If you are collecting customer data on the phone or in writing (usually through the internet on an electronic form) what information must you tell them at the time of data collection.
- Your company name, your contact details, and the name of your DPO if you have one.
- What you are going to do with the information and why you need it
- How long you will retain this information
- Who you might share this data with and how (e.g. AI)
- Whether it may go outside the EU
- That they have a right to a copy of their personal data
- That they have the right to complain to the ICO if they are not happy
- That they have the right to withdraw consent at any time
This must all be done in a transparent way using clear language. If a subject access request is made then you must provide the above to the data subject within a month. You must also contact them if there are any changes to the above.