GDPR Compliance Assurance: Statement for Our Customers
Purpose of this Statement
The General Data Protection regulation (GDPR), coming into force on the 25th May 2018, will be one of the strictest pieces of privacy legislation globally. Tritec Interiors Ltd believes that privacy is a very important right for citizens and wishes to assure all the company’s customers that we are working hard on ensuring compliance in all areas of our business.
Within this statement we wanted to highlight to our customers the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data on your behalf.
Senior Management within Tritec Interiors Ltd are taking full responsibility for all matters relating to data protection and GDPR compliance. They will ensure that we are accountable and transparent to the supervisory authorities, including the creation and maintenance of “Records of processing activities” as per Article 30 of the GDPR.
To adhere to the GDPR requirement that a data controller (our customer) must appoint the processor Tritec Interiors Ltd) in the form of binding written agreement, with the personal data processed (including the activities of any sub- processors) only on instructions from the controller or the requirements of EU law or the national laws of Member States. From May 25th 2018 we will ensure all our agreements are GDPR compliant. This will ensure that relevant wordings are in place to cover aspects such as – cover the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the controller. It will also, where applicable, cover cross border transfers and the use of any sub processors.
Security and Business Continuity Measures
Tritec Interiors Ltd continually seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.
In demonstration of this, we have processes compliant with the following standards:
- ISO 9001:2015 UKAS certification for Quality Management Systems
- ISO 14001:2015 UKAS certification for Environmental Management Systems
- OHSAS 18001 UKAS certification for occupational Health & Safety Management Systems
- CHAS contractors health & safety assessment scheme
- Constructionline – accredited
- FIS Member- Finishes and Interiors Sector
- Guidance compliance for Business Continuity Management
- Compliance for Secure destruction of confidential material
- Compliance for Information Security
Under the GDPR, we must notify any data breach to the controller (our customer), without undue delay. Tritec Interiors Ltd therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller.
We would provide the controller with:
- A description of the nature of the breach
- Contact details of the responsible data protection officer or any other contact person
- Likely consequences of the breach
- Proposed and imposed measures that were taken to limit harmful effects
We would stress again that we have comprehensive technical and organisational security measures in place to mitigate against a data breach.
Data Subject Rights
Under the GDPR there are significant enhancements to the rights that individuals enjoy with regards their personal data. Tritec Interiors Ltd can work with customers for whom we hold or process personal data in order to determine how best to facilitate:
- Handling Data Subject Access Requests Rectification of personal data
- The application of retention periods and the secure erasure / destruction of personal data
- Responding to data portability requests, providing it in a structured, commonly used and machine-readable format