Data Protection Policy
1. General

1.1 This Policy
The aim of this policy is to set forth the manner in which Audio Alpha LTD will strive to ensure compliance with the General Data Protection Regulation 2016, as well as local legislation applicable to data protection (collectively referred to as “Data Protection Legislation”). The aim of Data Protection Legislation is to protect the rights and freedoms of natural persons (excluding, therefore, companies and similar legal persons) and to ensure that their personal data is not processed without their knowledge and, whenever possible, that it is processed with their consent.

Schedule 1 to this policy explains a number of commonly used terms which are crucial to a proper and full understanding of the scope of Data Protection Legislation. Stakeholders are urged to familiarize themselves with these terms.

1.2 Application of Data Protection Legislation and this policy
Data Protection Legislation applies to the processing of personal data wholly or partly by automated means (e.g. by computer) and to the processing other than by automated means of personal data (e.g. paper records) that form part of a filing system or are intended to form part of a filing system. Personal data which does not fall within these parameters is therefore excluded from the scope of Data Protection Legislation and, therefore, outside the scope of this policy and other policies adopted by Audio Alpha LTD , which are of relevance to Data Protection.

1.3 Review of policy
Audio Alpha LTD is committed to reviewing this policy, as well as other policies related to Data Protection Legislation, at least once every calendar year, with a view to ensuring that they adequately cater for Audio Alpha LTD’s needs. Other events, such as legislative changes or court judgements, may lead to revisions of this policy. It is the responsibility of the Data Protection Officer to initiate reviews as required in accordance with this policy. Policy changes will be subject to acceptance by the directors of Audio Alpha LTD.

1.4 Availability of Policy
This policy, as well as other policies related to Data Protection, are not restricted documents and shall be made available to all persons employed by Audio Alpha LTD. Indeed, employees of Audio Alpha LTD are expected to be familiar with its contents, and the Data Protection Officer is to promote awareness of these policies. They may, at the discretion of the Data Protection Officer, be made available to persons outside of Audio Alpha LTD, such as subcontractors and suppliers.

2. Commitment to policy

2.1
Audio Alpha LTD is committed to compliance with Data Protection Legislation, and the protection of the rights and freedoms of individuals whose information Audio Alpha LTD collects and processes in accordance with Data Protection Legislation. The aim of this document is to outline the manner in which this will be done. Other documents regulate the manner in which compliance with certain specific aspects of Data Protection Legislation will be achieved. A list of all documents connected to or relevant to compliance with Data Protection Legislation is set forth in Schedule 2 attached to this policy. This Schedule may be updated or amended from time to time. It is the responsibility of the Data Protection Officer to ensure that this Schedule is updated as required to reflect policies in force at any particular time.

2.2
This policy, as well as the policies listed in Schedule 2 of this policy, apply to the processing of personal data by Audio Alpha LTD. Personal data includes data held by Audio Alpha LTD on customers, employees, and suppliers.

2.3
For the purpose of facilitating compliance with Data Protection Legislation, Audio Alpha LTD uses GDPR Auto. This software is to serve as the central management tool for the management of personal data within Audio Alpha LTD. Access to GDPR Auto shall be limited to the following persons:

Declan Proud– Data Protection Officer
Giles Smith – Audio Alpha LTD Director
Additional access to GDPR Auto may be granted by the Data Protection Officer and a record of access having been granted shall be retained.

2.4
The Data Protection Officer shall be responsible for reviewing, at least on an annual basis, the register of processing contained within GDPR Auto for the purposes of ensuring that it correctly and comprehensibly maps the processing of personal data undertaken from time to time by Audio Alpha LTD.

2.5
This policy applies to all employees of Audio Alpha LTD. A breach of this policy will be taken seriously, and may constitute grounds for the issuing of a warning or, in certain cases, grounds for dismissal. Employees should be aware that Data Protection Legislation imposes, in certain instances, criminal sanctions for breaches.

2.6
In cases where Audio Alpha LTD entrusts third parties with the processing of personal data, appropriate contractual arrangements must be in place to ensure that (i) the third party adheres to confidentiality obligations; (ii) requires the third party to comply with Data Protection Legislation; and (iii) allows Audio Alpha LTD the right to audit the third party to ensure such compliance. The Data Protection Officer shall be responsible for effectively communicating this requirement to Audio Alpha LTD management as and when required.

