Midwest Business Network

Upon request Midwest Business Network (MBN) will provide you with information about whether we hold any of your personal information. If you would like to review, delete or update your information, you may contact us using the Contact Form below. We will permit you to correct, amend, or delete information that is demonstrated to be inaccurate. We will respond to your request within a reasonable timeframe. Please note, because of the way we maintain certain services, after you delete or amend your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.

You will need to provide sufficient identifying information, such as your name and email address and possible additional identifying information as a security precaution.

You have a right, under the General Data Protection Regulation, to access the personal data we hold on you. To do so, you should make a subject access request, and this policy sets out how you should make a request, and our actions upon receiving the request.

“Personal data” is any information relating to an identifiable person who can be directly or indirectly identified, in particular, by reference to an identifier, including your name.

“Special categories of personal data” includes information relating to:

• race
• ethnic origin
• politics
• religion
• trade union membership
• genetics
• biometrics (where used for ID purposes)
• health
• sex life or
• sexual orientation.

MAKING A REQUEST

Although subject access requests may be made verbally, we would advise that a request may be dealt with more efficiently and effectively if it is made in writing. Requests that are made directly by you should be accompanied by evidence of your identity. If this is not provided, we may contact you to ask that such evidence be forwarded before we comply with the request.

Requests made in relation to your data from a third party should be accompanied by evidence that the third party is able to act on your behalf. If this is not provided, we may contact the third party to ask that such evidence be forwarded before we comply with the request.

TIMESCALES

Usually, we will comply with your request without delay and at the latest within one month. Where requests are complex or numerous, we may contact you to inform you that an extension of time is required. The maximum extension period is two months.

FEE

We will normally comply with your request at no cost. However, if the request is manifestly unfounded or excessive, or if it is repetitive, we may contact you requesting a fee. This fee must be paid in order for us to comply with the request. The fee will be determined at the relevant time and will be set at a level which is reasonable in the circumstances.

In addition, we may also charge a reasonable fee if you request further copies of the same information.

INFORMATION YOU WILL RECEIVE

When you make a subject access request, you will be informed of:

• whether or not your data is processed and the reasons for the processing of your data;
• the categories of personal data concerning you;
• where your data has been collected from if it was not collected from you;
• anyone who your personal data has been disclosed to or will be disclosed to, including anyone outside of the EEA and the safeguards utilised to ensure data security;
• how long your data is kept for;
• your rights in relation to data rectification, erasure, restriction of and objection to processing;
• your right to complain to the Office of the Data Protection Commissioner if you are of the opinion that your rights have been infringed;
• the reasoning behind any automated decisions taken about you.

We engage in periodic self-assessment and auditing to ensure compliance with our Privacy Policy. We verify that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and where applicable, in conformity with the GDPR. We encourage interested persons to raise any concerns with us using the Contact Form below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.

CIRCUMSTANCES IN WHICH YOUR REQUEST MAY BE REFUSED

We may refuse to deal with your subject access request if it is manifestly unfounded or excessive, or if it is repetitive. Where it is our decision to refuse your request, we will contact you without undue delay, and at the latest within one month of receipt, to inform you of this and to provide an explanation. You may appeal the decision to:

You will be informed of your right to complain to the Office of the Data Protection Commissioner and to a judicial remedy.

We may also refuse to deal with your request, or part of it, because of the types of information requested. For example, information which is subject to legal privilege or relates to management planning is not required to be disclosed. Where this is the case, we will inform you that your request cannot be complied with and an explanation of the reason will be provided.

If you have an unresolved privacy or data concern that we have not addressed satisfactorily, please contact us. If you remain unsatisfied, European Union data subjects may seek an administrative or judicial remedy or to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Information on how to file such a complaint is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

We subject ourselves in MBN to the Implementation of Privacy to the Highest Practicable Standards and maintain a reasonable duty of care to all those impacted by our activities. We agree to adhere to the EU GDPR in recognition of their importance in ensuring the protection of user information.