EXFIRE Personal Data Protection Policy

1. Introduction

This policy has been prepared to outline our legal obligations regarding the protection and processing of personal data as EXFIRE in the United Kingdom. This policy is designed to protect individuals' privacy rights and to ensure transparency and accountability in the processing of personal data, in accordance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

2. Scope and Definitions

2.1. This policy covers all personal data processed by EXFIRE.

2.2. "Personal data" refers to any information that can directly or indirectly identify an individual.

3. Data Protection Principles

3.1. EXFIRE processes personal data in accordance with the following data protection principles:

a. Lawfulness, fairness, and transparency: Data is processed lawfully, fairly, and transparently.

b. Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

c. Data minimization: Collected data is limited to what is necessary in relation to the purposes for which they are processed.

d. Accuracy: Data is accurate and, where necessary, kept up to date.

e. Storage limitation: Data is kept for no longer than is necessary for the purposes for which the personal data are processed.

f. Integrity and confidentiality: Data is processed in a manner that ensures appropriate security.

4. Rights of Individuals

4.1. Data subjects have the following rights over their personal data:

a. Right of access: Individuals can request access to their personal data.

b. Right to rectification: Incorrect or incomplete data can be requested to be corrected.

c. Right to erasure: Under certain conditions, individuals can request the deletion of their personal data.

d. Right to restriction of processing: Under certain conditions, processing of data can be requested to be restricted.

e. Right to data portability: Individuals can request the transfer of their personal data to another data controller.

f. Right to object: Individuals can object to the processing of their personal data in certain ways.

5. Data Security

5.1. EXFIRE implements appropriate technical and organizational measures to ensure the security of personal data.

6. Breaches and Notifications

6.1. In the event of any data breach, EXFIRE will notify the relevant authorities and affected individuals as required by law.

7. Changes and Updates

7.1. This policy may be updated from time to time in response to legal requirements and changes in business practices.

Contact and Complaints

For any questions, comments, or complaints, please email gdpr@exfire.co.uk or contact our corporate office.

This policy was last updated on 11/11/2023.