1. Introduction
At Netro42 we recognise the importance of protecting the privacy and confidentiality of our clients' information. This policy outlines our commitment to compliance with the General Data Protection Regulation (GDPR) and our dedication to safeguarding the personal data of our clients.
2. Scope
This policy applies to all employees, contractors, and third parties who have access to client information in any form, whether electronic or physical.
3. Principles of GDPR Compliance
We adhere to the following GDPR principles:
3.1. Lawfulness, Fairness, and Transparency: We process client data lawfully, fairly, and transparently. Clients are informed about the processing of their data through clear and concise privacy notices.
3.2. Purpose Limitation: Client data is collected for specified, explicit, and legitimate purposes. We do not process data for purposes incompatible with the original purpose of collection.
3.3. Data Minimisation: We collect only the minimum amount of data necessary for the intended purpose. Unnecessary data is not collected or retained.
3.4. Accuracy: We take reasonable steps to ensure the accuracy of client data. Clients have the right to rectify inaccuracies in their data.
3.5. Storage Limitation: Client data is retained only for as long as necessary for the specified purpose. Regular reviews are conducted to ensure data is not kept longer than required.
3.6. Integrity and Confidentiality: We implement measures to ensure the security and confidentiality of client data. Unauthorized access, disclosure, or alteration of client data is strictly prohibited.
3.7. Accountability: We demonstrate compliance with GDPR and maintain records of data processing activities. Employees are trained on GDPR compliance, and responsibilities are assigned to ensure accountability.
4. Data Security Measures
To protect client information, we implement the following security measures:
4.1. Access Controls: Access to client data is restricted based on job responsibilities. Strong authentication measures are in place to prevent unauthorized access.
4.2. Encryption: Client data is encrypted during transmission and storage.
4.3. Data Backups: Regular backups are performed to prevent data loss.
4.4. Incident Response: An incident response plan is in place to address and mitigate any data breaches promptly.
5. Data Subject Rights
Clients have the following rights under GDPR, and we respect and facilitate the exercise of these rights:
6. Third-Party Processing
When third parties process client data on our behalf, we ensure that they meet GDPR standards and sign data processing agreements.
7. Training and Awareness
All employees receive training on GDPR compliance, and ongoing awareness programs are conducted to keep staff informed about privacy and security best practices.
8. Review and Update
This policy will be regularly reviewed and updated to ensure its effectiveness and compliance with evolving privacy regulations.
9. Compliance Officer
The Managing Director serves as the Data Protection Officer (DPO) and is responsible for ensuring GDPR compliance. Employees can contact the DPO with any questions or concerns related to data protection.
10. Enforcement
Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contractual relationship.
This policy is effective as of 7 February 2023 and will be reviewed annually.
Netro42 Limited
20-22 Wenlock Road
London
N1 7GU