Madison Heights GDPR Policy

General Data Protection Regulation (GDPR) Policy


1. Introduction


Madison Heights recognises the importance of protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR), including both the EU GDPR and the UK GDPR, as well as the Data Protection Act 2018 (DPA 2018). This policy outlines the principles and procedures that Madison Heights will adhere to in order to ensure compliance with GDPR requirements and UK data protection laws.


2. Scope


This policy applies to all personal data processed by Madison Heights, regardless of the format or medium in which it is stored or processed. This includes data relating to employees, customers, suppliers, and any other individuals whose data is processed by Madison Heights.


3. Principles of Data Processing


Madison Heights is committed to adhering to the following principles in the processing of personal data:


Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and transparently in accordance with GDPR requirements.

Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Data Minimisation: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Reasonable steps shall be taken to ensure that inaccurate personal data are rectified or deleted without delay.

Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

Accountability: Madison Heights shall be responsible for, and be able to demonstrate compliance with, the principles of data processing outlined in this policy.

4. Data Subject Rights


Madison Heights recognises the rights of data subjects under GDPR, including but not limited to:


The right to be informed about the processing of their personal data.

The right to access their personal data and supplementary information.

The right to rectification of inaccurate personal data or completion of incomplete personal data.

The right to erasure of personal data ("right to be forgotten") in certain circumstances.

The right to restrict processing of personal data in certain circumstances.

The right to data portability, allowing data subjects to obtain and reuse their personal data for their own purposes across different services.

The right to object to processing of personal data in certain circumstances.

5. Data Protection Officer (DPO)


Madison Heights has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with GDPR requirements, including both EU and UK regulations. The DPO can be contacted at [Madison Heights, 01621 850 222].


6. Data Breach Response


Madison Heights shall promptly investigate any actual or suspected data breaches and, where applicable, notify the relevant supervisory authority, including the Information Commissioner's Office (ICO), and affected data subjects in accordance with GDPR requirements and UK data protection laws.


7. Data Processing Agreements


Madison Heights shall ensure that any third parties processing personal data on its behalf do so in compliance with GDPR requirements and UK data protection laws, through the implementation of appropriate data processing agreements.


8. Training and Awareness


Madison Heights shall provide training and awareness programmes to ensure that employees understand their responsibilities under GDPR and UK data protection laws, and are aware of the importance of protecting personal data.


9. Data Protection Impact Assessments (DPIAs)


Madison Heights shall conduct Data Protection Impact Assessments (DPIAs) where necessary, in accordance with UK GDPR requirements, to assess and mitigate risks associated with data processing activities.


10. Review and Update


This GDPR policy shall be reviewed and updated regularly to ensure ongoing compliance with GDPR requirements, UK data protection laws, and any changes in applicable laws and regulations.


11. Conclusion


Madison Heights is committed to protecting the privacy and security of personal data in accordance with GDPR requirements, including both EU and UK regulations, as well as the Data Protection Act 2018. All employees are expected to comply with this policy and support Madison Heights' efforts to ensure GDPR and UK data protection compliance.


End of Policy