Under our Privacy Notice and in accordance with GDPR, you have a right to request erasure of your data from our systems, sometimes known as a right to be forgotten. This is not an absolute right and there may be certain circumstances where we need to retain data for legal obligation or have legitimate business reasons for retaining some, or all of the data.
A member of our Compliance team will respond to a request for erasure within 1 week but often sooner. Depending on the amount of data on file, we should complete the process within 2 weeks of receiving the initial request, assuming the correct information is provided to us. It will certainly be completed within 1 month, and a final email will be sent to you confirming this deletion.
A request for erasure can be made verbally or in writing to anyone at Cobalt. However, the most efficient way to start the process is to email firstname.lastname@example.org and provide the following information:
- Your name(s) which you believe we will hold data under
- Your email address(es) you believe we hold for you
- Whether you wish to be – a) Absolutely deleted or b) retained as a “Right to be forgotten” (RTBF) individual
The reason for this last point is that if we absolutely delete or your files, then we would no longer know that you had requested to be forgotten. It is possible therefore that we could contact you in the future as we might find your details again, for instance through our research team, through LinkedIn or through CV job boards.
Alternatively, we can delete all files and records, except for your name, current organisation and job title. We would then mark your details as someone who had requested to be forgotten and know not to contact you in the future should we find your details again.
However you make the request, a member of our Compliance Team in London will be in touch to confirm receipt of the request and clarify any outstanding details. We will then examine our records as to whether there are any legal obligations or legitimate business interests in retaining some or all or your data. If there is, you will be informed by the Data Compliance Manager and we will agree which data can be removed without impacting these other lawful basis for processing.
If there is no reason for retaining your data, then we will follow our deletion protocol. This includes removing information from our CRM, email marketing system, Office365, mobile devices, our website, client portals, banking systems and notifying clients (as applicable).
Once this has been completed, a member of the compliance team will send you a final email confirming that your details have been either absolutely deleted or deleted with a note to be forgotten in accordance with your wishes.
If you have any queries about this process, please contact the Data Compliance Manager, as outlined in the Privacy Notice.