SDI Media Group
We recognise that any personally identifiable information (or personal data) is not our data to use as we wish, but it is data that we are merely custodians of and must be managed in accordance with the General Data Protection Regulation. This policy describes the actions we take to ensure compliance with the policy.
This policy ensures we:
We hold personal data and sensitive personal data to enable us to:
We will only use personal data for lawful business purposes set out under the GDPR (Article 6 Paragraph.1).
It will not always be necessary to obtain consent to hold and process data when it is required for contractual purposes.
We will only hold and process data on the basis that we have explained; we will not seek to process data in a way which is different from the original intent.
To request to review data that we hold (Article 15 GDPR), to change data that we hold (Article 16 GDPR), to request deletion of data that we hold (Article 17 GDPR), to request the restriction of the data that we hold (Article 18 GDPR), to object to wrong data usage (Article 21 GDPR) or to request a transfer of data that we hold (Article 20 GDPR), or to reclaim the authorization of data usage, you have the right to contact email@example.com.We aim to acknowledge receipt of all requests for data within 24 hours and to fulfil the request according to standards out under the GDPR.
You have the right to report complaints to the local authorities (Article 77 GDPR) if the usage of the personal data is not of originally authorized use.
We will hold the minimum amount of data that is necessary for the function of our business.
We will keep information up to date to the best of our knowledge and correct any inaccurate data that is identified.
We will only retain personal data for as long as reasonably necessaryin accordance with to local laws to fulfil the purposes we collected it for, including for the purposes of satisfying any job applications, legal, regulatory, tax, accounting or reporting requirements. We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with the data subject.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We will not export data overseas without ensuring appropriate data protection arrangements are in place.
We will ensure that we apply appropriate industry standard security measures when securing and handling personal data.
We will take specialist advice, where necessary, to ensure our security measures are providing the expected level of protection.
We will treat all security incidents as a serious matter and provide appropriate resources to their investigation.
We will report security incidents as required under GDPR and the relevant Data Protection Authority
Employees and direct contractors are required to report any incidents or breaches of this policy as soon as possible.
Any findings as a result of a security incident will be used to improve our systems, processes, and training.
We will ensure privacy is considered at the outset of any new information processing systems and business processes.
Depending on the type of supplier, we undertake one of the following:
We will investigate complaints or disputes concerning the holding or processing of personal data promptly. Contact firstname.lastname@example.org
Failure to comply with this policy by employees will be dealt with under our disciplinary procedures.
Failure to comply with this policy by direct contractors will be dealt with under the terms of the contract between us, which could include termination.