Hover Drones Privacy Policy and Incident Response Plan

Identity and contact details of the controller and where applicable, the controller’s representative) and the data protection officer

Jamie Clarke – jamie@hover-drones.com

Purpose of the processing and the legal basis for the processing

Hover Drones processes personal data for the purpose of commercial activity with regards to Drone footage and services. The legal basis for such processing will be based on the consent of the individual, or in certain cases where legitimate interests apply. Hover Drones will also process data on the basis of an organisation entering into a services agreement with Hover Drones, and such data is required to be processed under the terms of the agreement.

Legitimate Interests

Where Hover Drones processes data using legitimate interests a legal basis for processing we will have checked that legitimate interests is the most appropriate basis for processing and have conducted an LIA. Our LIA remains under review and will be updated as circumstances change. We will only process data under legitimate interests in ways that would be reasonably expected by the data subject and offer clear and simple ways to opt out.

When processing Data under Legitimate Interests we perform the following assessment:

  • The data is only processed in a way the data subject would reasonably expect and is not excessive or intrusive. We also make sure our communications are accurately targeted to individuals who appear to have a responsibility that could reasonably benefit from our services and have likely used similar services in the past
  • Data processing will have a minimal privacy impact and will only involve the minimum levels of data needed for processing – ie email address, name and company name
  • We have deemed the processing to be necessary to achieve our legitimate interest, to offer drone based services, and have balanced it against the data subjects interests, rights and freedoms.
  • Other methods of achieving the same result have been deemed more intrusive – ie cold calling or unscheduled site visits.

Categories of personal data

Personal data means data which relate to a living individual who can be identified –

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Hover Drones may process data including: email addresses, names, postal addresses, company names or other personally identifiable information that an individual includes on a publicly accessible source.

Any recipient or categories of recipients of the personal data

Hover Drones does not disclose personal data to third parties unless agreed in writing.

Transfers to third country and safeguards

Hover Drones does not transfer data to third countries (outside the EEA). In the unlikely event we are required to do so adequate safeguards would be put in place in line Data Protection Law and principles.

Retention period or criteria used to determine the retention period

Hover Drones will usually retain personal data for a period of two years. However this

period would continue if we remained in contact and the data subject consented to it or legitimate interests still applied. In some instances Personal data will be retained in accordance with the contractual obligations between Hover Drones and the individual.

The rights of Data Subjects

– Data Subjects will have the right to withdraw their consent at any time. The easiest way to do this is to email jamie@hover-drones.com or click on the unsubscribe links included within our emails.

– Data Subjects have the right to launch a complaint to the appropriate supervisory authority

– Data Subjects have the right to submit a Subject Access Request (SAR) at any time to jamie@hover-drones.com. There will be no fee applicable and the data will be supplied within one month of the request.

The source the personal data originates from and whether it came from publicly accessible sources

Data processed by Hover Drones is predominately sourced from the publicly accessible sources such as company websites or other company social media pages

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

Hover Drones does not use automated decision making technology

Data Breach Incident Response

In the event of a Data breach Hover Drones will:

– Our designated DPO will take the lead on investigating the breach along with our hosting provider.

– Engage with our hosting provider to isolate and/or shut down the area compromised.

– If the breach could result in a risk for the rights and freedoms of the data subject(s) Hover Drones will notify the ICO no later than 72 hours after becoming aware of the breach.

– Provide the ICO details regarding the nature of the breach and the categories and approximate number of data subjects and personal data records affected.

– Where there is high risk to the rights and freedoms of the Data Subject Hover Drones will notify the breach to the Data Subjects without undue delay. In the event of Data loss or if otherwise unfeasible to contact the Data Subjects Hover Drones will make a public communication whereby Data Subjects are informed in an effective manner. This

will be done through the most appropriate media platform(s) available. Such notifications will include the name and contact details of our designated DPO.

– Document the mitigating measures taken or proposed to be taken and share these with the ICO and the Data Subjects that have been affected.

Hover Drones LIA May 2018

When processing Data under Legitimate Interests we perform the following assessment:

  • The data is only processed in a way the data subject would reasonably expect and is not excessive or intrusive. We also make sure our communications are accurately targeted to individuals who appear to have a responsibility that could reasonably benefit from our services and have likely used similar services in the past
  • Data processing will have a minimal privacy impact and will only involve the minimum levels of data needed for processing – ie email address, name and company name
  • We have deemed the processing to be necessary to achieve our legitimate interest, to offer drone based services, and have balanced it against the data subjects interests, rights and freedoms.
  • Other methods of achieving the same result have been deemed more intrusive – ie cold calling or unscheduled site visits.
http://hover-drones.com/wp-content/uploads/2018/03/hover-drones-logo.png

SUBSCRIBE NOW