AFIC are fully compliant with the new General Data Protection Regulation (GDPR) laws. As required by GDPR we have appointed our CEO Esther Gagne as our new Data Protection Officer to oversee the management of personal data. We have also completed a thorough review of our data archive and updated our data protection policy.
All the client data we receive is safely stored, monitored and reviewed to ensure we do not retain outdated or unnecessary information about a customer. Any data we do retain, for example information used for our equal opportunities monitoring, is securely held either in a locked office, or on a password protected drive. Any data, which we feel is not in the customer’s best interests to retain, is either shredded or deleted. Our data archive is reviewed every year.
We wish to make it as easy as possible for our clients to view, alter or delete any of their data. We have created the following guidelines for a request to be made and actioned by our staff.
- You are entitled to be told whether any personal data is being processed, the reasons it is being processed, whether it will be given to any other organisations or people and given details of the source of the data (where this is available). You can contact AFIC via email, phone or in person for this or any other general information you require about GDPR and our procedures.
- However for client security a request to see a copy of personal data or to delete your data must be made in writing via email or letter. If a person cannot make a request in the above manner, due to a disability for example, we are given the discretion to accept a verbal or audio request as a valid request.
- An individual can make a subject access request via a third party. For example a solicitor acting on behalf of a client. In these cases, we will make sure we are satisfied that the third party making the request is entitled to act on behalf of the individual, but it is the third party’s responsibility to provide evidence of this entitlement. This might be a written authority to make the request or it might be a more general power of attorney.
- A request by a child under the age of 13 is not lawful and must be made on their behalf by a parent or guardian. A request by a child over the age of 13 is legal but again we retain the right to ensure the child is aware of their rights and the information they are requesting.
- To avoid personal data about one individual being sent to another, either accidentally or as a result of deception, we will need to be satisfied that we know the identity of the requester. We will ask for enough information to judge whether the person making the request is the individual to whom the personal data relates (or a person authorised to make a request on their behalf). Proof of identity can include a copy of the following documents;
- Driver’s licence
- ID card
- Bank letter displaying name and address
- Before supplying any information in response to a request we will check that we have the requester’s correct postal or email address.
- Information will be supplied to the requester as a photocopy or print-out of the relevant information. If we are simply confirming that a correct or deletion of data has been actioned then an email from the office email account can be used.
- We will respond to a subject access request promptly and in any event within 30 calendar days of receiving it. There will be no charge for a data access request although subsequent requests maybe charged a nominal admin fee.
You are welcome to contact us at the details below. You can speak to any member of staff but it is best for you to speak to AFIC Data Protection Officer Esther Gagne. If she is unavailable we will take a message and ensure she contacts you as soon as possible.
Phone: 020 8237 1170
Please note the law is subject to change, we will do our best to stay up to date and modify our policies but if you are unsure of the correct procedure or have any comments or suggestions please feel free to contact us.
Further information about Data Protection can be found on The Information Commissioner’s Office (ICO) website:
AFIC are registered with the ICO.