Data Protection (GDPR) Policy

This policy sets out how we handle the Personal Data of our customers, suppliers, employees, workers, and other third parties. The below definitions apply to this policy:

 - Data Controller: the person or organisation that determines when, why, and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to our Company and Personal Data used in our business for our own commercial purposes.

- Data Protection Officer (DPO): the person appointed by us with responsibility for data protection compliance.

- Data Subject: a living, identified, or identifiable individual about whom we hold Personal Data.

- General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679).

- Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Sensitive Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be
factual (for example, a name, email address, location, or date of birth) or an opinion about that person’s actions or behaviour.

- Personal Data Breach: any act or omission that compromises the security,
confidentiality, integrity, or availability of Personal Data or the physical, technical, administrative, or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure, or acquisition, of Personal Data is a Personal Data Breach.

- Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording, or holding the data, or carrying out any operation or set of operations on the data, including organising, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

- Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.

 

This policy applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users, or any other Data Subject.

 

This policy applies to all staff. We will read, understand, and comply with this policy when Processing Personal Data on our behalf. This policy sets out what we expect from our operatives. Our compliance with this policy is mandatory. Any breach of this policy may result in disciplinary action.

 

We recognise that the correct and lawful treatment of Personal Data will maintain confidence in the organisation and provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times.

 

This policy will be reviewed annually and revised as often as may be deemed appropriate by ETALON GROUP LTD, and then brought to the attention of all employees. It is accessible to interested parties via the company’s document management system, noticeboards, and reception areas, or is available on request.