Large Volume Fit-Out Suppliers
Manufacture, Supply & Install
Nationwide Support Team
Data Protection Policy
NHC Group Ltd is committed to transparent and responsible data handling practices. This policy details how we collect, use, and protect the personal data of our customers, suppliers, contractors, employees, and other stakeholders.
Data Protection Officer
Our Data Protection Officer (DPO) is responsible for advising on and monitoring our data protection obligations. Joanne can be contacted at firstname.lastname@example.org for any queries or requests regarding this policy.
- Personal Data: Information relating to an identifiable living individual. This includes, but is not limited to, names, addresses, and email addresses.
- Processing: Any action performed on personal data, such as collection, storage, amendment, or deletion.
- Special Categories of Personal Data: This includes details about racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health information, and sexual orientation.
Our Board of Directors ensures compliance with data protection obligations.
The DPO oversees data protection strategies, conducts regular reviews, and ensures staff training.
Data Protection Principles
- We process personal data lawfully, fairly, and transparently.
- Data collection is for specified and legitimate purposes.
- Data processing is limited to necessary data only.
- We strive to keep personal data accurate and up-to-date.
- Personal data is retained only as long as necessary.
- We ensure appropriate security of personal data.
- Access: Individuals can request access to their personal data.
- Rectification: Requests for correction of inaccurate data.
- Erasure: Right to request deletion of data in certain circumstances.
- Data Portability: Right to transfer personal data to another entity.
Data Breach Response
We will report significant breaches to the relevant authority within 72 hours.
Affected individuals will be informed about breaches that pose a high risk to their rights.
International Data Transfers
Data is not transferred outside the EEA unless adequate protection measures are in place.
Review and Update
This policy will be reviewed annually and updated as necessary. Updates will be communicated via our website and internal communications.
Contact Information for Data Subject Requests
To exercise any rights under this policy, please contact our DPO at email@example.com.
Employee Training and Awareness
Regular training and updates will be provided to employees on data protection practices.
This document is available in accessible formats upon request.