GDPR POLICY STATEMENT & PRIVACY NOTICE
Horus Communications regards the lawful and appropriate treatment of the personal and company information of our clients, prospects, business partners and suppliers as very important to its successful operations and essential to maintaining confidence between the company and those with whom it carries out business. The company recognise and accepts its responsibility as set out in the GDPR 2018 guidelines and is registered with the Information Commissioner’s Office (ICO) as a Data Controller [our Registration Number is: ZA201739] and will take all reasonable steps to meet this responsibility and to promote good practice in the handling and use of personal information to ensure compliance.
The company needs to collect and use information about people and companies with whom there may be a legitimate interest in the services we provide in order to operate and carry out its functions. These may include current, past and prospective clients, industry specialists, competitors, contractors, advisers, suppliers and other professional experts. We will always respect how you want us to use your details and our commitment to protecting your data will never change. We store basic information which includes contact details, projects we work on, opportunities where are services may be of value, timeline history of communications, and if applicable, accounting records for services supplied. This information will be handled and dealt with properly however it is collected, recorded and used and whether it is on paper, in our ACT contact management database, in other computer records or recorded by other means. We will always manage the data we hold responsibility and take great care to keep it safe and secure.
The company fully endorses and adheres to the Principles of the General Data Protection Regulations and will, through management and use of appropriate controls, monitoring and review:
• Use personal and company data in the most efficient and effective way to deliver better services
• Strive to collect and process only the data or information which is needed
• Use personal data for such purposes to promote our services and maintain our own accounts and records
• Strive to ensure information is accurate
• Not keep information for longer than is necessary
• Securely destroy data which is no longer needed
• Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data)
• Ensure that the rights of people about whom information is held can be fully exercised under the GDPR 2018 guidelines. These rights include:
The right to access their own personal information within 40 days of request
The right to prevent processing in certain circumstances
The right to correct, rectify, block or erase information regarded as wrong information
Ensure that the company will have an officer specifically responsible for data protection
Provide guidance and training for members of staff
• Ensure that any breaches of this policy are dealt with appropriately
The Data Protection Act stipulates that anyone processing personal data must comply with 8 principles of good practice. These principles are legally enforceable.
Summarised, the principles require that personal data:
1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met
2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed
4. Shall be accurate and where necessary, kept up to date
5. Shall not be kept for longer than is necessary for that purpose or those purposes
6. Shall be processed in accordance with the rights of data subjects under the Act
7. Shall be kept secure, i.e. protected by an appropriate degree of security
8. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection
OUR MARKETING COMMUNICATIONS
From time to time we send out information and updates about our services to our contacts database on the basis of ‘legitimate interest’. Anyone has a right at any time to ask to unsubscribe from future communications.
In circumstances where an individual will ask the company to remove or delete their details from its database or marketing list (for example to opt out of receiving future promotional marketing emails) the company will follow the marketing industry practice of suppressing their details. Rather than deleting an individual’s details entirely, suppression involves recording such request in the appropriate field of the company’s ACT database to ensure that their preferences are respected in future. Suppression allows the company to ensure that it does not send marketing to people who have asked it not to, and means that there is a record against which any new marketing lists can be checked.
GUY COSTLEY
MANAGING DIRECTOR