3. Responsibility for compliance

3.1
Responsibility for compliance with Data Protection Legislation rests, ultimately, with the directors of Audio Alpha LTD. However, the directors exercise their authority through, and have delegated responsibility to their Data Protection Officer. This notwithstanding, the management of Audio Alpha LTDis expected to play an active role in ensuring compliance with Data Protection Legislation and is expected to be conversant with the essential requirements emerging from it. Management is expected to work hand in hand with the person or persons responsible for compliance with Data Protection Legislation, including The Data Protection Officer.

3.2
The person delegated with primary responsibility for promoting compliance with Data Protection Legislation shall be the Data Protection Officer, who shall respond directly to the Board of Directors.

3.3
The Data Protection Officer shall be responsible, on a day-to-day basis, for the following:

3.3.1 Promoting compliance within Audio Alpha LTD with all policies related to Data Protection Legislation;
3.3.2 Periodic review of the same policies;
3.3.3 Security and risk management in relation to compliance with the policy;
3.3.4 Creation of awareness within Audio Alpha LTD of the requirements of Data Protection Legislation.
3.4
From time to time Audio Alpha LTD shall organise internal or external training courses for employees. Employees are expected to attend such training as and when requested.

4. Fundamental Principles of Data Protection

Data Protection Legislation provides that the processing of personal data is to be carried out in compliance with a number of principles. Audio Alpha LTD is committed to ensuring that it complies fully with these principles. The principles are listed and explained below. Each of the principles is of equal importance; no principle takes priority over the other.

4.1 Principle 1: Personal data must be processed lawfully, fairly and transparently
Lawfulness: This means that Audio Alpha LTD must ensure that a lawful basis for processing exists, for example that the consent of the data subject has been obtained, the processing is required for the purposes of fulfilling contractual obligations, etc. This ensures that data is processed lawfully. GDPR Auto is to be utilised for the purposes of recording the lawful basis of processing.

Fairness: This means that Audio Alpha LTD has to make certain information, as detailed further in this policy, available to its data subjects.

Transparency: This means that the data subject must know why his data is being processed. It also means that Audio Alpha LTD is to provide data subjects with certain information. When dealing with data subjects, Audio Alpha LTD will communicate with data subjects using language that is easy to understand, is clear, and is free of legal jargon. Audio Alpha LTD will strive to use privacy notices that are detailed and specific, and which comply with the principle of transparency. A sample privacy notice for use by Audio Alpha LTD is included in this policy. This notice will require customisation depending on its contextual use, and for this purpose users of the privacy notice are required to liaise with the Data Protection Officer.

Information which must be provided to data subjects includes the following:

the identity and the contact details of Audio Alpha LTD and, if any, of the Audio Alpha LTD representative;
the contact details of the Data Protection Officer, if any;
the purposes of the processing for which the personal data is intended as well as the legal basis for the processing;
the period for which the personal data will be stored;
the existence of the rights to request access, rectification, erasure or to object to the processing, and the conditions for exercising these rights, such as whether the lawfulness of previous processing will be affected;
the categories of personal data concerned;
the recipients or categories of recipients of the personal data, where applicable;
where applicable, that the controller intends to transfer personal data to a recipient in a third country and the level of protection afforded to the data;
any further information necessary to guarantee fair processing.
4.2 Principle 2: Personal data can only be collected for specific, explicit and legitimate purposes
When obtaining personal data, the purpose for which the data is obtained must be specified. Personal data which is obtained for one purpose must not, according to Data Protection Legislation, be used for another purpose that differs from the purpose for which it was originally obtained.

Schedule 3 of this policy sets out the processes to be followed for the purposes of ensuring compliance with this principle.

4.3 Principle 3: Personal data must be adequate, relevant and limited to what is necessary for processing
This means that Audio Alpha LTD should not collect personal data which is not necessary for the purposes for which it is being obtained. Audio Alpha LTD is aware that holding personal data, in effect, constitutes a risk and is therefore fully committed to ensuring compliance with this principle.

Compliance with this principle requires both planning at the conceptual stage of any project entailing the collection of personal data, and ongoing review. It is the responsibility of persons driving projects to ensure that this principle is kept at the forefront of any project which will require the collection of personal data. Liaison with the Data Protection Officer is required in order to ensure that data collected does not exceed what is strictly required. The Data Protection Officer is required to review data collection sources on at least an annual basis to ensure compliance with this principle.

