Processing of Personal Data
The EU General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union effective from May 25 2018.
The GDPR imposes new obligations on organisations that control or process personal data and introduces new rights and protections for EU citizens.
We are committed to ensuring that your privacy is protected and we strictly adhere to the provisions of all relevant Data Protection Legislation, including GDPR, ensuring all personal data is handled in line with the principles outlined in the regulation that state:
Personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to the data subject
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date
- Kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Spaceways respects our customer and learner’s rights to data privacy and protection and as such we have revised our internal policies, procedures, working practices in order to meet the requirements of the GDPR.
We place a high priority on protecting and managing data in accordance with accepted standards and indeed helping our customers utilise our products and services to the same end.
Spaceways is committed to compliance with the GDPR as both a processor and controller of personal data and have established a working group to lead our GDPR implementation project and ensure compliance on an ongoing basis.
Further information is available throughout the rest of this document.
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We have perimeter fences, fingerprint scanners for doors, sign in for visitors and 24/7 CCTV on site.
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability;
- the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below.
If you would like to exercise one of your rights as set out in the “Your Rights” section above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by:
By email: firstname.lastname@example.org
By post: Data Protection Officer, Westfield Road, Slyfield Industrial Estate, Surrey, Guildford, GU1 1SB
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to ico.org.uk/concerns to find out more.