Civico Limited’s Data Handling Policy outlines the company’s commitment to protecting the privacy and security of personal data. The policy covers the collection, use, storage, and sharing of personal data, in compliance with GDPR regulations and ISO 27701 standards. Civico Limited is committed to ensuring that personal data is collected and processed lawfully, fairly, and transparently, and that appropriate technical and organisational measures are in place to safeguard against unauthorised access, loss, destruction, or disclosure of personal data.
- Civico is committed to complying with applicable data protection laws and regulations, including the GDPR and ISO 27701, to protect the privacy and security of personal data.
- Civico will only collect, use, store, and process personal data for legitimate business purposes and in accordance with applicable laws and regulations.
- Civico will implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data and will regularly review and update these measures to maintain their effectiveness.
- Civico will provide individuals with clear and concise information about how their personal data is being processed, and will respect their rights to access, correct, delete, and restrict the processing of their personal data.
- Civico will only disclose personal data to third parties where necessary for legitimate business purposes or where required by law and will ensure that appropriate safeguards are in place to protect personal data when it is transferred to third parties.
- Regularly conducting risk assessments and updating data handling procedures as necessary
- Implementing appropriate technical and organizational measures to protect data, including access controls and encryption.
- Ensuring that employees and contractors are aware of and trained on data handling policies and procedures.
- Regularly reviewing third-party contracts and ensuring that they comply with data protection regulations.
- Providing individuals with access to their personal data and allowing them to request deletion or correction.
- Maintaining incident response and data breach notification procedures in the event of a security incident or data breach.
1. Data Handling Principle
Civico Limited follows these principles when handling data:
- Data is processed lawfully, fairly, and transparently.
- Data is collected for specified, explicit, and legitimate purposes and not further processed in a way
- that is incompatible with those purposes.
- Data is kept accurate and up to date.
- Data is kept in a form which permits identification of data subjects for no longer than is necessary.
- Data is processed in a manner that ensures appropriate security, including protection against
- unauthorized or unlawful processing and against accidental loss, destruction, or damage.
2. Data Collection
Civico Limited only collects personal data that is necessary for its legitimate purposes and obtains the consent of individuals before collecting their personal data. Data is collected directly from the individual whenever possible. Civico Limited ensures that the individual is informed of the purposes of the processing, the legal basis for the processing, and the retention period for the data.
3. Data Processing
Civico Limited processes personal data in accordance with GDPR regulations and ISO 27701. Data is processed only for specified, explicit, and legitimate purposes, and is not processed further in a way that is incompatible with those purposes. Civico Limited ensures that personal data is accurate and up to date and takes appropriate measures to rectify inaccurate or incomplete data. Personal data is not kept for longer than is necessary for the purposes for which it was collected.
4. Data Security
Civico Limited takes appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Civico Limited ensures that access to personal data is restricted to authorized personnel only, and that all personnel are trained in data protection principles and practices.
5. Data Subject Rights
Civico Limited respects the rights of data subjects, including the right to access, rectify, erase, restrict, object to, or port their personal data. Civico Limited responds to requests from data subjects in a timely and transparent manner.
6. Data Breach Notification
In the event of a data breach, Civico Limited takes appropriate measures to mitigate the impact of the breach and notifies the relevant supervisory authority and affected data subjects within 72 hours of becoming aware of the breach, in accordance with GDPR regulations.
7. Data Protection Officer
Civico Limited appoints a Data Protection Officer (DPO) to ensure compliance with GDPR regulations and ISO 27701. The DPO has appropriate expertise and is involved in all issues related to the protection of personal data. Hassan Schuman is the appointed DPO for Civico Limited.
8. Third-party Data Processors
Civico Limited ensures that third-party data processors are compliant with GDPR regulations and ISO 27701, and only engages third-party data processors that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of GDPR regulations and ISO 27701.
9. Record Keeping
Civico Limited keeps records of its data processing activities in accordance with GDPR regulations and ISO 27701.
10. Review and Update
Civico Limited reviews and updates this Data Handling Policy regularly to ensure that it remains compliant with GDPR regulations and ISO 27701, and to reflect changes in the company’s data processing activities.
In conclusion, Civico is committed to protecting the privacy and confidentiality of personal data in compliance with the GDPR and ISO 27701. We continuously review and update our data handling policies and procedures to ensure that they meet the highest industry standards. Our goal is to maintain the trust of our customers and stakeholders by safeguarding their sensitive information and respecting their rights to privacy.
Name: Daniel Cremin
Position: CEO & Appointed Health and Safety Advisor
Revision Date: 10.01.2023