4.4 Principle 4: Personal data must be accurate and kept up to date
This means that personal data held must be subjected to periodic review and updated as necessary. GDPR Auto is to be utilized for the purposes of periodically checking with data subjects that data held is accurate and up to date. Data which is not accurate should – if not updated – be removed and securely destroyed. The Data Protection Officer is responsible for driving compliance with this principle. The Data Protection Officer is to ensure that appropriate procedures are in place to ensure that personal data is accurate and up to date. These procedures may vary depending on the nature of the personal data at issue, and other factors.

Data subjects have a right to request that data held by Audio Alpha LTD about them be rectified to ensure that it is accurate and up to date. These requests must be acted upon within one month in accordance with the policy applicable to Subject Access Requests. The Data Protection Officer is responsible for oversight of this process using, where applicable, the functionality available in GDPR Auto.

The Data Protection Officer is to ensure that in cases where third parties have been given data which is not accurate or is not up to date, then these organisations will be informed of this and, if accurate and up to date information is obtained, will be passed on this information.

4.5 Principle 5: Personal data should be stored in a way that the data subject can be identified only as long as is necessary for processing.
This principle requires Audio Alpha LTD to ensure that personal data is not kept longer than is necessary. When the purpose for which personal data is being processed is exhausted, then personal data is to be pseudoaonymized, anoymised or deleted using the functionality within GDPR Auto.

This principle also requires that data is not to be retained beyond what is strictly necessary. Retention periods for different types of data differ, and are established in a separate retention policy. GDPR Auto is configured to raise alerts on approaching expiry of retention periods for personal data. It is the duty of the Data Protection Officer to then determine – liaising with other members of staff as necessary – whether deletion or anonymization (using GDPR Auto) is required, or whether there exists a circumstance justifying the retention of personal data beyond its retention period (e.g. the existence or threat of litigation, etc). Any such circumstances are to be recorded by the Data Protection Officer.

4.6 Principle 6: Personal data must be processed in a secure manner
This means that the Audio Alpha LTD is obliged to ensure that appropriate technical (e.g. password protection and firewalls) and organisation measures (training of staff and rules on use of personal devices) are in place to ensure that personal data is safe and secure. The Data Protection Officer will carry out a risk assessment taking into account all the circumstances of Audio Alpha LTD’s processing operations. All company staff are required to follow policies in place to ensure compliance with this principle.

4.7 Principle 7: Accountability
This principle requires that Audio Alpha LTD not only complies with the principle above, but is able to demonstrate that it does so. Compliance will be demonstrated through the records generated by GDPR Auto, the policies adopted by Audio Alpha LTD, as well as documents generated as a result of the policies.

5. Rights created by Data Protection Legislation

5.1
Data Protection Legislation grants data subjects certain rights which Audio Alpha LTD is obliged to uphold. These rights are a critical cornerstone of Data Protection Legislation and Audio Alpha LTD is committed to upholding them in full.

5.2
GDPR Auto includes the necessary functionality to assist Audio Alpha LTD in fulfilling its obligations to ensure that data subjects can exercise their rights fully and in full conformity with Data Protection Legislation.

6. Consent as a basis for processing Personal Data

6.1
In many instances, Audio Alpha LTD processes the personal data of data subjects on the basis of their consent. In order for consent to provide a proper legal basis for processing it must meet ALL of the following criteria:

6.1.1 It must be explicit and must be freely given;
6.1.2 It must be specific and informed;
6.1.3 It must constitute an unambiguous confirmation of the data subject’s intentions. This can be either by a statement or by a clear ambiguous action. In other words, non-action or silence does not constitute consent.
6.2
In order for consent to form a proper basis of processing, it is also necessary to ensure that the data subject is fully aware of the intended processing that will happen with his data, and that he has agreed to this. Consent which is obtained as a result of pressure exerted on the data subject, or obtained in circumstances where the data subject will suffer some adverse effect if consent is not granted, is not valid consent.

6.3
Data subjects can withdraw their consent at any time.

6.4
GDPR Auto can be used, where necessary, for the purposes of ensuring that valid consent is obtained and, furthermore, for the purposes of ensuring that this consent is properly recorded. Other documents to obtain consent can also be used, provided these are recorded in GDPR Auto.

6.5
For special categories of data, explicit written consent of data subjects must be obtained unless an alternative legitimate basis for processing exists. Again, GDPR Auto can be used for this purpose. Other documents to obtain consent can also be used, provided these are recorded in GDPR Auto.

