Introduction

The EU General Data Protection Regulation (“GDPR”) has been in effect since 25 May 2018.

This Regulation aims to standardize data protection laws and processing across the EU, enhancing individuals’ rights to access and control their personal information.

Our Commitment

Hangout Luton is committed to safeguarding all personal information we hold and to providing and protecting such data. We recognize our obligations in updating and expanding our program to meet GDPR requirements. Hangout Luton is dedicated to safeguarding personal information under our control and maintaining a system that meets our obligations under the new regulations. Our practices are summarized below.

How We Prepared for GDPR

Hangout Luton has maintained a consistent level of data protection and security. However, we have introduced new measures for GDPR compliance.

Information Audit — We conducted an audit to ensure previously held information complied with the new regulations.

Policies and Procedures — Our data protection policies and procedures have been revised to meet GDPR requirements and relevant data protection laws, including:

1. Data Protection – Our main policy document has been updated for GDPR compliance, focusing on accountability, governance, privacy, and individuals’ rights.

2. Data Retention and Erasure – We have updated our retention policy to align with the “data minimisation” and “storage limitation” principles and to comply with the “Right to Erasure”.

3. Data Breaches – Our procedures are designed to identify, assess, investigate, and report personal data breaches promptly.

4. International Data Transfers and Third-Party Disclosures – For data transferred outside the EU, we have robust procedures to ensure data integrity, including adherence to adequacy decisions and standard data protection clauses.

5. Subject Access Request (SAR) – Our SAR procedures accommodate a 30-day timeframe for providing requested information free of charge.

6. Privacy Notice/Policy – Our Privacy Notices are revised to ensure GDPR compliance, informing individuals about their rights and our data processing practices.

7. Obtaining Consent – We have updated our consent mechanisms to ensure clarity and compliance.

8. Direct Marketing – Our direct marketing processes now include clear opt-in mechanisms and easy opt-out and unsubscribe options.

9. Data Protection Impact Assessments (DPIA) – We adhere to GDPR’s Article 35 for high-risk data processing, with thorough documentation and risk mitigation strategies.

10. Processor Agreements – For any third-party processing personal information on our behalf, we have compliant agreements and due diligence procedures to ensure GDPR compliance.

Data Subject Rights

We provide accessible information via our website and other channels about individuals’ rights regarding their personal data processed by Hangout Luton. This includes the right to access, correct, erase, restrict processing, object to marketing, be informed about automated decision-making, and the process for lodging complaints.

Information Security and Technical and Organisational Measures

Hangout Luton takes privacy and data security seriously, employing robust policies and procedures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

GDPR Roles and Employees

Hangout Luton has designated a Data Protection Officer (DPO) and a data privacy team responsible for GDPR compliance, awareness, and implementation of new policies and measures. Continuous employee awareness and understanding are crucial for ongoing GDPR compliance.

For questions about our GDPR compliance policies, please contact our Data Protection Officer (DPO).