Notary Public Kent Ann Rachel Astbury

Data Privacy Notice

This privacy notice is to tell you why and how I process and store your personal data during my work as a notary public. I am a Data Controller for the purposes of the Data Protection Principles, and I am registered with the Information Commissioner’s Office under registration number ZB723630.

As a notary, I need to collect information from you and the extent to which I do this and the use I make of your information and how I store it is protected by law. You have certain rights as set out below.

I only collect personal data because it is necessary for the work I do as a notary public, and because you have asked me to carry out that work. If you do not provide me with your data, I cannot carry out the function you have asked me to provide. The steps I take and services I provide are set out in my terms of business which I have provided to you.

I will only collect, process and store your personal data lawfully, and with a valid basis. In the context of my notarial work, this is generally on the basis that:

  • processing is necessary in order to carry out the work you have asked me to do, for instance, identifying you, and verifying the statements and the data you give to me, or the information you give me about third parties, or which I obtain in order to carry out my function as a notary;
  • processing is necessary for the legitimate interests pursued by a client or by me, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This ground may apply to the processing of the personal data of any third party data subjects whose personal data are provided by the client. My legitimate interests might be to keep a record of the notarial work I have done in order to prove in the years to come the authenticity of a document I have notarised.
  • a legal obligation to which the Business is subject and where compliance with such obligation necessitates the processing of personal data by me;
  • the data subject consents, where such consent is procured from the client; and
  • other legal grounds such as protecting the vital interests of the data subject or processing of personal data in the public interest.

In addition, you need to be aware of:

  • the recipients or categories of recipients of the personal data, if any;
  • where applicable, the fact that the Business intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the relevant authority, or reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available;
  • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • the existence of Automated Decisions, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

GDPR prescribes eight data protection principles, summarised as follows:

  • Personal data must be processed fairly and lawfully.
  • Information must only be used for the purpose for which it was originally collected unless express agreement has been received from the subject that it can be used for other purposes.
  • Excessive or irrelevant data must not be stored or processed.
  • The information must be accurate and, where necessary, kept up to date.
  • Data must only be kept as long as necessary.
  • Personal data must be processed in line with the rights of the data subject.
  • Data must be kept secure at all times.
  • Data must not be transferred outside the European Economic Area (EEA) without the data subject’s permission unless that country has an adequate level of protection for the rights and freedoms of the individual in relation to the processing of personal data.

Sharing Data

  • I will only share your data for the purposes of carrying out your instructions to me.
  • I require third party service providers to take appropriate security measures to protect your personal data. They are only permitted to use it for specific purposes connected with my instructions and not for their own purposes.

Security of Data

  • I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
  • I limit access to your personal data to those agents and third parties who need it to assist in the carrying out of my instructions. They will only process your personal information on my instructions and they are subject to a duty of confidentiality.
  • I will follow the Information Commissioners guidance if I have to deal with any suspected data security breach and I will notify you and any applicable regulator of a suspected breach where I am legally required to do so.

Your Rights

You have the following rights;

Request Access

This is commonly known as a “data subject access request”. It allows you to obtain a copy of personal data I am holding about you.

Request Rectification

You can require inaccurate personal data to be corrected and any incomplete personal data to be completed.

Request Erasure

You can require me to delete and remove personal data

  • which are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
  • where the processing is unlawful; or
  • where you are exercising your right to object (see below).

Request Restriction

You can require me to stop processing for a period

  • while I verify the accuracy of personal data which you contest, or
  • where the processing is unlawful, or
  • where I no longer need the personal data for the purposes of carrying out my instructions that you required the data for the establishment, exercise or defence of legal claims.

Data Portability

You have the right to receive personal data you have given me in a structured, commonly used and machine readable format. You also have the right to request that I transmit this data to another organisation.

Your right to data portability only applies when:

  • I am using your data with your consent or in order to keep my part of my contract with you;
  • I am processing your data by automated means (ie excluding paper files); and
  • it is your personal data that you have provided to me.

Right to Object

You have a right to object to the storage and use of your personal data in two circumstances:

  • If I base the reason for holding your personal data on the ground that it is necessary for my legitimate interest or those of a third party, and there is something relating to your particular situation, which makes you want to object; or
  • If I am using your personal data for direct marketing purposes.

Right to Complain

You have a right to complain to the Information Commissioners Office, the UK supervisory authority for data protection issues (www.ico.org.uk)

Contact

If you want to review, verify, correct or request erasure of your personal information, or object to the processing of your personal data, please contact me (as Data Protection Manager), at
admin@notarypublic-kent.co.uk

Contact
Privacy
LinkedIn