GDPR Policy

1. Introduction

FOX ENGINEERING SAFETY AND COMPLIANCE LIMITED ("the Company") is committed to protecting and respecting your privacy. This GDPR Data Protection

Policy outlines how we collect, use, store, and protect personal data, in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Purpose of the Policy

This policy aims to ensure that FOX ENGINEERING SAFETY AND COMPLIANCE LIMITED:

  • Complies with data protection laws and follows good practices.

  • Protects the rights of employees, clients, and partners.

  • Is open and transparent about how personal data is processed.

  • Protects against data breaches.

3. Scope

This policy applies to:

  • All employees, contractors, suppliers, and partners of the Company.

  • All personal data processed by the Company, relating to clients, employees, suppliers, and other third parties.

4. Data Protection Principles

FOX ENGINEERING SAFETY AND COMPLIANCE LIMITED adheres to the following principles under the GDPR:

  • Lawfulness, fairness, and transparency – We process data lawfully, fairly, and in a transparent manner.

  • Purpose limitation – We only collect data for specific, legitimate purposes and do not use it for other purposes.

  • Data minimisation – We only collect the minimum data necessary for each purpose.

  • Accuracy – We take reasonable steps to ensure personal data is accurate and up-to-date.

  • Storage limitation – We retain data only as long as necessary for the purposes we collected it for.

  • Integrity and confidentiality – We process data securely, protecting it from unauthorised or unlawful processing and accidental loss, destruction, or damage.

5. Lawful Basis for Data Processing

We process personal data on the following lawful bases:

  • Consent – Where the data subject has given explicit consent to the processing of their data for one or more specific purposes.

  • Contractual necessity – When processing is necessary to fulfil a contract with the data subject.

  • Legal obligation – When processing is necessary to comply with a legal requirement.

  • Legitimate interests – When processing is in our legitimate interests, unless overridden by the interests or fundamental rights of the data subject.

6. Data Subject Rights

Under the GDPR, individuals have the following rights:

  • Right to access – Individuals may request access to their personal data.

  • Right to rectification – Individuals may request corrections to their personal data if it is inaccurate or incomplete.

  • Right to erasure – Individuals may request deletion of their personal data, subject to certain conditions.

  • Right to restrict processing – Individuals may request restriction of their data processing in certain circumstances.

  • Right to data portability – Individuals may obtain and reuse their personal data for their own purposes.

  • Right to object – Individuals may object to the processing of their personal data for direct marketing, research, or statistical purposes.

  • Rights related to automated decision-making – Individuals may opt-out of decisions based solely on automated processing, including profiling.

To exercise any of these rights, individuals may contact the Company’s Data Protection Officer (DPO) via the contact details listed below.

7. Data Collection and Usage

FOX ENGINEERING SAFETY AND COMPLIANCE LIMITED collects and processes personal data for various business purposes, including but not limited to:

  • Employment and HR administration.

  • Providing and managing client services.

  • Maintaining security, compliance, and regulatory obligations.

  • Marketing, with explicit consent.

The types of personal data we collect may include names, contact information, employment history, payment information, and other data relevant to our services.

8. Data Security

We take data security seriously and implement appropriate measures to protect personal data. These measures include:

  • Regular training for staff on data protection.

  • Regular security audits and risk assessments.

  • Secure storage and controlled access to data.

  • Encryption and other technical measures to protect data.

9. Data Retention

FOX ENGINEERING SAFETY AND COMPLIANCE LIMITED retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Once no longer needed, data will be securely deleted.

10. Data Breach Procedures

In the event of a data breach, we will:

  1. Assess and contain the breach immediately.

  2. Notify the relevant supervisory authority within 72 hours, if required.

  3. Notify affected individuals if the breach poses a high risk to their rights and freedoms.

  4. Review and update our procedures to prevent future breaches.

11. Third-Party Processors

We may share personal data with third-party processors to provide services on our behalf, such as IT support or payroll. We ensure these processors comply with GDPR and protect data with strict confidentiality and security measures.

12. Responsibilities

All employees of FOX ENGINEERING SAFETY AND COMPLIANCE LIMITED are responsible for adhering to this policy. The Data Protection Officer (DPO) oversees the implementation and monitoring of this policy.

Data Protection Officer Contact Information: David Brickell

Email: d.brickell@foxenginerringsafety.co.uk

Phone: 0116 2162335

Address: registered address - 19 Warren Park Way, The Warrens Business Park, Leicester, LE19 4SA

---

Policy Review

This policy will be reviewed annually and updated as necessary to ensure compliance with GDPR and other relevant regulations.

---

Approval and Acceptance

This policy has been reviewed and approved by the management of FOX ENGINEERING SAFETY AND COMPLIANCE LIMITED.

---

This GDPR policy will help you maintain data protection compliance and communicate transparency to clients, employees, and stakeholders.