Data Handling & GDPR
GDPR Statement
Digital Security Statement
Physical Security Statement
Email Phishing

GDPR Statement

As part of our commitment to data handling and the GDPR, we regularly review and update our internal practices, processes and documentation regarding how we handle your data, the rights an individual has, and the actions taken in the event of a data breach.

Data Handling & GDPR PDF

Commitment

UK Postbox is committed to the practices outlined in the GDPR, and follows the guidance around privacy by design, the right to be forgotten, consent, and a risk-based approach. Our aims are to:

  1. Offer complete transparency regarding how we handle and use data.
  2. Only process data in a lawful, fair and transparent way for necessary purposes.
  3. Ensure all data is up to date, accurate and removed when redundant.
  4. Safely and securely handle and process any data.

Staffing

We have assigned a designated Data Protection Officer (DPO) who has received training and holds responsibility for promoting awareness of GDPR throughout UK Postbox. Their role is to demonstrate best practice and support employees throughout the workforce to ensure data is being handled compliantly.

Policy

We have a dedicated privacy policy which is available online and sent to all employees, contractors and suppliers associated with our services. As part of our induction training for new staff, employees are required to digest our policies and attend follow-up sessions following a change in legislation.

Right to be forgotten

We recognise and practice the right to be forgotten, also known as the right to erasure. As outlined in Article 17 of the GDPR, customers have the right to request that their personal data is erased without delay.

Subject access requests 

Individuals have the right to submit a request for their personal data and other related information to be provided within one month of the initial submission. In most cases, there will be no charge for this request, unless it is unfounded, excessive or repetitive. In these cases, we may charge a ‘reasonable fee’ due to the works involved. Individuals can contest this decision with the supervisory authority (the Information Commissioner’s Office (ICO) if they deem a charge to be unfair.

Privacy

We will implement data protection “by design and by default”, as required by the GDPR. Safeguards will be built into products and services from the earliest stage of development and privacy-friendly default settings will be the norm. The privacy notice, which is on our website and which is provided to anyone from whom we collect data, explains our lawful basis for processing the data and gives the data retention periods. It makes clear that individuals have a right to complain to the ICO. We have conducted a privacy impact assessment (PIA) to ensure that privacy risks have been properly considered and addressed.

Privacy Information Notice

Our privacy notice has been made readily available and details who we collect data from, how we process data, and the data retention period. The privacy information notice for website visitors can be accessed here: https://www.ukpostbox.com/legals/privacy-policy.

Data loss

In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will notify these individuals as well as the ICO as soon as possible, within 72 hours of a breach occurring.