GGR OPS 07.04
GGR Group is fully committed to ensuring compliance with the requirements of data protection legislation, including the General Data Protection Regulation. The company has procedures in place with the aim of ensuring that all personnel employed within the group, who have access to, control or process personal data collected and/or held by or on behalf of the GGR Group are fully aware of and abide by their duties in accordance with all relevant applicable legislation.
Statement of Policy
The company needs to collect and use information about people with whom it works, in order to operate and carry out its lawful business functions. These may include members of the public, current, past and prospective employees, clients, customers and suppliers. Additionally, the group may be required by law to collect and use information, in order to comply with wider legal requirements. This personal information must be handled and dealt
with properly however it is collected, recorded and used and applies to all types of media, including paper/hard copy, electronic computer records or recorded by other means.
GGR Group regards the lawful and appropriate treatment of personal information as an integral and important source of data, to assist us in completing successful business operations. It is essential therefore, to protect data received and provide assurance that the data we hold or use, is properly protected to all parties with whom GGR Group carries out its business. GGR Group fully endorses and will endeavour to adhere to all the Principles of the General Data Protection Regulation.
Handling Personal data
Personal data is defined as any information relating to an identified or identifiable natural person
Special category data is defined as personal data consisting of information as to:
GGR Group will, through management and use of appropriate controls, monitoring and review:
These rights include:
The Principles of Data Protection
Anyone processing personal data must comply with 6 principles of good practice. These principles are legally enforceable.
Summarised, the principles require that personal data shall be:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals.
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4. Accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures in accordance with the rights of data subjects under the Act. The Act provides conditions for the processing of any personal data. It also makes a distinction between personal data and 'special category' data.
How We Process Your Personal data
GGR complies with its obligations under the General Data Protection Regulations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
Our legal basis for holding or processing personal information is based on on one or more of the following criteria.
Sharing Your Personal Data
Your personal data will be shared only with third parties, once the data subject has authorised us to do so.
How Long We Keep Your Personal Data
We keep any personal data for no longer than reasonably necessary for us to meet our business needs and obligations and for the purposes that we acquired the data in the first instance.
Right to Withdraw Consent
We offer you the right to withdraw consent of use of your personal data via a withdraw consent form notice.
Review
This policy will be reviewed annually as a minimum, in line with the company management system review policy. The policy will also be reviewed following any change in legislation or following a breach or loss of personal data.
GD Riley
Chief Executive Officer
Date: 07 August 2024