• UK Manufacturer

  • Large Volume Fit-Out Suppliers

  • Manufacture, Supply & Install

  • Nationwide Support Team

NHC Group

Data Protection Policy

Data Protection Policy

NHC Group Ltd is committed to transparent and responsible data handling practices. This policy details how we collect, use, and protect the personal data of our customers, suppliers, contractors, employees, and other stakeholders.

Data Protection Officer

Our Data Protection Officer (DPO) is responsible for advising on and monitoring our data protection obligations. Joanne can be contacted at info@nhcgroup.co.uk for any queries or requests regarding this policy.

Definitions

  • Personal Data: Information relating to an identifiable living individual. This includes, but is not limited to, names, addresses, and email addresses.
  • Processing: Any action performed on personal data, such as collection, storage, amendment, or deletion.
  • Special Categories of Personal Data: This includes details about racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health information, and sexual orientation.


Key Responsibilities

Our Board of Directors ensures compliance with data protection obligations.
The DPO oversees data protection strategies, conducts regular reviews, and ensures staff training.


Data Protection Principles

  • We process personal data lawfully, fairly, and transparently.
  • Data collection is for specified and legitimate purposes.
  • Data processing is limited to necessary data only.
  • We strive to keep personal data accurate and up-to-date.
  • Personal data is retained only as long as necessary.
  • We ensure appropriate security of personal data.


Individual Rights

  • Access: Individuals can request access to their personal data.
  • Rectification: Requests for correction of inaccurate data.
  • Erasure: Right to request deletion of data in certain circumstances.
  • Data Portability: Right to transfer personal data to another entity.


Data Breach Response

We will report significant breaches to the relevant authority within 72 hours.
Affected individuals will be informed about breaches that pose a high risk to their rights.


International Data Transfers

Data is not transferred outside the EEA unless adequate protection measures are in place.


Review and Update

This policy will be reviewed annually and updated as necessary. Updates will be communicated via our website and internal communications.


Contact Information for Data Subject Requests

To exercise any rights under this policy, please contact our DPO at info@nhcgroup.co.uk.


Employee Training and Awareness

Regular training and updates will be provided to employees on data protection practices.


Accessibility

This document is available in accessible formats upon request.