top of page

GDPR Data Protection Policy

UKISS Consultancy LTD GDPR Data Protection Policy V.1

Introduction

As a leading consultancy firm committed to excellence, UKISS Consultancy LTD recognizes the paramount importance of safeguarding personal data and ensuring strict compliance with Data Protection Laws, including the General Data Protection Regulation (GDPR). This policy serves as a comprehensive guide to how UKISS Consultancy LTD implements data protection principles and should be read in conjunction with the Data Protection Procedure and the latest guidance from the Information Commissioner's Office (ICO).

Servers

Definitions

In this policy, the following terms have the following meanings:

Consent:

Freely given, specific, informed, and unambiguous indication of an individual’s wishes.

Data controller:

Individual or organization determining the purposes and means of processing personal data.

Data processor:

Individual or organization processing personal data on behalf of the data controller.

Personal data: 

Information relating to an identifiable individual.

Personal data breach:

Breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.

Processing:

Any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, and more.

Profiling:

Automated processing of personal data to evaluate certain personal aspects.

Pseudonymization:

Information relating to an identifiable individual.

Sensitive personal data: 

Includes racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning health, sex life, sexual orientation, and criminal convictions.

Data Controller and Registration

UKISS Consultancy LTD processes personal data as a data controller under the Data Protection Laws.

 

The company is duly registered, and its registration number is [Registration Number].

Purposes of Processing

UKISS Consultancy LTD may hold personal data for various purposes, including but not limited to consultancy services, staff administration, advertising, marketing, public relations, accounts and records, administration, and processing of clients' and candidates' data.

Data Protection Principles

UKISS Consultancy LTD, acting as a data controller or processor, adheres to the following principles

Processed lawfully, fairly, and transparently.

Collected for specified and legitimate purposes, not further processed incompatibly

Adequate, relevant, and limited to what is necessary for the purposes.

Accurate and kept up to date.

Kept for no longer than necessary.

Processed with appropriate security measures.

Legal Bases for Processing

UKISS Consultancy LTD processes personal data based on legal bases outlined in Annex A. Regular reviews ensure lawful processing, accuracy, and relevance.

Privacy by Design and by Default

UKISS Consultancy LTD integrates privacy measures into its operations, including data minimization, pseudonymization, anonymization, and robust cybersecurity practices

Privacy Notices

Privacy notices are provided to individuals when collecting personal data directly or within a reasonable period for data obtained indirectly

Privacy by Design and by Default

UKISS Consultancy LTD integrates privacy measures into its operations, including data minimization, pseudonymization, anonymization, and robust cybersecurity practices

Subject Access Requests

Individuals have the right to access their personal data, and UKISS Consultancy LTD responds promptly to subject access requests.

Rectification, Erasure, and Restriction of Processing

Individuals can request rectification, erasure, or restriction of their personal data, and UKISS Consultancy LTD complies within legal timeframes.

Data Portability

Individuals have the right to receive their personal data in a machine-readable format, and UKISS Consultancy LTD facilitates data portability where feasible.

Object to Processing

Individuals can object to data processing, including direct marketing. UKISS Consultancy LTD ceases processing unless there are compelling legitimate grounds.

Enforcement of Rights

All requests related to individual rights are directed to the Data Protection Officer (DPO), [Daniel Erasme-Anandie].

Automated Decision Making

UKISS Consultancy LTD avoids automated decision-making producing significant legal effects unless necessary for a contract, authorized by law, or with explicit consent.

Direct Marketing

UKISS Consultancy LTD adheres to rules for direct marketing, ensuring individuals' consent for electronic direct marketing

Provision of Client Information Following an Audit Request

Confidential information is redacted during client audit requests, and relevant documents are securely handled post-audit

Reporting Personal Data Breaches

UKISS Consultancy LTD reports personal data breaches promptly, takes steps for containment and recovery, and notifies the ICO and relevant supervisory authorities when necessary.

Human Rights

UKISS Consultancy LTD respects individuals' human rights under the Human Rights Act 1998 in all dealings with personal data

Complaints

Complaints about data handling are directed to the Data Protection Officer (DPO), [DPO's Contact Information], or individuals can contact the ICO directly

Conclusion

UKISS Consultancy LTD remains steadfast in its commitment to maintaining the highest standards of data protection. The company continuously reviews and updates policies to ensure strict compliance with evolving regulations and best practices.

Conclusion

UKISS Consultancy LTD remains steadfast in its commitment to maintaining the highest standards of data protection. The company continuously reviews and updates policies to ensure strict compliance with evolving regulations and best practices.

Policy Name: GDPR Data Protection Policy
Year: 2024
Version: 1

bottom of page