ABCX Logo

Download

Data Protection Policy

1. Purpose

ABC Consortium Limited (“we,” “us,” or “our”) is committed to ensuring the security and confidentiality of personal data we process in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Data Protection Policy outlines our practices and responsibilities in safeguarding personal data.

2. Scope

This policy applies to all employees, contractors, consultants, and any third parties who process personal data on behalf of ABC Consortium Limited. It encompasses all personal data processed by the company, regardless of format or location.

3. Definitions

  • Personal Data: Any information that relates to an identified or identifiable individual.
  • Processing: Any operation or set of operations performed on personal data, such as collection, storage, alteration, retrieval, or destruction.
  • Data Subject: An individual whose personal data is processed by us.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the Data Controller.

4. Principles of Data Protection

We adhere to the following principles as outlined in the UK GDPR:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in an incompatible manner.
  • Data Minimization: Data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accuracy: We ensure personal data is accurate and kept up to date.
  • Storage Limitation: Data is retained only as long as necessary for its processing purposes.
  • Integrity and Confidentiality: We process personal data securely to prevent unauthorized access, loss, or damage.

5. Data Collection and Use

5.1 Purpose of Data Collection

  • Personal data is collected only for specific, explicit, and legitimate purposes, including:
  • Provision of SaaS services to customers.
  • Account management and billing.
  • Customer support and communication.
  • Marketing activities, where consent has been provided.
  • Compliance with legal obligations.

5.2 Lawful Basis for Processing

  • Processing of personal data will only occur when at least one of the following applies:
  • Consent has been obtained from the data subject.
  • Processing is necessary for the performance of a contract.
  • Processing is required to comply with legal obligations.
  • Processing is in the legitimate interest of the Company, provided it does not override the rights of the data subject.

6. Roles and Responsibilities

  • Data Protection Officer (DPO): Responsible for overseeing data protection practices and ensuring compliance with the UK GDPR.
  • Employees and Contractors: Must adhere to this policy and report any suspected data breaches.
  • Third-Party Processors: Required to comply with our data protection standards and enter into data processing agreements.

7. Data Subject Rights

  • We recognize and uphold the rights of data subjects, including:
  • Right to access their personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing.
  • Right to withdraw consent where applicable.

8. Data Security

  • We implement technical and organizational measures to safeguard personal data, including:
  • Encryption and pseudonymization of data where appropriate.
  • Secure storage and access controls.
  • Regular training for employees on data protection responsibilities.

Please refer to our Data Security, Integrity and Confidentiality policies.

9. Data Breach Management

In the event of a data breach:

  • Incidents must be reported to the DPO immediately.
  • We will assess the breach and notify the Information Commissioner’s Office (ICO) within 72 hours if required.
  • Affected individuals will be informed if the breach poses a high risk to their rights and freedoms.

10. Data Retention and Disposal

10.1 Retention Period

  • Personal data will be retained only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Specific retention periods are as follows:
  • Customer data: Retained for the duration of the contract and up to 6 years following termination to comply with legal and tax obligations.
  • Employee data: Retained for the duration of employment and up to 7 years post-employment.
  • Marketing data: Retained until consent is withdrawn or for 2 years following the last interaction.

10.2 Data Disposal

  • Data that is no longer required will be securely deleted or anonymized in accordance with the Company’s Data Disposal Policy.

11. Third-Party Processing

11.1 Third-Party Service Providers

ABC Consortium Limited may engage third-party processors to provide services such as hosting, analytics, and payment processing. These providers are required to:

  • Process data only for specified purposes and in accordance with our instructions.
  • Implement appropriate technical and organizational measures to ensure data security.
  • Comply with applicable data protection laws.

11.2 International Data Transfers

  • Where personal data is transferred outside the European Economic Area (EEA), the Company will ensure adequate safeguards are in place, such as Standard Contractual Clauses or reliance on an adequacy decision by the European Commission.

12. Training and Awareness

All employees and contractors are required to undergo regular training on data protection principles and this policy to ensure compliance.

13. Monitoring and Review

This policy will be reviewed annually or as needed to reflect changes in legislation or business practices. Non-compliance with this policy may result in disciplinary action.

14. Contact Information

For questions about this policy or to exercise data subject rights, please contact: ABC Consortium Limited, 51 Grosvenor Road, Petts Wood, Orpington. BR51QT.

Email: contact@abcxchange.com

Telephone: +44 7919525110

Last updated 15/01/2025

ABCXChange logo
Promote your portfolio companies in scale up stage, and help them raise additional capital. All in total privacy and confidentiality.

Others

Privacy
Terms
Data Protection

Let’s Connect

twitterlinkedin
AppStore Logo
PlayStore Logo