WHAT IS GDPR?
The GDPR is Europe’s new framework for data protection laws. It replaces the previous 1995 data protection directive, which current UK law is based upon.
The new regulation starts on 25 May 2018. It will be enforced by the Information Commissioner’s Office (ICO).
The Government has confirmed that the UK’s decision to leave the European Union will not alter this.
At HALR Ltd, we respect your concerns about privacy.
Our GDPR Privacy Notice describes the types of personal information we collect, how we use the information, with whom we may share it and the choices available to you regarding our use of the information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices. Please contact us by emailing at email@example.com
HALR Ltd are committed to adhering to the highest standards of data protection and data security.
We have designed and are progressing with a comprehensive GDPR implementation programme.
Compliance with all relevant UK and EU laws in respect of personal data is a top priority.
We are committed to protect the rights and freedoms of individuals, whose information HALR Ltd collects in accordance with the General Data Protection Regulation (GDPR).
We are committed to protecting any information you share with us, including any information that you tell us about yourself, what we learn by having you as a client and consent you gave us to process your data in a specific way.
OUR COMMITMENT TO PRIVACY OF YOUR DATA
HALR Ltd commits:
- To keep your data safe and private;
- Not to disclose your data to our partners and affiliates without relevant non-disclosure agreements; and
- To never sell your data whether in explicit or pseudonymised form.
The purposes for which personal data may be used by us:
We will use the personal data we collect and process only to perform our business functions.
This includes dealing with personnel, administrative, financial, regulatory and business development purposes.
We may use personal information for operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of any sensitive information.
There are instances where we would have to comply with the law and deal with your personal data for regulatory, legal and compliance purposes.
These may include:
- Compliance with the legal and regulatory requirements;
- Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests;
- When we are investigating complaints; and
- When we perform functions that are part of our business requirements to deliver best-in-class service to you, e.g. when we are checking references, monitoring and managing staff access to systems and facilities, staff conduct, disciplinary matters etc
HALR Ltd shall comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation.
We will make every effort possible in everything we do to comply with these principles.
The EU GDPR provides the following rights for individuals:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object; and
- Rights in relation to automated decision making and profiling
HALR Ltd data processing is in line with the key principles stated by the EU GDPR.
We ensure that your data is:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes only;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We have strict policies on processing data on children and persons with criminal convictions.
In line with EU GDPR you may file a subject access request to find out what information exactly HALR Ltd holds on you in our files.
HALR Ltd will not transfer your data outside the EU, unless the level of protection of your data will be maintained at least to the same level as if it remained in the EU.
We will ask your explicit consent if you’re dealing with us would require such a transfer (unless stipulated by regulatory authorities).
SECURITY CONTROLS OF DATA PROCESSING ACTIVITIES AT HALR LTD
HALR Ltd are employing high standards for data security, which include, to the minimum:
- Adhering to information security assets and data security policies and procedures HALR Ltd
- has adopted;
- Maintaining privacy of your data by design;
- Maintaining segregation of access rights for different individuals who are part of HALR Ltd;
- Encrypting equipment, wireless networks, data at rest and individual files;
- Maintaining strict mobile device policies; and
- Strong physical and other controls.
HALR Ltd together with its IT services provider, has established and maintains incident response and business continuity procedures.
This will allow us to respond to a data incident promptly and inform the ICO, if required, within the 72 hours specified by the EU GDPR documentation.
DATA ACCESS REQUEST PROCEDURE
All data-related requests of data subjects (including data access, data rectification, data erasure, etc.) must be made in writing by email to firstname.lastname@example.org
If we receive a data-related request from you in any other way, we will forward it to the above mentioned electronic address, however, it may take us longer to process your request, but we will never exceed the 40 days stipulated by the EU GDPR documentation.
POLICY REVIEW AND VERSION CONTROL
We have committed to review all our GDPR-related policies at least once a year. The HALR Ltd Partners have ultimate control of all our GDPR documentation.
71-75 Sheldon Street
+ 44 (0) 20 3137 5747