GDPR COMPLIANCE POLICY

1. Introduction

Custom Brand Co Ltd ("we," "our," or "us") is committed to protecting the privacy and data rights of individuals, and we strive to comply with the General Data Protection Regulation (GDPR) to ensure the fair and lawful processing of personal data. This GDPR Compliance Policy outlines our data protection practices to protect the rights and privacy of individuals whose personal data we process.


2. Scope

This policy applies to all personal data collected, processed, and stored by Custom Brand Co Ltd during the course of our business operations. It covers data relating to employees, customers, suppliers, contractors, and any other individuals whose personal data we handle.


3. Principles of Data Protection

We adhere to the following principles when processing personal data in compliance with GDPR:

a. Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner to protect the rights of data subjects.

b. Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes, and it is not further processed in a manner incompatible with those purposes.

c. Data Minimization: We only collect and process personal data that is necessary and relevant for the purposes defined.

d. Accuracy: We strive to keep personal data accurate and up to date. Data subjects have the right to request corrections to their data.

e. Storage Limitation: Personal data is retained only for the time required to fulfill the purposes for which it was collected, or as required by law.

f. Integrity and Confidentiality: We implement appropriate security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.


4. Lawful Basis for Processing

We identify and document the lawful basis for processing personal data as defined in Article 6 of the GDPR. The lawful bases include:


a. Consent: When individuals provide explicit consent for the processing of their personal data for specific purposes.


b. Contractual Necessity: When processing is necessary for the performance of a contract with the data subject.


c. Legal Obligation: When processing is necessary to comply with legal obligations.


d. Legitimate Interests: When processing is necessary for our legitimate interests or the legitimate interests of a third party.


5. Rights of Data Subjects


We recognize and uphold the rights of data subjects as defined in Chapter 3 of the GDPR. These rights include:


a. Right to Access: Data subjects have the right to request access to their personal data held by us.


b. Right to Rectification: Data subjects can request corrections to inaccurate or incomplete personal data.


c. Right to Erasure: Data subjects have the right to request the deletion of their personal data under specific circumstances.


d. Right to Restriction of Processing: Data subjects can request a restriction on the processing of their personal data under certain conditions.


e. Right to Data Portability: Data subjects can request to receive their personal data in a structured, commonly used, and machine-readable format.


f. Right to Object: Data subjects can object to the processing of their personal data for certain purposes, including direct marketing.


6. Data Security

We implement appropriate technical and organizational measures to ensure the security of personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:


a. Access Controls: Limiting access to personal data to authorized personnel only.


b. Data Encryption: Encrypting sensitive personal data to protect its confidentiality.


c. Data Breach Response: Establishing a data breach response plan to detect, assess, and report any data breaches as required by GDPR.


7. Data Transfers

We ensure that any transfer of personal data outside the European Economic Area (EEA) complies with the GDPR requirements. Adequate safeguards, such as Standard Contractual Clauses or Privacy Shield Frameworks, will be put in place.


8. Data Protection Officer (DPO)

We have appointed a Data Protection Officer responsible for overseeing our data protection activities and compliance with the GDPR. Data subjects can contact the DPO at DPO@Custombrandco.com


9. Training and Awareness

We provide regular training to employees involved in processing personal data to ensure their understanding of GDPR requirements and data protection best practices.


10. GDPR Compliance Review

We conduct periodic reviews of our data processing activities to ensure ongoing compliance with GDPR and other applicable data protection laws.


11. Contact Information

If you have any questions or concerns about our GDPR compliance or wish to exercise your data rights, please contact us at:

GDPR@custombrandco.com

  • Home
  • Privacy Policy
  • GDPR Policy

CUSTOM BRAND CO LTD

The Old Post Office, 41-43 Market Place, Chippenham, Wiltshire, England, SN15 3HR

Company No: 14807823

Copyright © 2024 Custom Brand Co Ltd - All Rights Reserved.

Powered by GoDaddy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept