This statement outlines how Prestige Fire Safety Limited shall meet the requirements of the European Union General Data Protection Regulation 679/2016 (GDPR).
Prestige Fire Safety Limited is committed to meeting the legal obligations of the GDPR and ensure that personal information is handled appropriately in line with the applicable requirements of this European Union (EU) Regulation.
Prestige Fire Safety Limited will ensure that through proper planning, organising, implementation and review of arrangements that it is meets its legal obligations regarding data privacy and protection.
Prestige Fire Safety Limited will:
- Only process personal information where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes.
- Process only the minimum personal information required for these purposes.
- Provide clear information to natural persons about how their personal information can be used and by whom.
- Ensure special safeguards when collecting information directly from persons under 18 years old.
- Only process relevant and adequate personal information.
- Process personal information fairly and lawfully.
- Maintain a documented inventory of the categories of personal information processed by the organisation in the form of a Privacy Impact Assessment.
- Keep personal information accurately and, where necessary, up-to-date.
- Retain personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purpose and ensuring timely and appropriate disposal.
- Respect peoples rights in relation to their personal information.
- Ensure that all personal information is kept securely.
- If transferring personal information outside the UK, ensure that it will be adequately protected.
- Where appropriate, have a strategy for dealing with regulators across the EU, where goods and/or services are offered to natural persons who are resident in other EU countries.
- Apply as appropriate, the various exemptions allowable by data protection legislation.
- Where appropriate, internal and external interested parties are identified and the degree to which they are involved in the governance of the organisation’s management of personally identifiable information.
- Define persons in the organisation who have a specific responsibility and accountability for the management of personally identifiable information and data privacy.
- Ensure records of processing of personal information are maintained.
This Policy Statement and supporting information shall be available as documented information and communicated within the organisation. It shall be made available to external interested parties upon request, or as deemed appropriate.
Prestige Fire Safety Limited