DATA PROTECTION POLICY
Understanding our Obligations
Meclec Ltd have assessed and documented all processing activities conducted regularly, those exposing data to a high-risk and any sensitive personal data. These activities have been justified using the Legal Bases and Special Conditions provided in the Regulations and written into a Privacy Notice
Data Subject Access Rights
Individuals have the right to request details of any personal information that Meclec Ltd may hold on you, and you have increased rights regarding our use of that information, including.
- The right to request rectification of information that is inaccurate or out of date
- The right to erasure of your information (also known as “the right to be forgotten”)
- The right to restrict the way in which we are dealing with and using your information
- The right to request that your information be provided to you in a format that is secure and suitable for re-use (also known as “the right to portability”).
Meclec Ltd acknowledges that any person may ask if any information is held containing their personal data. Meclec Ltd will respond to written requests as soon as possible, not taking any longer than 30 days to provide copies of any data held. The company shall correct any errors if requested and agrees to delete records where this is permitted under the Legal Basis.
Review of Data Protection Policy and Privacy Notice
Data Protection is a standing agenda item at Meclec Ltd Director Meetings; this includes a review of the Data Protection Impact Assessment and Privacy Notice for relevance and accuracy. The documents, and this policy document, shall be reviewed in full at least annually.
Planning of Changes
Data Protection and the management of information security will be considered as part of any significant business changes.
Every effort is made to manage the personal information held by Meclec Ltd in a responsible and secure manner. To this end, all network equipment is encrypted, and password protected.
Personnel files are kept in a locked cabinet in an office that is attended at all times.
In the event of a breach, such as a break-in, loss or theft of a laptop or phone, all staff and current contractors, will be made aware. If there is a serious risk of personal data being misused, then all contacts will be informed, and the incident reported to the Information Commissioner’s Office within three days of the breach being discovered; Meclec Ltd will then take guidance on further action from the ICO.