Netro42 GDPR Policy

1. Introduction

At Netro42 we recognise the importance of protecting the privacy and confidentiality of our clients' information. This policy outlines our commitment to compliance with the General Data Protection Regulation (GDPR) and our dedication to safeguarding the personal data of our clients.

2. Scope

This policy applies to all employees, contractors, and third parties who have access to client information in any form, whether electronic or physical.

3. Principles of GDPR Compliance

We adhere to the following GDPR principles:

3.1. Lawfulness, Fairness, and Transparency: We process client data lawfully, fairly, and transparently. Clients are informed about the processing of their data through clear and concise privacy notices.

3.2. Purpose Limitation: Client data is collected for specified, explicit, and legitimate purposes. We do not process data for purposes incompatible with the original purpose of collection.

3.3. Data Minimisation: We collect only the minimum amount of data necessary for the intended purpose. Unnecessary data is not collected or retained.

3.4. Accuracy: We take reasonable steps to ensure the accuracy of client data. Clients have the right to rectify inaccuracies in their data.

3.5. Storage Limitation: Client data is retained only for as long as necessary for the specified purpose. Regular reviews are conducted to ensure data is not kept longer than required.

3.6. Integrity and Confidentiality: We implement measures to ensure the security and confidentiality of client data. Unauthorized access, disclosure, or alteration of client data is strictly prohibited.

3.7. Accountability: We demonstrate compliance with GDPR and maintain records of data processing activities. Employees are trained on GDPR compliance, and responsibilities are assigned to ensure accountability.

4. Data Security Measures

To protect client information, we implement the following security measures:

4.1. Access Controls: Access to client data is restricted based on job responsibilities. Strong authentication measures are in place to prevent unauthorized access.

4.2. Encryption: Client data is encrypted during transmission and storage.

4.3. Data Backups: Regular backups are performed to prevent data loss.

4.4. Incident Response: An incident response plan is in place to address and mitigate any data breaches promptly.

5. Data Subject Rights

Clients have the following rights under GDPR, and we respect and facilitate the exercise of these rights:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making, including profiling

6. Third-Party Processing

When third parties process client data on our behalf, we ensure that they meet GDPR standards and sign data processing agreements.

7. Training and Awareness

All employees receive training on GDPR compliance, and ongoing awareness programs are conducted to keep staff informed about privacy and security best practices.

8. Review and Update

This policy will be regularly reviewed and updated to ensure its effectiveness and compliance with evolving privacy regulations.

9. Compliance Officer

The Managing Director serves as the Data Protection Officer (DPO) and is responsible for ensuring GDPR compliance. Employees can contact the DPO with any questions or concerns related to data protection.

10. Enforcement

Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contractual relationship.

This policy is effective as of 7 February 2023 and will be reviewed annually.

Netro42 Limited
20-22 Wenlock Road
London
N1 7GU

AWS Partner logo
Shopify Partner logo
Nominet Member logo
Google Cloud logo

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it