ML Services (Sussex) Ltd
GDPR Policy
1. Introduction
1.1 Purpose
This GDPR policy outlines ML Services (Sussex) Ltd commitment to protecting the privacy and rights of individuals whose personal data we process in compliance with the General Data Protection Regulation (GDPR).
1.2 Scope
This policy applies to all employees, contractors, and third parties who process personal data on behalf .
2. Data Protection Officer (DPO)
ML Services (Sussex) Ltd has appointed a Data Protection Officer (DPO)
3. Data Collection and Processing
3.1 Lawfulness, Fairness, and Transparency
We will ensure that personal data is processed lawfully, fairly, and transparently. We will inform individuals about the processing of their data, the purposes, and the legal basis for the processing.
3.2 Purpose Limitation
Personal data will be collected for specified, explicit, and legitimate purposes. We will not process data in a way that is incompatible with these purposes.
3.3 Data Minimization
We will only collect and process the data that is necessary for the purposes for which it is being processed.
3.4 Accuracy
We will take reasonable steps to ensure that personal data is accurate and kept up to date.
4. Data Subject Rights
Individuals have the following rights regarding their personal data:
4.1 Right to Access
Individuals have the right to access their personal data and obtain information about how it is being processed.
4.2 Right to Rectification
Individuals have the right to have inaccurate personal data corrected.
4.3 Right to Erasure (Right to be Forgotten)
Individuals have the right to request the deletion of their personal data under certain circumstances.
4.4 Right to Restriction of Processing
Individuals can request that the processing of their personal data be restricted under certain circumstances.
4.5 Right to Data Portability
Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format.
4.6 Right to Object
Individuals have the right to object to the processing of their personal data for certain reasons.
5. Security
We will implement appropriate technical and organisational measures to ensure the security of personal data.
6. Data Breach Response
In the event of a data breach, we will promptly assess and report it to the relevant supervisory authority and, if necessary, to the affected individuals.
7. Data Protection Impact Assessments (DPIA)
We will conduct DPIAs for processing activities that are likely to result in high risks to individuals' rights and freedoms.
8. International Data Transfers
If personal data is transferred outside the European Economic Area (EEA), we will ensure that it is adequately protected and that the transfer complies with GDPR requirements.
9. Training and Awareness
We will provide training to employees and contractors to ensure they are aware of their responsibilities under GDPR.
10. Review and Update
This policy will be reviewed regularly and updated as necessary to ensure ongoing compliance with GDPR and any applicable data protection laws.
Date: 1st April 2022