We are a global management consultancy that delivers exceptional outcomes and sustainable change

Talk To A Consultant
Talk To A Consultant

Data Protection Policy

Introduction

Greaux Consulting is committed to maintaining the privacy, confidentiality, and security of personal data. This Data Protection Policy outlines our approach to data protection and data privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

Scope

This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of the Company. It covers all personal data processed by the Company, regardless of its format (electronic, paper, etc.).

Data Protection Principles

The Company adheres to the following data protection principles:

  1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
  5. Storage Limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  6. Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Subject Rights

The Company recognizes the following rights of data subjects:

  1. Right to be Informed: Data subjects have the right to be informed about the collection and use of their personal data.
  2. Right of Access: Data subjects have the right to access their personal data and supplementary information.
  3. Right to Rectification: Data subjects have the right to have inaccurate personal data rectified or completed if it is incomplete.
  4. Right to Erasure: Data subjects have the right to have their personal data erased under certain conditions.
  5. Right to Restrict Processing: Data subjects have the right to request the restriction or suppression of their personal data under certain conditions.
  6. Right to Data Portability: Data subjects have the right to obtain and reuse their personal data for their own purposes across different services.
  7. Right to Object: Data subjects have the right to object to the processing of their personal data in certain circumstances.
  8. Rights in Relation to Automated Decision Making and Profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Data Security

The Company implements appropriate technical and organizational measures to ensure the security of personal data, including:

  1. Access Controls: Limiting access to personal data to authorized personnel only.
  2. Encryption: Using encryption to protect personal data in transit and at rest.
  3. Data Backup: Regularly backing up data to ensure it can be restored in case of data loss.
  4. Physical Security: Implementing physical security measures to protect data stored on physical media.
  5. Training: Providing regular training to employees on data protection best practices.

Data Breach Response

In the event of a data breach, the Company will:

  1. Immediate Action: Take immediate steps to contain and mitigate the breach.
  2. Assessment: Conduct a thorough assessment to determine the nature and extent of the breach.
  3. Notification: Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, if required by law.
  4. Communication: Inform affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  5. Review: Review and improve data protection measures to prevent future breaches.

Data Processing Records

The Company maintains records of all processing activities involving personal data, including:

  1. Purposes of Processing: The reasons for processing personal data.
  2. Categories of Data: The types of personal data processed.
  3. Data Subjects: The categories of data subjects whose personal data is processed.
  4. Data Recipients: The entities with whom personal data is shared.
  5. Data Transfers: Details of any transfers of personal data to third countries or international organizations.
  6. Retention Periods: The duration for which personal data will be stored.

Data Protection Officer

The Company has appointed a Data Protection Officer (DPO) to oversee data protection compliance. The DPO's responsibilities include:

  1. Advising: Providing advice on data protection obligations.
  2. Monitoring: Monitoring compliance with data protection laws and policies.
  3. Training: Conducting data protection training and awareness activities.
  4. Point of Contact: Serving as the point of contact for data subjects and supervisory authorities.

Policy Review

This policy will be reviewed annually and updated as necessary to ensure continued compliance with data protection laws and best practices.

Contact Information

For questions or concerns regarding this Data Protection Policy, please contact:
Talk To A Consultant

Name(Required)
Company Website Address(Required)

Seize opportunitiy before you leave!

Ready to take your operations to the next level?
Simply fill out the form to schedule a consultation with our expert consultants.

First Name*(Required)