GDPR Data Processing Policy for www.davinaconnect.co.uk
Last Updated: 28/08/2024
This Data Processing Policy outlines the principles and procedures that www.davinaconnect.co.uk (referred to as “we,” “us,” or “our”) adheres to when processing personal data in accordance with the General Data Protection Regulation (GDPR).
1. Scope and Purpose
This policy applies to all processing of personal data conducted by www.davinaconnect.co.uk. The purpose of this policy is to ensure that all data processing activities are carried out in compliance with GDPR and to protect the rights and freedoms of individuals whose data we process.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation or set of operations performed on personal data, including collection, storage, use, disclosure, and deletion.
- Data Subject: The individual whose personal data is being processed.
- Data Controller: The entity that determines the purposes and means of processing personal data.
- Data Processor: The entity that processes personal data on behalf of the Data Controller.
3. Principles for Data Processing
We adhere to the following principles when processing personal data:
- Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
- Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
- Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
4. Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so. The lawful bases for processing include:
- Consent: The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Contractual Necessity: Processing is necessary for the performance of a contract to which the data subject is a party.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
5. Data Subject Rights
Data subjects have the following rights concerning their personal data:
- Right to Access: Data subjects can request access to their personal data.
- Right to Rectification: Data subjects can request the correction of inaccurate or incomplete personal data.
- Right to Erasure: Data subjects can request the deletion of their personal data under certain circumstances.
- Right to Restrict Processing: Data subjects can request the restriction of processing in certain situations.
- Right to Data Portability: Data subjects can request the transfer of their personal data to another organization.
- Right to Object: Data subjects can object to the processing of their personal data under certain conditions.
- Right to Withdraw Consent: Data subjects can withdraw their consent at any time where processing is based on consent.
6. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. These measures include:
- Encryption: Encrypting personal data to protect it during transmission and storage.
- Access Controls: Restricting access to personal data to authorized personnel only.
- Data Anonymization: Anonymizing or pseudonymizing personal data where possible to reduce the risk of identification.
- Regular Audits: Conducting regular audits to assess the effectiveness of our data protection measures.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal data is no longer needed, we securely delete or anonymize it.
8. Data Breach Notification
In the event of a data breach that poses a risk to the rights and freedoms of data subjects, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. We will also notify the affected data subjects without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
9. Third-Party Processors
We may engage third-party processors to process personal data on our behalf. We ensure that any third-party processor we engage adheres to GDPR standards and enters into a Data Processing Agreement with us, which outlines their obligations regarding the protection of personal data.
10. International Data Transfers
If we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect the data, such as standard contractual clauses or other mechanisms approved by the European Commission.
11. Accountability and Governance
We maintain records of our data processing activities and regularly review our data protection practices to ensure compliance with GDPR. We also provide training to our staff on data protection principles and practices.
12. Changes to This Policy
We may update this Data Processing Policy from time to time to reflect changes in our data processing practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we process your personal data.
13. Contact Us
If you have any questions or concerns about this Data Processing Policy or our data processing practices, please contact us at:
Email: info@davinaconnect.co.uk