Data Protection and GDPR Compliance Policy

  • Home
  • Data Protection and GDPR Compliance Policy

Data Protection and GDPR Compliance Policy

1. INTRODUCTION

4SSG UK Limited is committed to safeguarding personal data and ensuring its processing complies with the General
Data Protection Regulation (GDPR). This policy outlines the company’s approach to protecting personal data,
ensuring compliance with GDPR, and protecting the privacy rights of employees, clients, contractors, and other
stakeholders.

2. SCOPE

This policy applies to all employees, contractors, and partners of 4SSG UK Limited who handle or process personal
data. It covers all forms of personal data, whether electronic or physical.

3. DATA PROTECTION PRINCIPLES

4SSG UK Limited adheres to the following GDPR principles:

A. Lawfulness, Fairness, and Transparency: Data will be processed lawfully, fairly, and transparently.
B. Purpose Limitation: Data will only be collected for specified, legitimate purposes and will not be further
processed in ways incompatible with those purposes.
C. Data Minimization: Only the necessary data for the stated purposes will be collected.
D. Accuracy: Personal data will be kept accurate and up-to-date.
E. Storage Limitation: Data will be retained for no longer than necessary for the purpose for which it was collected.
F. Integrity and Confidentiality: Personal data will be securely processed to protect against unauthorized access,
loss, or damage.

4. ROLES AND RESPONSIBILITIES

A. Director Responsibilities:

The Director of 4SSG UK Limited, is responsible for ensuring the company complies with GDPR requirements, including:
a) Ensures the company’s compliance with GDPR and data protection laws.
b) Reviews and approves this policy annually.
c) Appoints the Data Protection Officer (if required) and ensures resources and training for compliance.

B. Employee Responsibilities:

a) Understand and comply with this policy.
b) Immediately report any data breaches.
c) Securely handle personal data at all times.

5. LAWFUL BASIS FOR PROCESSING

4SSG UK Limited processes personal data based on the following lawful bases:
a) Performance of a contract
b) Legal obligations (e.g., sponsorship compliance)
c) Legitimate interests of the company, including operational needs.

6. DATA COLLECTION AND PROCESSING

4SSG UK Limited collects personal data for employment, payroll, sponsorship compliance, and operational needs.
Examples include:
a) Employee names, addresses, and contact details
b) Passport and visa details for sponsored employees
c) Financial and payroll information

7. DATA SECURITY

4SSG UK Limited implements appropriate technical and organizational measures to protect personal data, including:
a. Secure access controls and passwords.
b. Encryption of sensitive data.
c. Regular backups and cybersecurity protocols.
d. Restricted access to data based on roles and responsibilities.

8. DATA SUBJECT RIGHTS

Under GDPR, data subjects have the following rights:
a. Right to access their data.
b. Right to rectification of inaccurate data.
c. Right to erasure (where applicable).
d. Right to restrict processing.
e. Right to data portability.
f. Right to object to processing.

Requests related to these rights must be directed to the company’s Data Protection Officer and will be addressed
within one month.

9. DATA BREACHES

All data breaches must be reported immediately to the Director or Data Protection Officer. Breaches will be
documented, and the necessary actions will be taken, including notification to the ICO (Information
Commissioner’s Office) if required.

10. DATA RETENTION

Personal data will be retained only as long as necessary for the purposes for which it was collected. Once
data is no longer required, it will be securely erased.

11. TRANSFERRING PERSONAL DATA

Personal data may be transferred to countries outside the EEA only if the transfer meets GDPR requirements,
including adequate safeguards or the informed consent of the data subject.

12. AUTOMATED DECISION-MAKING AND PROFILING

Personal data may be used in automated decision-making or profiling, subject to GDPR regulations. Data
subjects have the right to challenge decisions and request human intervention where necessary.

13. DATA SUBJECT ACCESS REQUESTS (SARS)

Data subjects can submit SARs to request information on the personal data held by the company. SARs will
be responded to within one month, with possible extensions for complex requests.

14. TRAINING AND AWARENESS

All employees, contractors, and other relevant parties will be trained on data protection responsibilities and
the correct handling of personal data.

15. ACKNOWLEDGE:

All employees must read and acknowledge this policy by signing below.

Employee Name: ________________________________
Employee Signature: ________________________________
Date: ________________________________

16. POLICY REVIEW:

This Data Protection and GDPR Compliance Policy will be regularly reviewed by the HR Manager and updated
as necessary.
The Managing Director shall review this policy annually or follow significant changes.

Data Protection and GDPR Compliance Policy Document