Privacy Policy
Privacy Policy & UK GDPR Compliance Statement
Introduction
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act
2018 govern how we collect, process, and protect personal data. These laws ensure that
individuals have greater control over their personal information and that organisations handle
data responsibly and transparently.
At Christy Plumbing & Heating Ltd, we are committed to safeguarding the personal
information we process and to complying with all applicable data protection laws. This policy
outlines our approach to data protection, the measures we have in place, and the rights you
have regarding your personal data.
Our Commitment
Christy Plumbing & Heating Ltd is dedicated to ensuring the security and protection of the
personal information we process. We have implemented a robust data protection framework
that complies with the UK GDPR and the Data Protection Act 2018. Our commitment
includes:
- Ensuring transparency in how we collect, use, and store personal data.
- Implementing technical and organisational measures to protect data from breaches,
loss, or misuse. - Regularly reviewing and updating our policies and procedures to maintain
compliance.
How We Comply with UK Data Protection LawsTo meet our obligations under the UK GDPR and the Data Protection Act 2018, we have
taken the following steps:
1. Information Audit
We have conducted a company-wide audit to identify the personal data we hold, its
source, how it is processed, and with whom it is shared.2. Policies and Procedures
We have updated our data protection policies and procedures to ensure they meet
the standards of the UK GDPR. These include:
o Data Protection Policy: Outlines our approach to data protection, including
accountability, governance, and privacy by design.o Data Retention and Erasure Policy: Ensures we comply with the principles
of data minimisation and storage limitation. We retain personal data only for
as long as necessary and have procedures in place to securely delete data
when it is no longer needed.
o Data Breach Procedures: We have robust measures to identify, assess, and
report data breaches promptly to the relevant authorities and affected
individuals, where required.
o Subject Access Request (SAR) Procedures: We respond to SARs within
30 days, providing individuals with access to their personal data free of
charge.3. Legal Basis for Processing
We ensure that all processing activities have a valid legal basis under the UK GDPR,
such as consent, contractual necessity, or legitimate interests. We maintain records
of our processing activities as required by Article 30 of the UK GDPR.4. Privacy Notice
We provide clear and accessible information to individuals about how their data is
used, their rights, and how to contact us. Our privacy notice is available on our
website and provided to customers at the point of data collection.5. Consent Mechanisms
Where we rely on consent to process personal data, we ensure it is freely given,
specific, informed, and unambiguous. Individuals can easily withdraw consent at any
time.6. Data Security
We use technical measures such as firewalls, encryption, and secure storage to
protect personal data. We also ensure that any third parties processing data on our
behalf comply with UK GDPR requirements.7. Employee Training
We provide regular training to employees.
If you believe that we have not complied with your data protection rights, in the first instance please contact Sarah Christy (Data Protection ) on 01234325620 or info@chrisytplumbing.co.uk you can complain to the Information Commissioner.”