This Policy sets out the obligations of RPM Consultants, a trading name of Resources Productivity Management Limited, a company registered in England and Wales under company number 01953431, whose registered office address is 500 Charlotte Road, Sheffield, England, S2 4ER (“the Company/we/us/our”) regarding data protection and the rights of our clients, and their customers and tenants, prospective clients, employees, subcontractors and business contacts (“data subjects”) in respect of their personal data under the UK General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”).
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets our obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out in this Policy must be followed at all times by us as a Company, as well as our employees, agents, sub-contractors, or other parties working on our behalf.
We are committed not only to the letter of the law, but also to the spirit of the law and we place high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom we deal.
This Policy aims to ensure compliance with the GDPR and the DPA. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
The GDPR sets out the following rights applicable to data subjects (please refer to the relevant parts of this policy for further details):
We will only collect and process personal data for and to the extent necessary for the specific purpose or purposes of which data subjects have been informed (or will be informed) as under clause 5 above.
We will ensure that all personal data collected, held, and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Further details of the technical and organisational measures which shall be taken are provided in clauses 21 to 26 of this Policy.
We do not use personal data in automated decision-making processes.
We do not use personal data for profiling purposes.
When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it will be securely deleted and disposed of.
This Policy shall be deemed effective as of July 2021. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.