Data Processing Policy

  1. Introduction

This Data Processing Policy outlines the principles and procedures that Enhanced Operating Systems Ltd follows to ensure the protection and confidentiality of data processed and held on behalf of our clients. This policy is designed to comply with relevant data protection laws and regulations.

  1. Scope

This policy applies to all employees, contractors, and third-party service providers who process or have access to client data. It covers all data processing activities, including collection, storage, use, transfer, and disposal of client data.

  1. Data Collection
    • Purpose Limitation: Data will only be collected for specified, explicit, and legitimate purposes. We will not process data in a manner that is incompatible with those purposes.
    • Data Minimisation: We will collect only the data that is necessary for the purposes for which it is processed.
  1. Data Processing
    • Lawfulness, Fairness, and Transparency: Data processing will be conducted lawfully, fairly, and in a transparent manner. Clients will be informed about the processing activities and their purposes.
    • Accuracy: We will ensure that data is accurate and kept up to date. Inaccurate data will be corrected or deleted promptly.
    • Storage Limitation: Data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
  1. Data Security
    • Confidentiality and Integrity: We will implement appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of data.
    • Access Control: Access to data will be restricted to authorised personnel only. Access rights will be reviewed regularly.
    • Data Encryption: Data where possible will be encrypted during transmission and storage to protect it from unauthorised access.
  1. Data Sharing and Transfer
    • Third-Party Processors: We will ensure that third-party processors comply with data protection standards equivalent to our own. Contracts with third-party processors will include data protection clauses.
    • International Transfers: Data will not be transferred to countries outside the European Economic Area (EEA) unless appropriate safeguards are in place.
  1. Data Subject Rights
    • Access: Data subjects have the right to access their data and obtain information about its processing.
    • Rectification: Data subjects have the right to request the correction of inaccurate data.
    • Erasure: Data subjects have the right to request the deletion of their data under certain conditions.
    • Restriction of Processing: Data subjects have the right to request the restriction of processing under certain conditions.
    • Data Portability: Data subjects have the right to receive their data in a structured, commonly used, and machine-readable format.
  1. Data Breach Management
    • Incident Response: We will implement procedures to detect, report, and investigate data breaches.
    • Notification: In the event of a data breach, we will notify the relevant supervisory authority and affected data subjects without undue delay.
  1. Compliance and Monitoring
    • Training: Employees will receive training on data protection principles and practices.
    • Audits: Regular audits will be conducted to ensure compliance with this policy and relevant data protection laws.
  1. Review and Updates

This policy will be reviewed and updated regularly to reflect changes in data protection laws and best practices.

Submit an enquiry