Statement of Policy

Purpose

ISO Management Consultants Ltd respects individuals’ rights of privacy and of protection of personal data. The company also recognizes the necessity of open and frank communication and of the collection of personal and sensitive personal data in order to accomplish its business activity, as well as the corresponding necessity to maintain confidentiality and ensure that information is adequately protected.

 

 

Operational Principles

This company handles all personal data in accordance with the following principles:

  1. Personal data will be processed in a fair and lawful manner.
  2. Personal data will be collected, processed, and used only to the extent necessary to fulfil the business purposes of the organization.
  3. Personal data will be accurate and kept up to date. Any error will be corrected as soon as possible.
  4. Personal data will be kept only for as long as is necessary for the legitimate purpose(s) of this business.
  5. Due consideration will be given to respecting the rights of data subjects.
  6. Appropriate technical and organizational measures will be taken to prevent unauthorized or unlawful disclosure of personal data. All computer-held personal data is maintained on password-protected computers to which only authorized users hold passwords. Offices are locked after office hours, and only authorized staff may gain entry.
  7. Personal data will not be transferred to other organizations unless this is necessary to accomplish its business purposes.

Scope

Personal data will be used by this business organization to achieve its business objectives.

 

 

Rights of Data Subjects

 

Whenever we process personal data, we take reasonable steps to ensure that personal data is kept accurate and up to date for the purposes for which it was collected. A data subject has the following rights regarding the personal data submitted to us:

  • They can request information about the collection and use of their personal information;
  • They can request to access, correct, erase, or block your personal information if it is incomplete or inaccurate;
  • Where they have legitimate grounds for doing so, they can object to the processing of their personal information and request us not to process it any further.

 

If a data subject wishes to carry out any of the above, they should contact the company Data Controller.

 

 

Upon receipt of a written request, after the provision of sufficient evidence of identity, and enough information to permit us to identify their personal data, the data controller will fairly consider granting the request by balancing the interests of the individual in gaining access to data or correcting or deleting data against the legitimate interests of the business, including whether granting the request would endanger the organization’s right to carry on its business. We will also notify any third-party recipients of the necessary changes.

 

Personal data may not be erased if processing is required by law or if the data may be kept for another legal basis. Requests to delete personal data are subject to any applicable legal reporting or document retention requirements imposed on us. You may also lodge a complaint with your local data protection authority about the processing of the personal data provided to us.

 

Performance

This company will abide by the requirements of the current data protection regulations in communicating with data subjects regarding their personal data; including taking steps to make sure it remains accurate.

 

Basis

The Data Protection Law in this country is: General Data Protection Regulation (EU) 2016/679.

Authorised:

 

 

Name: Mike Doyle                                                                                                                    Position: Managing Director

 

 

Signature:   Mike Doyle                                                                                                  Date:               21/08/2023.