Last updated: September 23rd, 2022

As part of our GDPR preparation process, we are reviewing and updating all our internal processes, procedures, data systems and documentation in order to help ensure that we are ready when GDPR comes into force in May 2018.

OUR GDPR PRINCIPLES:

• We will process all personal data fairly and lawfully.
• We will only process personal data for specified and lawful purposes.
• We will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.
• We will not keep personal data for longer than is necessary.
• We will keep all personal data secure.
• We will endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection.
• We aim to introduce and build on our existing security and business continuity systems to help ensure our compliance, including Cyber Essentials Plus, ISO 9001 and ISO 27001.
• We will help our customers understand and prepare for GDPR, as well as help support the development of their compliance plans.

OUR GDPR ACTIONS:

• We are reviewing and updating our range of policies, including our Data Breach Policy, Business Continuity Plans and Subject Access Requests.
• We will provide an updated privacy policy on our website to incorporate our GDPR obligations.
• We will undertake a systematic review of the personal data we store, manage, maintain, collect, process and control
• We will provide training to our team and generally raise the awareness and importance of GDPR to our business.
• We will continually look at ways of improving our systems and procedures to better comply with GDPR best practise.
• We will continue to monitor our GDPR plans up to the target date in May 2018 and beyond.