This page explains how DASWeb complies with the UK GDPR and the Data Protection Act 2018, the personal data we process, our lawful bases for doing so, and the rights you have over your data.
Data controller
For the personal data described here, DASWeb is the data controller. You can reach our data contact at [email protected].
What we process and why
- Name & email — to create your account, sign you in and contact you about the service. Basis: contract.
- Account password (hashed) — to secure your account. Basis: contract.
- DAS employee ID & password (encrypted) — to sign in to DAS and fetch your duties on your behalf. Basis: contract / your consent.
- Duty data — to show your duties, power your calendar feed and alert you to changes. Basis: contract.
- Technical & log data — to keep the service secure and reliable. Basis: legitimate interests.
Lawful bases
We rely on performance of a contract (providing the service you signed up for), your consent (which you give by adding your DAS credentials, and can withdraw at any time), and our legitimate interests in keeping the service secure and functioning.
Your rights
Under the UK GDPR you have the right to:
- Access — get a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — ask us to delete your data (“the right to be forgotten”).
- Restriction — ask us to limit how we use your data.
- Portability — receive your data in a portable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — at any time, without affecting earlier processing.
How to exercise your rights
You can manage much of this yourself from your account: update your name and email, clear your DAS credentials to stop syncing, or request erasure and delete your account from your profile settings. For anything else, email [email protected] and we’ll respond within one month.
Data retention
We keep your personal data only while your account is active. Clearing your DAS credentials removes them and stops syncing; deleting your account removes your personal data. We store only a rolling window of upcoming duties, not a permanent history.
Security
Your DAS password is encrypted at rest, your account password is hashed, your calendar feed uses an unguessable link, and all traffic is encrypted in transit (HTTPS).
International transfers
Your data is processed within the UK/EEA wherever possible. If any provider processes data outside the UK/EEA, we ensure appropriate safeguards are in place.
Automated decision-making
We do not carry out any automated decision-making or profiling that produces legal or similarly significant effects about you.
Complaints
If you’re unhappy with how we handle your data, please contact us first so we can put it right. You also have the right to complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk.