GDPR Compliance
Last Updated: [25/9/23]
Introduction:
Beaconrisk, accessible at https://www.beaconrisk.co.uk/, values the privacy and data security of our clients, employees, and partners. This document outlines our commitment to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679, which sets forth the data protection principles and rights of individuals within the European Economic Area (EEA).
1. Data Protection Principles:
We adhere to the principles relating to the processing of personal data as set out in the GDPR, which require personal data to be:
- Processed lawfully, fairly, and transparently.
- Collected only for specified, explicit, and legitimate purposes.
- Adequate, relevant, and limited to what is necessary.
- Accurate and kept up to date.
- Held securely.
- Retained only for as long as necessary.
2. Lawful Basis for Processing:
We ensure that we have a lawful basis for processing personal data, such as consent, contractual necessity, legal obligation, legitimate interests, or any other basis permitted by the GDPR.
3. Data Subject Rights:
We respect and facilitate the exercise of the data subject rights granted by the GDPR, including the right to:
Access:
Individuals can request access to their personal data.
Rectification:
Individuals can request correction of inaccurate or incomplete data.
Erasure:
Individuals can request the deletion of their data under certain conditions.
Restriction:
Portability:
Individuals can request a copy of their data in a structured, commonly used, and machine-readable format.
Objection: Individuals can object to the processing of their data for specific purposes.
Withdraw Consent:
Where processing is based on consent, individuals have the right to withdraw consent at any time.
4. Data Security:
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and secure transfer methods.
5. Data Breach Notification:
In the event of a data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected data subjects and the relevant supervisory authority in accordance with GDPR requirements.
6. Data Transfers:
We ensure that any transfer of personal data outside the EEA is done with the appropriate safeguards in place, as required by the GDPR.
7. Training and Awareness:
We provide training and foster awareness among our employees regarding GDPR and data protection best practices to ensure compliance.
8. Updates and Review:
We regularly review and update our data protection policies and procedures to maintain compliance with the GDPR.
9. Contact Information:
For any questions, clarifications, or requests regarding our GDPR compliance, please contact us.