2. Purpose

The purpose of this policy is to:

Ensure the lawful, fair, and transparent processing of personal data.

Protect the rights of individuals whose data we collect, use, or process.

Outline our responsibilities in safeguarding personal data.

Demonstrate compliance with relevant data protection laws.

3. Scope

This policy applies to all employees, contractors, and stakeholders who process personal data on behalf of Digitalogy Ltd. It covers all personal data collected, stored, processed, or shared, whether electronically or in paper format.

4. Key Principles

Digitalogy Ltd adheres to the following data protection principles:

Lawfulness, Fairness, and Transparency: Process personal data lawfully, fairly, and transparently.

Purpose Limitation: Collect personal data for specified, explicit, and legitimate purposes only.

Data Minimisation: Ensure personal data is adequate, relevant, and limited to what is necessary.

Accuracy: Maintain accurate and up-to-date personal data.

Storage Limitation: Retain personal data only for as long as necessary for the purposes it was collected.

Integrity and Confidentiality: Process personal data securely to protect against unauthorised access, loss, or damage.

Accountability: Be accountable for demonstrating compliance with data protection laws.

5. Responsibilities

Data Protection Officer (DPO): Oversees compliance with data protection laws, provides guidance, and addresses queries or complaints related to data protection.

Employees: Ensure compliance with this policy and report any data protection breaches or concerns.

Third Parties: Any third-party processors must adhere to this policy and data protection laws when handling data on behalf of Digitalogy Ltd.

6. Data Collection and Processing

We will:

Only collect personal data that is necessary for business purposes and ensure transparency with data subjects.

Obtain explicit consent when required, particularly for processing sensitive personal data.

Provide clear privacy notices explaining how personal data is used.

Ensure personal data is processed in accordance with legal grounds such as consent, contract performance, legal obligation, or legitimate interests.

7. Data Security

We implement technical and organisational measures to ensure data security, including:

Encryption and secure storage of data.

Access controls to limit data access to authorised personnel.

Regular security audits and vulnerability assessments.

Secure disposal of personal data when no longer required.

8. Data Subject Rights

We respect the rights of data subjects under applicable laws, including:

Access: The right to access personal data we hold.

Rectification: The right to correct inaccurate or incomplete data.

Erasure: The right to request deletion of personal data.

Restriction: The right to restrict processing under certain conditions.

Data Portability: The right to obtain personal data in a portable format.

Objection: The right to object to processing based on legitimate interests or direct marketing.

Automated Decision-Making: The right to not be subject to decisions based solely on automated processing.

Requests relating to these rights should be directed to the DPO.

9. Data Breaches

In the event of a data breach, we will:

Investigate and contain the breach promptly.

Notify the Information Commissioner’s Office (ICO) within 72 hours if required.

Inform affected individuals where necessary.

Review and improve data protection measures to prevent recurrence.

10. Training and Awareness

We provide training to employees to ensure awareness of data protection responsibilities and best practices. Regular updates are provided to reflect changes in laws and organisational procedures.

11. Monitoring and Review

This policy will be reviewed annually or as required to reflect changes in data protection laws, business practices, or regulatory guidance. We will monitor compliance and address any deficiencies promptly.

12. Contact Information

For questions, concerns, or requests related to this policy, please contact our Data Protection Officer: George Iancu, Head of Digital