7. Data Security and Safety

7.1
All employees of Audio Alpha LTD have an important role to fulfil in order to ensure that personal data is kept safe. In particular, personal data should not be disclosed to third parties without prior consultation with the Data Protection Officer.

7.2
Employees are required to follow such policies which may be in force from time to time regulating data security and safety.

8. Retention and disposal of data

8.1
Audio Alpha LTD has in place policies which regulate the duration for which personal data is to be kept. These are to be implemented strictly, with the assistance of GDPR Auto. In the event of personal data being kept beyond its retention period, this must be justified and reason justifying the extended retention recorded.

8.2
Personal data may only be stored for longer periods if the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of the data subject.

8.3
Personal data, when disposed, must be disposed of securely.

9. International Data transfers

9.1
Data Protection Legislation regulates the transfer of data to countries outside of the European Economic Area.

9.2
The transfer of personal data outside of the European Economic Area is prohibited unless one of the following conditions applies:

9.2.1 An adequacy decision exists: in other words, the European Commission has determined that a country outside the European Economic Area offers an appropriate level of protection. This list is updated from time to time and can be found at the following link http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
9.2.2 A Privacy Shield applies: this may apply in cases of transfer of personal data to an entity in the United States. A transfer may be permitted if the entity is signed up to the Privacy Shield, details of which may be found at the link above.
9.2.3 Binding corporate rules: if Audio Alpha LTD has adopted binding corporate rules for the transfer of data outside the EU;
9.2.4 Model contract clauses: if Audio Alpha LTD has adopted model contract clauses approved by the relevant supervisory authority.
9.3 In the absence of any of the above, a transfer of personal data to a third country can only take place if:
9.3.1 the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data existing due to the absence of an adequacy decision and appropriate safeguards;
9.3.2 the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request;
9.3.3 the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
9.3.4 the transfer is necessary for important reasons of public interest;
9.3.5 the transfer is necessary for the establishment, exercise or defence of legal claims; and/or
9.3.6 the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent.
9.4
Personal Data transfers of the nature set forth in this paragraph are only to happen following consultation with the Data Protection Officer.

Schedule 1 – Definitions

9.6 Article 4 definitions
Personal data – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data subject – any living individual who is the subject of personal data held by an organisation.

Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling – is any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior.

Schedule 3 – Privacy Policy

1. Purpose and Ownership

1.1.
The aim of this Schedule is to establish procedures which will assist Audio Alpha LTD to ensure compliance with the principle that Personal Data can only be collected for specific, explicit and legitimate purposes.

1.2.
The Data Protection Officer is responsible for pro-actively promoting compliance with this procedure. However all employees are obliged to be conversant with it and to apply it in practice. It applies in all circumstances in which Audio Alpha LTD collects personal data.

1.3.
The Data Protection Officer is responsible for ensuring that privacy notices are used as required and in accordance with this policy.

2. Use of GDPR Auto

2.1.
The Data Protection Officer is responsible for ensuring that the legal basis for processing personal data and special categories of personal data is clearly identified and documented using GDPR Auto.

2.2.
Personal data may only be processed if the purpose (or purposes) for processing has been identified and one of the following conditions exists, which must be documented in GDPR Auto:

2.2.1. the data subject has given consent to the processing of his personal data for one or more specific purposes;
2.2.2. the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
2.2.3. the processing is necessary for compliance with a legal obligation to which Audio Alpha LTD is subject;
2.2.4. the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
2.2.5. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Audio Alpha LTD;
2.2.6. the processing is necessary for the purposes of the legitimate interests pursued by Audio Alpha LTD or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2.3.
Special categories of personal data may only be processed if the purpose (or purposes) for processing has been identified and one of the following conditions exists, which must be documented in GDPR Auto:

2.3.1. the data subject has given explicit consent to the processing of personal data for one or more specified purposes;
2.3.2. the processing is necessary for the purposes of carrying out the obligations and exercising specific rights of Audio Alpha LTDor of the data subject in the field of employment and social security and social protection law in so far as it is authorised by law or a collective agreement pursuant to law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
2.3.3. the processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
2.3.4. the processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
2.3.5. the processing relates to personal data which are manifestly made public by the data subject;
2.3.6. the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
2.3.7. the processing is necessary for reasons of substantial public interest, on the basis of law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
2.3.8. the processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of law or pursuant to contract with a health professional and subject conditions and safeguards;
2.3.9. the processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of law
2.3.10. the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

