GDPR Compliance - Northants & Hunts NYMC

Last updated: 6 February 2026

1. Introduction

Northants & Hunts NYMC is committed to compliance with the General Data Protection Regulation (GDPR) and the UK GDPR. This page outlines our approach to data protection and your rights under these regulations.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: When you have given clear consent for us to process your data
Contract: When processing is necessary for a contract with you
Legal Obligation: When we need to comply with a legal obligation
Legitimate Interests: When processing is necessary for our legitimate interests

3. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access

You have the right to obtain confirmation as to whether we process your personal data and access to that data, along with certain information about the processing.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose or you withdraw consent.

Right to Restrict Processing

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

4. Exercising Your Rights

To exercise any of your rights, please contact us through our website or member portal. We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

5. Data Protection Officer

If you have concerns about how we handle your personal data or wish to make a complaint, you can contact our Data Protection Officer through our website. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

6. Data Transfers

We may transfer your personal data outside the UK/EEA. When we do so, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

7. Data Breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

8. Contact Information

For questions about GDPR compliance or to exercise your rights, please contact us through our website or member portal. For more information about your rights, visit the Information Commissioner's Office website.