Last Updated: [25/9/23]
Beaconrisk, accessible at https://www.beaconrisk.co.uk/, values the privacy and data security of our clients, employees, and partners. This document outlines our commitment to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679, which sets forth the data protection principles and rights of individuals within the European Economic Area (EEA).
1. Data Protection Principles:
We adhere to the principles relating to the processing of personal data as set out in the GDPR, which require personal data to be:
- Processed lawfully, fairly, and transparently.
- Collected only for specified, explicit, and legitimate purposes.
- Adequate, relevant, and limited to what is necessary.
- Accurate and kept up to date.
- Held securely.
- Retained only for as long as necessary.
2. Lawful Basis for Processing:
We ensure that we have a lawful basis for processing personal data, such as consent, contractual necessity, legal obligation, legitimate interests, or any other basis permitted by the GDPR.
3. Data Subject Rights:
We respect and facilitate the exercise of the data subject rights granted by the GDPR, including the right to:
Individuals can request access to their personal data.
Individuals can request correction of inaccurate or incomplete data.
Individuals can request the deletion of their data under certain conditions.
Individuals can request a copy of their data in a structured, commonly used, and machine-readable format.
Objection: Individuals can object to the processing of their data for specific purposes.
Where processing is based on consent, individuals have the right to withdraw consent at any time.
4. Data Security:
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and secure transfer methods.
5. Data Breach Notification:
In the event of a data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected data subjects and the relevant supervisory authority in accordance with GDPR requirements.
6. Data Transfers:
We ensure that any transfer of personal data outside the EEA is done with the appropriate safeguards in place, as required by the GDPR.
7. Training and Awareness:
We provide training and foster awareness among our employees regarding GDPR and data protection best practices to ensure compliance.
8. Updates and Review:
We regularly review and update our data protection policies and procedures to maintain compliance with the GDPR.
9. Contact Information:
For any questions, clarifications, or requests regarding our GDPR compliance, please contact us.