top of page

PRIVACY POLICY & GDPR

It is a legal requirement for the company to comply with the Data Protection Acts 2018 and the General Data Protection Regulation (GDPR).

 

It is also company policy to ensure that every employee maintains the confidentiality of any personal data held by the company in whatever form.

 

Data protection principles

 

The company needs to keep certain information about its employees, customers, and suppliers for financial and commercial reasons and to enable us to monitor performance, to ensure legal compliance and for health and safety purposes. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. This means that we must comply with the Data Protection Principles set out in the Data Protection Act, 2018.

 

These principles require that personal data must be:

  • obtained fairly and lawfully and shall not be processed unless certain conditions are met.;

  • obtained for specified and lawful purposes and not further processed in a manner incompatible with that purpose;

  • adequate, relevant and not excessive;

  • accurate and up to date;

  • kept for no longer than necessary;

  • processed in accordance with data subjects’ rights;

  • protected by appropriate security;

  • not transferred to a country outside the European Economic Area without adequate protection.

               

In processing or using any personal information you must ensure that you follow these principles at all times.

 

Data protection coordinator

               

To ensure the implementation of this policy the company has designated the company secretary as the company’s data protection coordinator. All enquiries relating to the holding of personal data should be referred to him in the first instance.

               

Notification of data held

               

You are entitled to know:      

  • what personal information the company holds about you and the purpose for which it is used;

  • how to gain access to it;

  • how it is kept up to date;

  • what the company is doing to comply with its obligations under the 1998 Act.

               

This information is available from David Green.

 

Individual responsibility

               

As an employee you are responsible for:     

  • checking that any information that you provide in connection with your employment is accurate and up to date;

  • notifying the company of any changes to information you have provided, for example changes of address;

  • ensuring that you are familiar with and follow the data protection policy.

               

Any breach of the data protection policy, either deliberate or through negligence, may lead to disciplinary action being taken and could in some cases result in a criminal prosecution.

               

Data security

               

You are responsible for ensuring that:         

  • any personal data that you hold, whether in electronic or paper format, is kept securely;

  • personal information is not disclosed either verbally or in writing, accidentally or otherwise, to any unauthorized third party;

  • items which are marked ‘personal’ or ‘private and confidential’, or which appear to be of a personal nature, are opened by the addressee only.

 

You should not use your office address for matters that are not work related.

 

Privacy Policy (Not covered by GDPR above)

 

Type of personal data we collect:

  • name

  • company

  • position

  • contact details

 

Info derived from:

  • direct meetings and exchange of details

  • business cards

  • tenders and enquiries

  • websites where info is made available

  • social channels where info is made available

  • subscription

 

Why we have and retain data:

  • As above, the company needs to keep certain information about its employees, customers, and suppliers for financial and commercial reasons and to enable us to monitor performance, to ensure legal compliance and for health and safety purposes.

  • marketing and advertising

  • commercial benefit

  • competitive advantage

 

Sharing of data:

  • internally only

  • the sharing of any data by the company is unlawful and therefore prohibited.

 

Time and destruction:

  • we may hold information for up to ten years

  • paper copies will be destroyed by shredding and recycling

  • digital copies will be permanently deleted, along with backups, with the use of secure deletion software, and where necessary, seeking specialist IT advice.

 

Your information rights:

  • Right to be informed: Know how and why your data is being used

  • Right of access: Get a copy of your personal data and other information

  • Right to rectification: Have inaccurate data fixed or completed

  • Right to erasure: Have your personal data deleted

  • Right to restrict processing: Limit the use of your personal data

  • Data portability: Reuse your data for different services

  • Right to object: Object to how your data is processed in certain circumstances

  • Right not to be subject to automated decision making: Object to decisions made solely by automated means

 

Complaints and Concerns

 

If you have any concerns you would like to raise, or to make a complaint, please contact us at the following address and/or contact details:

 

Curo Modular Services Ltd

North East BIC

Wearfield, Enterprise Park East

Sunderland

SR5 2TA

 

Telephone:      0191 516 6036

Email:              info@curomodular.com

© 2023 by Curo Modular Services Ltd. Proudly created with Wix.com

bottom of page