BAUER MEDIA GROUP:
Privacy and data protection faqS

What are the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018)?

Data protection means treating information about people fairly and using it properly according to the law. The DPA 2018 and the UK GDPR are data protection laws in the UK. These laws include principles, rights and obligations which apply when we process personal data. These FAQs are for anyone whose data we use. We use ‘you’ or ‘your’ in this document.

What is a Privacy Notice?

The UK GDPR and DPA give people rights over their personal data including the ‘right to be informed’. We inform participants of how their data will be used via our privacy notice

Is the Privacy Notice likely to change?

Yes. We review at least annually, so you should ensure that you review on regular basis.

What is a Data Controller?

A Data Controller decides how and why personal data are processed. The Data Controller is responsible for ensuring that this data is processed lawfully.

Who are the Data Controllers?

This is set out in the privacy notice

What is a Data Protection Officer (DPO)?

A Data Protection Officer (DPO) is a position set out in the UK GDPR and DPA 2018. You can contact Bauer’s Data Protection Officer via dataprotectionofficer@bauermedia.co.uk

What is a lawful basis for processing data?

We have to have a valid reason in data protection law for processing data. This is known as a

‘lawful basis’. The lawful basis for processing is set out in our privacy policy

The ICO website provides further information about UK GDPR lawful bases.

What data do you hold about me?

To request this information you are required to submit a subject access request by contacting the DPO at dataprotectionofficer@bauermedia.co.uk.

How long will it take to receive copies of my information if I make a data subject access request?

We normally respond to a request from you to access your personal information within 1 month.

How do I have my data removed?

If you wish to be forgotten , contact the DPO, who will review any request on a case by case basis and respond within 30 days at dataprotectionofficer@bauermedia.co.uk.

To unsubscribe, either click on the unsubscribe link or contact the DPO at dataprotectionofficer@bauermedia.co.uk.

How do you keep my data secure?

We hold your personal data on our secure systems, mainly based with the UK and the European Economic Area (EEA). Our staff are trained in data security, and our staff policies and procedures help our staff to understand what is required of them under their obligations to us, and also their responsibilities under GDPR and other privacy legislation.

Policies, procedures, and training

o All our employees are required to follow Bauer’s Data Protection and Information Security Policies and undertake annual training.

Risk management

o We ensure that any risks to your data are documented, assessed, and managed:

Data Protection Impact Assessments (DPIAs)

o DPIAs ensure that data flows are recorded, individual rights are considered, and plans are put in place to minimise any risks to data.

Data breaches

o Our data breach guidelines ensure that any data breaches are reported to the DPO immediately, in line with the Bauer Data Protection Policy.

What are cookies?

How do I make a complaint?

We can be contacted at: dataprotectionofficer@bauermedia.co.uk

If after contacting us, there are still concerns about how personal data is being processed, you have the right to complain to the ICO – the independent regulator which upholds information rights in the UK. Further information about making complaints to the ICO is available

at:https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.

BAUER MEDIA GROUP:Privacy and data protection faqS