GDPR Policy Statement
Introduction
The General Data Protection Regulations (GDPR) regulates the way in which all personal data is held and processed. This is a statement of the data protection policy adopted by Secure Access Technologies Ltd and applies to all personnel.
In order to operate efficiently Secure Access Technologies Ltd is required to collect and use information about the people with whom we work. This includes current employees, agents, contractor’s suppliers and others with whom we communicate.
We regard the lawful and correct treatment of personal information as integral to our successful operation, and to maintaining the confidence of the people we work with. To this end we fully endorse and adhere to the principles of the Data Protection Act 1998.
Purpose
The purpose of the policy is to ensure that all staff handing personal information at Secure Access Technologies Ltd is fully aware of the requirements of the Regulation and complies with data protection procedures and that data subjects are aware of their rights under the Regulation.
Scope
‘Personal data’ covered by the Regulation is essentially any recorded information which identifies a living individual. Personal data held will include contact information for a variety of customers/suppliers/employees and other personal details.
Policy Statement
The principles of the Act require that personal information must:
• Be processed fairly and lawfully and only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes;
• Be adequate, relevant and not excessive for the purpose
• Be accurate and up-to-date
• Not be kept longer than necessary
• Be processed in accordance with the data subject’s rights
• Be kept secure, maintaining integrity, confidentiality and protected from unauthorised processing, loss or destruction
• Be transferred only to those countries outside the European Economic Area that provide adequate protection for personal information.
To meet the requirements of the principles, Secure Access Technologies will agree to:
• Fully observe conditions regarding the fair collection and use of information.
• Meet its legal obligations to specify the purposes for which information is used.
• Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements.
• Ensure the quality of the information used.
• Hold personal information on Secure Access Technologies’ systems for as long as is necessary for the relevant purpose, or as long as is set out in any relevant contract held with Secure Access Technologies, or the retention attached to the record’s content type
• Ensure that the rights of people about whom information is held can be fully exercised under the Act (these include: the data subject’s right of access to their personal information; the right to prevent processing in certain circumstances; the right to correct, rectify, block or erase information which is regarded as wrong information)
• Take appropriate technical and organisational security measures to safeguard personal information and ensure that personal information is not transferred outside the EEA without suitable safeguards
• Log any security incidence, reviewed in the management review.
• Providing clear information to natural persons about how their personal information can be used and by whom.
• Maintaining records of processing of personal information.
• Maintain our ISO9001 certification.
• Fully commit to continual improvement of the personal information management, recognised through proactive monitoring and measurement of performance and the setting of objectives to assist in achieving this commitment.