Call Now

GDPR Compliance

The purpose of GDPR is to protect the personal data of individuals and ensure that it is handled in a lawful, fair, and transparent manner. It establishes key principles such as purpose limitation, data minimisation, and accuracy to guide organisations in their data processing activities. Additionally, GDPR grants individuals various rights, including the right to be informed, the right of access, and the right to erasure.

GDPR Compliance Policy

At Secure Shredding Limited, we are committed to protecting the privacy and security of our users’ personal information. As part of this commitment, we adhere to the General Data Protection Regulation (GDPR) which is designed to harmonise data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and reshape the way organisations across the region approach data privacy.

Key Principles of GDPR

The key principles of GDPR are essential in guiding organisations’ data processing activities. These principles include lawfulness, fairness, and transparency, which ensure that personal data is handled in a lawful and ethical manner. Additionally, GDPR emphasizes the importance of purpose limitation, data minimization, and accuracy to prevent the misuse or unnecessary collection of personal data. These principles, along with others such as storage limitation, integrity, and confidentiality, play a crucial role in maintaining the integrity and security of personal data in today’s digital age.

 

 

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Scope

This GDPR Compliance Policy applies to all personal data processed by Secure Shredding Limited, including data collected from visitors, customers, and any other individuals.

Principles for Processing Personal Data

In order to ensure compliance with the GDPR, Secure Shredding Limited follows these principles when processing personal data:

  • Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
  • Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
  • Data minimisation: We collect and process only the personal data that is necessary for the intended purpose.
  • Accuracy: We ensure that personal data is accurate and kept up to date.
  • Storage limitation: We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Subject Rights

Secure Shredding Limited acknowledges the rights of data subjects under the GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.

Lawful Basis for Processing Personal Data

Secure Shredding Limited will only process personal data where there is a lawful basis for doing so. This includes:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which Secure Shredding Limited is subject.
  • Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Processing is necessary for the purposes of the legitimate interests pursued by Secure Shredding Limited or by a third party.

Data Security

Secure Shredding Limited takes the security of personal data seriously and has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Breach Notification

In the event of a personal data breach, Secure Shredding Limited will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

 

Data Protection Officer

 

Secure Shredding Limited has appointed a Data Protection Officer (DPO) who is responsible for overseeing the implementation of this GDPR Compliance Policy, monitoring compliance with the GDPR, cooperating with supervisory authorities, and being the point of contact for data subjects.

Contact Information

If you have any questions or concerns about our GDPR Compliance Policy or our privacy practices, please email us at info@secure-shredding.co.uk or call 01234 945055

 

Updates to the GDPR Compliance Policy

Secure Shredding Limited reserves the right to update this GDPR Compliance Policy to reflect changes to our privacy practices or for other operational, legal, or regulatory reasons. We encourage you to review this policy periodically for any changes.