Your rights under the General Data Protection Regulation (GDPR)
Effective since: 25 May 2018
Our auto-save feature, which captures form data as you type, is designed with GDPR compliance in mind:
Our auto-save feature operates under 'legitimate interests' as it prevents data loss and improves user experience.
Auto-saved data is temporary and automatically deleted after 30 days if not submitted.
Users can opt-out by disabling JavaScript or using privacy-focused browser settings.
We clearly inform users about auto-save functionality before they interact with forms.
Auto-saved data is encrypted and stored securely with the same protections as submitted data.
Auto-saved data is included in data access requests and can be deleted upon request.
As a data subject, you have the following rights under GDPR
You have the right to request a copy of all personal data we hold about you.
Submit a Subject Access Request (SAR) to receive your data within 30 days.
You can request correction of any inaccurate or incomplete personal data.
Contact us with details of what needs to be corrected.
Also known as 'right to be forgotten' - request deletion of your personal data.
We will delete your data unless we have legal obligations to retain it.
You can limit how we process your personal data in certain circumstances.
Your data will be stored but not actively processed.
Receive your data in a structured, commonly used, machine-readable format.
We'll provide your data in JSON or CSV format for easy transfer.
Object to processing of your data for direct marketing or legitimate interests.
We will stop processing unless we have compelling legitimate grounds.
We process data legally, fairly, and in a transparent manner. All processing has a legal basis and is clearly communicated.
Data is collected for specified, explicit, and legitimate purposes and not processed in ways incompatible with those purposes.
We only collect and process data that is adequate, relevant, and limited to what is necessary for our services.
We ensure personal data is accurate and kept up to date, with inaccurate data erased or rectified without delay.
Data is kept only for as long as necessary for the purposes for which it was collected.
We ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss.
You have given clear consent for us to process your personal data for specific purposes.
Examples:
• Marketing emails
• Newsletter subscriptions
• Cookie usage for analytics
Processing is necessary for a contract we have with you or to take steps before entering a contract.
Examples:
• Processing orders
• Providing services
• Customer support
Processing is necessary for us to comply with the law.
Examples:
• Tax records
• Financial reporting
• Data breach notifications
Processing is necessary for our legitimate interests or those of a third party.
Examples:
• Fraud prevention
• Network security
• Product improvement
Processing is necessary to protect someone's life.
Examples:
• Emergency situations
• Medical emergencies
Processing is necessary for performing a task in the public interest.
Examples:
• Public health
• Official authority tasks
1 Month
Standard response time for most requests
2 Months
Extended time for complex requests
72 Hours
Data breach notifications
Note: We aim to respond as quickly as possible and often complete requests well before the deadline.
For any GDPR-related queries or to exercise your rights, contact our DPO:
Email: dpo@click2leads.co.uk
Phone: +44 20 1234 5678 (ext. 100)
Address: Data Protection Officer, Click2Leads Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Supervisory Authority:
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO)
www.ico.org.uk