In collecting and using personal data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps Greenpoint Computer Services Limited is taking to ensure that it complies with GDPR in this regard.
2. Privacy and Personal Data Protection Policy
2.1. Personal Data Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
2.2. Your Rights
The data subject has rights under the GDPR. These consist of:
Each of these rights are supported by appropriate procedures within Greenpoint Computer Services Limited that allow the required action to be taken within the timescales stated in the GDPR.
If you would like to exercise any of these rights, please contact us via the details within section 1.7 of this document.
2.3. Lawfulness of Processing
We will only collect and use customers personal data when the law allows us to under one of the following areas:
Most commonly we will collect and use customers personal data when:
Where the personal data collected and processed are required to fulfil a contract with the data subject. This will often be the case where the contract cannot be completed without the personal data in question e.g. contact information to deliver support services or a purchase cannot be made without an address to deliver or invoice to.
2.4. Security by Design
Greenpoint Computer Services Limited has adopted the principle of security by design and will ensure that the definition and planning of all new or significantly changed systems that may collect or process personal data will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments.
The data protection impact assessment will include:
For any data we currently hold or may hold in the future we will:
As transmission of data via the internet is not completely secure it is advised you also take precautions when transferring data to us.
2.5. International Transfers of Personal Data
If Greenpoint Computer Services decides to transfer any personal data outside the European Union, the decision will be carefully reviewed prior to the transfer taking place. We will ensure that all measures are in place to secure information and fall within the limits imposed by the GDPR.
We take any complaints about how we collect and use your personal data very seriously. If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
You can make a complaint at any time by contacting our data protection officer using the contact details in section 1.7.
You can also complain to the Information Commissioner’s Office in one of the following ways:
2.7 Contact Us
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice please address them to firstname.lastname@example.org
Speak to one of Greenpoint’s experts for 60 minutes free of charge.