Data Deletion/Right To Be Forgotten “RTBF”

 

Last Updated 7th October 2022


As a business we have an obligation to retain certain information relating to our customers and for a period after any contractual relationship ends. We will complete RTBF requests to their fullest extent within these bounds. 

It is important that we respond to a request in a timely manner. There is a legal duty to respond and action within 30 days of receipt of the request. 

The following steps outline what to do when a RTBF request is received from an individual. We do not delete company related information. 

  1. Verify that the request is from the individual it relates to.
  2. Confirm the request is a RTBF rather than an opt out from marketing (for Opt outs update the individual contact record in the CRM to reflect their preferences).
  3. Review the relationship between the individual and NBS. If they have been party to sales negotiations or contracts, we will need to retain some of their information and relevant communication with them for a period of 7 years after the contract has ended.
  4. If they have been involved in sales negotiations or contracts, use the ‘left company’ function in Salesforce and remove the phone numbers from the individual’s contact record. This will append the words ‘former employee’ to the contact’s name and retains the important related transactions.
  5. If they have not been involved in sales negotiations or contracts, use the ‘flag for deletion’ function – this will put the contact in a queue to be deleted. This includes the activity related to the contact record.   
  6. If the individual has an NBS ID but has not been a prospect/customer in Salesforce, then their NBS ID personal data in Pivotal has to be anonymised. To do this, change the email address, first name, last name and any other fields containing personal data to random letters and numbers. The NBS ID cannot be deleted without affecting the integrity of our records, but once anonymised, NBS’ systems can no longer associate the data with a specific individual. Do not follow this process for customers or previous customers (see point 8 below).
    Note for support. Please follow process below on how to access NBS ID via Pivotal
  7. Email the individual to confirm their request has been actioned using the template wording below.
  8. If the contact has subscribed to and used NBS Chorus, we process the NBS ID data in specifications on the basis of legitimate interests, in order to keep an audit trail of changes to the specifications. There is an overriding legitimate interest to continue the processing of this data in order to maintain the 'Golden Thread' of accountability. Also, the RTBF does not apply if the processing is necessary for the performance of a task carried out in the public interest or for archiving purposes in the public interest. Therefore, NBS ID data of customers or previous customers will not be deleted from specifications or anonymised as a result of a RTBF request.
  9. Inform NBS’ DPO of all RTBF requests via privacy@thenbs.com so a record can be kept.

 

Subject: Response to Erasure Request Dated [enter date]

Dear [enter name],

We write in response to the above-referenced erasure request. Article 17 of the retained EU law version of the General Data Protection Regulation (UK GDPR) grants data subjects the right to request erasure of certain personal data held by NBS Enterprises Limited. We can comply with this request on the following grounds, as stated in the UK GDPR:

  • The data subject withdrew their consent to our processing activities and no other legal justification for processing applies.
  • The data subject objected under Article 21(2) to processing for direct marketing purposes.

 

For more information on your rights, see NBS' privacy notice available at: Privacy Policy | NBS (thenbs.com).

After conducting a diligent search for records relating to your erasure request, we have determined that we have destroyed, erased, or made the personal data anonymous in accordance with our record retention obligations and practices.

Some elements of your data will be retained in line with our terms and conditions, and if required for legal compliance purposes. 

If you have any questions in relation to the above, then please do not hesitate to respond to this e-mail address.

 

If you are unsure of any of the above, then please contact NBS’ DPO via privacy@thenbs.com.

 

Process for accessing NBS ID via Pivotal


If a customer requests us to remove their personal data from our records we can do this by anonymising their NBS ID data in Pivotal. 

To do this select the Quickfind option under User Account


From here enter the users NBS ID an click Find Now  -

 

The below screen should appear -