GDPR Compliance

Last Updated: [25/9/23]

Introduction:

Beaconrisk, accessible at https://www.beaconrisk.co.uk/, values the privacy and data security of our clients, employees, and partners. This document outlines our commitment to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679, which sets forth the data protection principles and rights of individuals within the European Economic Area (EEA).

 

1. Data Protection Principles:

We adhere to the principles relating to the processing of personal data as set out in the GDPR, which require personal data to be:

  • Processed lawfully, fairly, and transparently.
  • Collected only for specified, explicit, and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and kept up to date.
  • Held securely.
  • Retained only for as long as necessary.

2. Lawful Basis for Processing:

We ensure that we have a lawful basis for processing personal data, such as consent, contractual necessity, legal obligation, legitimate interests, or any other basis permitted by the GDPR.

 

3. Data Subject Rights:

We respect and facilitate the exercise of the data subject rights granted by the GDPR, including the right to:

Access:

Individuals can request access to their personal data.

Rectification:

Individuals can request correction of inaccurate or incomplete data.

Erasure:

Individuals can request the deletion of their data under certain conditions.

Restriction:

Portability:

Individuals can request a copy of their data in a structured, commonly used, and machine-readable format.

Objection: Individuals can object to the processing of their data for specific purposes.

Withdraw Consent:

Where processing is based on consent, individuals have the right to withdraw consent at any time.

 

4. Data Security:

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and secure transfer methods.

 

5. Data Breach Notification:

In the event of a data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected data subjects and the relevant supervisory authority in accordance with GDPR requirements.

 

6. Data Transfers:

We ensure that any transfer of personal data outside the EEA is done with the appropriate safeguards in place, as required by the GDPR.

 

7. Training and Awareness:

We provide training and foster awareness among our employees regarding GDPR and data protection best practices to ensure compliance.

 

8. Updates and Review:

We regularly review and update our data protection policies and procedures to maintain compliance with the GDPR.

 

9. Contact Information:

For any questions, clarifications, or requests regarding our GDPR compliance, please contact us.

.