General Data Protection Regulation

General Data Protection Regulation

Introduction

GARLAND (hereafter referred to as ("the Company") is committed to protecting the privacy and security of personal data. This policy sets out the Company’s approach to complying with the General Data Protection Regulation (GDPR).  

Scope of Policy 

This policy applies to all personal data processed by the Company, including personal data of clients, employees, contractors, and any other individuals whose personal data is processed by the Company.

Data Protection Principles

The Company will process personal data in accordance with the following data protection principles: 

  • Lawfulness, fairness, and transparency: personal data will be processed in a lawful, fair, and transparent manner.
  • Purpose limitation: personal data will be collected for specified, explicit, and legitimate purposes and will not be processed in a manner that is incompatible with those purposes.
  • Data minimization: personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy: personal data will be accurate and, where necessary, kept up-to-date.
  • Storage limitation: personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and confidentiality: personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures 

Lawful Basis For Processing Personal Data

The Company will process personal data only where it has a lawful basis for doing so. The lawful bases for processing personal data are: 

  • Consent: the data subject has given clear and informed consent to the processing of their personal data for a specific purpose.
  • Contractual necessity: the processing of personal data is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
  • Legal obligation: the processing of personal data is necessary for the Company to comply with its legal obligations.
  • Vital interests: the processing of personal data is necessary to protect the vital interests of the data subject or of another person.
  • Public task: the processing of personal data is necessary for the Company to perform a task in the public interest or for its official functions.
  • Legitimate interests: the processing of personal data is necessary for the legitimate interests of the Company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. 

Collection Of Personal Data

The Company will only collect personal data that is necessary for the purposes for which it is collected. Personal data will be collected directly from the data subject, unless it is not practical or reasonable to do so.

Use Of Personal Data

The Company will only use personal data for the purposes for which it was collected. The Company will not use personal data for any other purpose without the data subject’s consent or as otherwise permitted by law.

Data Accuracy

The Company will take reasonable steps to ensure that personal data is accurate and up-to-date. The Company will also take reasonable steps to rectify any inaccuracies in personal data that it holds. Individuals have the right to have their personal data rectified if it is inaccurate or incomplete.

Data Retention

The Company will only retain personal data for as long as it is necessary for the purpose for which it was collected. The Company will regularly review the personal data it holds and delete any personal data that is no longer necessary for the purpose for which it was collected. The Company will also consider the applicable legal requirements for retaining personal data.

Data Secuirty

The Company will take appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. This includes measures to protect against accidental loss or destruction of personal data. The Company will also ensure that any third-party service providers that process personal data on its behalf have appropriate security measures in place.

Data Breaches 

The Company will promptly notify the relevant authorities and affected individuals if it becomes aware of a personal data breach that poses a risk to the rights and freedoms of individuals. The Company will also investigate the cause of the breach and take appropriate steps to prevent similar breaches from happening in the future.

Data Subject Rights

The Company will respect the rights of individuals in relation to their personal data, including the right to:

  • Access their personal data and obtain information about how their personal data is processed.
  • Rectify their personal data if it is inaccurate or incomplete.
  • Erase their personal data in certain circumstances, such as where it is no longer necessary for the purpose for which it was collected.
  • Restrict the processing of their personal data in certain circumstances, such as where the accuracy of the personal data is contested.
  • Object to the processing of their personal data in certain circumstances, such as where the personal data is processed for direct marketing purposes.
  • Receive their personal data in a structured, commonly used, and machine-readable format, and have their personal data transmitted to another controller in certain circumstances. 

Data Protection Officer 

The Company has designated a data protection officer who is responsible for overseeing the Company’s compliance with this policy and with the GDPR. The data protection officer can be contacted by email at gdpr@garlandconsultancy.com

Changes to the Policy

This policy may be updated from time to time to reflect changes in the Company’s practices or to comply with changes in applicable law. Any changes to this policy will be published on the Company’s website.

Contact Information 

For any questions or concerns about this policy or the Company’s handling of personal data, please contact the data protection officer by email at gdpr@garlandconsultancy.com

Get in Touch
Follow us on