Ecologic Designs Europe Limited
Data and GDPR Policy
Introduction
At Ecologic Designs Europe Limited, we recognise the importance of protecting personal and sensitive information and are committed to ensuring the privacy and security of the data we collect, process and store. This Data and GDPR Policy outlines our approach to data protection and compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.
Scope
This policy applies to all personal data processed by Ecologic Designs Europe Limited, including data collected from customers, employees, suppliers, and other stakeholders.
Principles
1. Lawfulness, Fairness, and Transparency:
We will process personal data lawfully, fairly, and transparently, ensuring individuals are informed about the collection and processing of their data.
2. Purpose Limitation:
Personal data will only be collected for specified, explicit and legitimate purposes, and will not be processed in a manner incompatible with those purposes.
3. Data Minimisation:
We will only collect the minimum amount of personal data necessary for the intended purpose of processing.
4. Accuracy:
We will take reasonable steps to ensure that personal data is accurate and kept up to date.
5. Storage Limitation:
Personal data will be stored for no longer than necessary for the purposes for which it is processed.
6. Integrity and Confidentiality:
We will process personal data in a manner that ensures its security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Data Processing Activities
1. Customer Data:
We collect and process customer data for the purpose of fulfilling orders, providing customer support and maintaining customer accounts.
2. Employee Data:
We collect and process employee data for HR and employment-related purposes.
3. Supplier Data:
We collect and process supplier data for managing relationships and fulfilling contractual agreements.
GDPR Compliance
1. Lawful Basis for Processing:
We identify and document the lawful basis for processing personal data and ensuring compliance with GDPR requirements.
2. Data Subject Rights:
We respect the rights of data subjects, including the right to access, rectify, erase, restrict processing, object, and portability.
3. Data Protection Impact Assessments (DPIA):
We conduct DPIAs where necessary to assess and mitigate the risks associated with certain processing activities.
4. Data Breach Notification:
In the event of a data breach, we will notify the relevant supervisory authority and affected data subjects, as required by GDPR.
Data Security Measures
1. Access Controls:
Access to personal data is restricted based on job responsibilities and access controls are regularly reviewed.
2. Data Encryption:
Where applicable, personal data is encrypted during transmission and storage.
3. Training and Awareness:
Employees are provided with training on data protection policies and practices.
Data Protection Officer
Ecologic Designs Europe Limited has appointed a Data Protection Officer (DPO) to oversee our data protection compliance. The DPO can be reached at [DPO’s Contact Information].
Review and Updates
This Data and GDPR Policy will be reviewed periodically and updated to reflect changes in legislation, technology, and business practices.
Josh Hanvey
Managing Director, Ecologic Designs Europe LTD
4th March