3.1
In cases where personal data has been gathered from a source other than the data subject – and therefore the data subject is not aware of privacy notices – then Audio Alpha LTD is obliged to provide the information contained in the privacy notice within not later than the following time frames:

3.1.1 within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
3.1.2 if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or
3.1.3 if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
3.2
However, if the clause e.1 does not apply if

3.2.1 If the data subject already has the information;
3.2.2 If the provision of the above information proves impossible or would involve an excessive effort;
3.2.3 If obtaining or disclosure of personal data is expressly identified by law; or
3.2.4 If personal data must remain confidential subject to an obligation of professional secrecy regulated by law.
Privacy Notice

WHO WE ARE
Audio Alpha LTD are a company specialising in audio visual installations, consultancy and design. We design and install a wide range of audio visual solutions in homes and commercial areas.

The Data Protection Officer is Declan Proud
WHAT WE DO WITH PERSONAL DATA AND WHY WE DO IT
The personal data we collect and process about you is the following:

Personal Data Set: Name, e-mail address, IP address, country of origin (whether product sales or to track website visits.)
If you have purchased something from us, for example, a single product to be installed at your place of business or home, we will keep financial data of who has sold which product, to which person, at which price, and various accordant invoicing details for the purposes of our accounting and HRMC requirements.
We will also keep your data as you are our customer, for the purposes of warranties, follow up visits, repairs if required, contact details and our own stocktaking and inventory processes.

Source of personal data: Product sales (Your name and address, method of payment, products chosen by you and so on), website cookies, telephone conversations (noting down data on contact details, product interests and so on for the purposes of providing further information to you).
We will use your personal data for the following purposes:
To ensure we provide the best service to you in your dealings with Audio Alpha LTD.

The legal basis on which we process your personal data are the following:
For the performance of the contract between us.
The legitimate interests pursued by us, or third parties, are as follows:
To maintain and perform the services you have requested.
YOUR CONSENT
When you give your consent to this privacy notice, this means that we can process your personal data for the purposes identified in this privacy notice.

You may withdraw consent at any time by writing to the Data Protection Officer c\o the Audio Alpha LTD registered address, listed on our website.

DISCLOSURE OF YOUR PERSONAL DATA
Audio Alpha LTD will disclose your personal data to the following third parties, if and when applicable.
For example, if you purchase a product and it is shipped to you with a nationwide courier, the courier will require your name and address to ship the items to you. Invoicing details are kept by our accountants for our HMRC requirements as any business would.
Another example is if an Audio Alpha LTD installation engineer needs to visit your home to install some new products. Your name and contact details, as well as purchase details, will be disclosed to them so that they can provide the best service to you with the full knoweledge of what the customer requires.
Another example could be an installation of an audio system in a high street retail environment, where the installations engineer may require the names and mobile numbers of contacts, duty staff, site security, front desk staff and so on to complete their task.
We will never disclose your personal details to any third party that is not involved in the contract we have as a provider and to you as a customer. We do not sell your data to any companies for marketing purposes, and never will.
We utilise the following companies to provide our service to you. This list is up to date, however we can and will add new companies and third parties that we deal with that may require your personal details in our service to you.
– Transglobal Express : Shipping brokerage service (For example, if we ship an item to you.) This may involve your name and address being passed to a third party shipping company like DHL, FedEx, UPS, USPS and similar, if a shipping service is ever required.
– Royal Mail – UK postage provider (For example if we post an invoice to you)
– Rowleys Accountants Limited: Invoicing, tax and HMRC records (Required by UK law)
– Any third party supplier where it is prudent, and agreed by yourself, that a product may be shipped directly from a third party supplier to your place of business or your home as part of any audio or visual installation. (For example, an oversized or an unusual bespoke item being shipped by hand from a third party supplier).
HOW LONG WE KEEP YOUR DATA FOR
Audio Alpha LTD will process your data for the duration of your website usage or customer interactions with us for the shortest amount of time possible. Website cookies, for example, last 30 days. Invoice records of purchases and payments, for example, are kept for 6 years.

YOUR RIGHTS
As a data subject you have a number of rights under law. These are the following:

Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain to the appropriate authorities about this.
You can request access your data by writing to the Data Protection Officer, c/o the registered address listed on our website.

COMPLAINTS
In the event that you wish to make a complaint about how your personal data is being processed by us, we recommend that you first lodge your complaint with the Data Protection Officer If you remain unsatisfied, you may pursue your complaint further by lodging a complaint with the following authority:

The Directors of Audio Alpha LTD.