employers

Academic institutions

Academic institutions To facilitate the requesting or giving of references in instances where such references are requested.

Where information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.

How secure is my information with third party service providers and other Genting Group entities?

All our third-party service providers and other entities in the Genting Group are required to provide and maintain appropriate security measures to protect your personal data. We do not permit our third-party service providers to use your personal data for their own purposes and any processing they undertake must be carried out for specific purposes determined by us and in accordance with our lawful instructions

What about other third parties?

In limited circumstances from time to time, we may also share your personal data with other third parties, for example with a regulator such as the UK Gambling Commission, Health & Safety Executive or Information Commissioner’s Office, or to otherwise comply with our legal obligations (e.g. in relation to insurance claims, ACAS or Employment Tribunal matters). In certain circumstances, we may also share your personal data with limited categories of third parties further to our legitimate interests. Where that is the case, we will first conduct an appropriate assessment to ensure that our legitimate interests do not override your interests, rights and freedoms.

Sharing personal data outside the United Kingdom

The Data Protection Laws provide that personal data may only be transferred outside of the UK in limited circumstances and typically requires that appropriate safeguards are put in place first to ensure the personal data is kept safe.

Wherever we transfer your personal data outside of the UK (for example, to one of our third party service providers or to another entity in the Genting Worldwide Group of companies) we will ensure that appropriate safeguards are in place under the Data Protection Laws or another legal exemption applies to the transfer of your personal data.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we endeavour to limit access to your personal data to those persons (including third party suppliers) who have a business need to access or know about the data. They will only process your personal data on our instructions and are subject to duties of confidentiality.

Where appropriate, we may also apply additional safeguarding measures to personal data where it is shared with third parties such as the use of passwords, encryption techniques and pseudonymising personal data so that it cannot be used to identify you in the absence of further information.

We have also put in place policies and procedures to deal with data security breaches and maintain a Data Security Breach Policy for this purpose, along with a suite of IT Security Policies and Procedures to help safeguard your personal data.

We will also notify you and the Information Commissioner’s Office of any suspected or known personal data breach affecting your personal data where we are legally required to do so under the Data Protection Laws.

Data Retention – how long will we retain your data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For prospective employees, the maximum length of time we will retain your personal data for is 12 months from the conclusion of the recruitment process, unless you enter into an employment contract with us. In these circumstances, you will be provided with a copy of the Genting UK Group ‘Employers, Workers and Contractors Privacy Notice’ and will also have access to our internal Data Retention Policy.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Retention periods may increase as a result of legislative changes, e.g. an increase in limitation periods for legal claims would mean that Genting is required to retain certain categories of personal data for longer. Any such changes will be reflected in updated versions of our Data Retention Policy.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. We may keep anonymised statistical data indefinitely.

Your Data Subject Rights

Subject to any applicable conditions or exemptions, the Data Protection Laws state that you have the right to:

  • request a copy of your personal data (commonly known as a Data Subject Access Request or “DSAR”): this enables you to request and receive a copy of the personal data we hold about you;
  • request correction of the personal data that we hold about you: this enables you to have any incomplete or inaccurate information we hold about you updated or corrected, e.g. if your contact details have changed or if other information we hold about you is incorrect;
  • request erasure of your personal data: this enables you to ask us to delete or remove personal data in where: certain circumstances (also known as the “right to be forgotten”). These circumstances are
    • our retention of your personal data is no longer necessary in relation to the purposes for which it was collected;
    • where we are processing your personal data with your consent (and only with your consent) and you notify us that you wish to withdraw your consent. Please note that in vast majority of cases, we will not be processing your personal data on grounds of consent and where that is the case we will not be obliged to comply with your request;
    • if we are processing your personal data in connection with our legitimate interests or the legitimate interests of a third party and we have not demonstrated overriding legitimate grounds to continue to process your data in the event that you have objected to such processing (see below);
    • if your personal data has been unlawfully processed;
    • if we are required to erase your personal data in compliance with a legal obligation.
  • objection to processing: this right enables you to object to the processing of your personal data where we are relying on our legitimate interests (or the legitimate interests of a third party). In the event that you object to such processing, we are obliged to cease our processing of your personal data unless we can demonstrate competing legitimate grounds for the processing which override your interests, rights or freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims;
  • request the restriction or suspension of the processing of your personal data: this enables you to ask us to restrict or suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for us processing it;
  • object to any automated decision-making about you which produces legal effects or otherwise significantly affects you: the circumstances in which this will apply in the context of your employment / engagement with Genting are generally very limited;
  • request the transfer of your personal data to another party: for example, you can ask us to transfer your personal data to another data controller if you so wish.

      Please be aware that these rights are subject to certain conditions and exceptions in each case as set out in the Data Protection Laws and may not apply automatically or in full in every case.

      If you want to exercise any of the above data subject rights, please contact our Data Protection Officer in writing at DPO@gentinguk.com and they will explain any conditions / restrictions that may apply to your request

      No fee usually required

      You will not usually have to pay a fee to access your personal data under a DSAR (or to exercise any of your other data subject rights under the Data Protection Laws). However, we may charge a reasonable fee if you make a DSAR request which is clearly unfounded, excessive or repetitive in nature. Alternatively, we may refuse to comply with the request in such circumstances.

      What we may need from you if you make a request

      If you choose to exercise your data subject rights (particularly where you make a DSAR), we may need to request further information from you to help us confirm your identity and to ensure you are legally entitled to make the relevant request or, in the case of a DSAR, to receive copies of the personal data you have requested. This is a security measure on our part to ensure that your personal data is not disclosed to persons who do not have any right to receive it.

      Right to withdraw your consent

      In the limited circumstances where we may be relying on your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time.

      To withdraw your consent, please contact the Data Protection Officer via DPO@gentinguk.com and explain that you would like to withdraw your consent for the relevant processing activity. Once we have received your notification, we will no longer process your personal data for the purpose(s) you originally consented to, unless we have another lawful basis for doing so in accordance with the Data Protection Laws and the processing remains compatible with the purposes for which your personal data was originally collected.

      As explained above, in the vast majority of cases, we will not be processing your personal data with your consent and will be relying on another lawful basis instead. In such circumstances, the right to withdraw your consent will not be relevant.

      Information Commissioner’s Office (ICO)

      Further guidance on your data subject rights is available from the Information Commissioner’s Office (https://.ico.org.uk).

      You also have the right to complain to the Information Commissioner’s Office at https://ico.org.uk/concerns/ if you believe that your personal data has been processed unlawfully or that your data subject rights have been infringed. You are encouraged, however, to first report your concerns to the Data Protection Officer on DPO@gentinguk.com before contacting the Information Commissioner’s Office as it is likely we will be able to address your concerns directly in the first instance.

      Changes to this Privacy Notice

      This privacy notice is subject to a minimum annual review by the Data Protection Officer but may be updated more frequently as required following legal updates or changes to our data processing activities.

      If you have any questions about this privacy notice or the processing of your personal data more generally, please contact the Data Protection Officer on DPO@gentinguk.com who will be able to assist you further

      Last reviewed:
      November 2021
      Next review scheduled:
      November 2022

This Website Uses Cookies

By clicking ‘Accept All Cookies’, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and asset in our marketing efforts. See our Cookies Policy.