SDI Media Group
We recognise that any personally identifiable information (or personal data) is not our data to use as we wish, but it is data that we are merely custodians of and must be managed in accordance with the General Data Protection Regulation. This policy describes the actions we take to ensure compliance with the policy.
This policy ensures we:
• comply with data protection law and follow sound practice
• respect the rights of website visitors
• are open about the way we process and manage information
• reduce the risk of a data breach
• are able to respond quickly in the event of a breach
2 Why we hold data?
We hold personal data and sensitive personal data to enable us to:
• fulfil our contractual obligations
• to comply with legal obligations
• communicate and respond to on-line enquiries
3 Types of Data We Collect From our Website and Email Contacts
If you should use our posted email address to contact us, in order to respond to you we will keep a record of your contact information and correspondence while respecting all aspects of the GDPR.
Online Enquiry Forms
• Any collection of personal data arising from your submission of enquiry forms on this website will only be used for the purpose stated on the form e.g. employment enquiries. It is stored for a short time on our secure website content management system. Once contact with enquirer has been initiated, the completed form and any information contained on the form will be permanently deleted. Your data will only be passed securely to the relevant internal team. We are happy to provide, upon request, information on how your data is processed and stored once forwarded internally.
• Information collected via our online enquiry forms are not retained or used for mailing / newsletter purposes.
4 What basis do we hold and process data?
We will only use personal data for lawful business purposes set out under the GDPR (Article 6 Paragraph.1).
It will not always be necessary to obtain consent to hold and process data when it is required for contractual purposes.
We will only hold and process data on the basis that we have explained; we will not seek to process data in a way which is different from the original intent.
5 Individuals Rights
To request to review data that we hold (Article 15 GDPR), to change data that we hold (Article 16 GDPR), to request deletion of data that we hold (Article 17 GDPR), to request the restriction of the data that we hold (Article 18 GDPR), to object to wrong data usage (Article 21 GDPR) or to request a transfer of data that we hold (Article 20 GDPR), or to reclaim the authorization of data usage, you have the right to contact email@example.com.We aim to acknowledge receipt of all requests for data within 24 hours and to fulfil the request according to standards out under the GDPR.
You have the right to report complaints to the local authorities (Article 77 GDPR) if the usage of the personal data is not of originally authorized use.
6 Data Management
6.1 Minimisation of Data
We will hold the minimum amount of data that is necessary for the function of our business.
We will keep information up to date to the best of our knowledge and correct any inaccurate data that is identified.
6.3 Retention of Data
We will only retain personal data for as long as reasonably necessary in accordance with to local laws to fulfil the purposes we collected it for, including for the purposes of satisfying any job applications, legal, regulatory, tax, accounting or reporting requirements. We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with the data subject.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
6.4 Transferring Data Overseas
We will not export data overseas without ensuring appropriate data protection arrangements are in place.
7 Protective Measures
7.1 Security of Data
We will ensure that we apply appropriate industry standard security measures when securing and handling personal data.
We will take specialist advice, where necessary, to ensure our security measures are providing the expected level of protection.
7.2 Incident Reporting
We will treat all security incidents as a serious matter and provide appropriate resources to their investigation.
We will report security incidents as required under GDPR and the relevant Data Protection Authority
Employees and direct contractors are required to report any incidents or breaches of this policy as soon as possible.
Any findings as a result of a security incident will be used to improve our systems, processes, and training.
7.3 New Systems and Processes
We will ensure privacy is considered at the outset of any new information processing systems and business processes.
7.4 Third Parties We Work With
Depending on the type of supplier, we undertake one of the following:
• We will review their terms and conditions to ensure they protect data in accordance with GDPR requirements, or
• We will provide details of the information we hold and process, ensure they understand their responsibilities in helping us secure it and formally agree the arrangements.
We will investigate complaints or disputes concerning the holding or processing of personal data promptly. Contact firstname.lastname@example.org
Failure to comply with this policy by employees will be dealt with under our disciplinary procedures.
Failure to comply with this policy by direct contractors will be dealt with under the terms of the contract between us, which could include termination.