Arcadia Agency
Still loading... Good things comes to those who wait :)

Arcadia Agency Data Protection Policy

Arcadia Agency

DATA PROTECTION POLICY

  1. Introduction
    1.1. Arcadia Agency (“the Company”) is committed to protecting the privacy and
    personal information of individuals and ensuring compliance with applicable data
    protection laws, including but not limited to the General Data Protection Regulation
    (GDPR) and the UK Data Protection Act 2018.
    1.2. This Data Protection Policy (“Policy”) outlines the principles and guidelines that the
    Company follows when collecting, using, disclosing, storing, and disposing of personal
    information.
  2. Scope
    2.1. This Policy applies to all employees, contractors, and third parties who process
    personal information on behalf of the Company.
  3. Principles
    3.1. The Company is committed to upholding the following data protection principles:
    3.1.1. Lawfulness, Fairness, and Transparency: Personal information shall be
    processed lawfully, fairly, and in a transparent manner.
    3.1.2. Purpose Limitation: Personal information shall be collected for specified,
    explicit, and legitimate purposes and not further processed in a manner
    incompatible with those purposes.
    3.1.3. Data Minimization: Personal information shall be adequate, relevant, and
    limited to what is necessary for the purposes for which it is processed.
    3.1.4. Accuracy: Personal information shall be accurate and kept up to date.
    Reasonable steps shall be taken to rectify or erase inaccurate or incomplete
    information.
    3.1.5. Storage Limitation: Personal information shall be kept in a form that
    permits identification of data subjects for no longer than necessary for the
    purposes for which it is processed.
    3.1.6. Security: Appropriate technical and organizational measures shall be
    implemented to ensure the security of personal information, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage. 3.1.7. Accountability: The Company shall be responsible for complying with these data protection principles and be able to demonstrate compliance.
  1. Roles and Responsibilities
    4.1. The Company shall appoint a Data Protection Officer (DPO) who will be responsible
    for overseeing the Company’s data protection activities, ensuring compliance with
    applicable laws and regulations, and acting as a point of contact for data subjects and
    regulatory authorities.
    4.2. All employees and individuals who process personal information on behalf of the
    Company shall be responsible for complying with this Policy and following established
    data protection procedures.
  2. Data Collection and Use
    5.1. The Company shall only collect personal information that is necessary for specified
    and legitimate purposes. Personal information shall be processed in accordance with the
    data subject’s consent or other lawful bases for processing as defined under applicable
    data protection laws.
    5.2. Personal information shall not be used for purposes other than those for which it
    was collected unless required or authorized by law.
  3. Data Subject Rights
    6.1. The Company shall respect and uphold the data subject’s rights, including the right
    to access, rectify, erase, restrict processing, object to processing, data portability, and
    not to be subject to automated decision-making, including profiling.
    6.2. Requests from data subjects regarding their rights shall be promptly acknowledged,
    and necessary actions shall be taken within the timelines prescribed by applicable data
    protection laws.
  4. Data Security
    7.1. The Company shall implement appropriate technical and organizational measures to
    ensure the security of personal information and protect it against unauthorized or
    unlawful processing, accidental loss, destruction, or damage. 7.2. Regular reviews and audits of data security measures shall be conducted to identify and address any vulnerabilities or risks.
  1. Data Breach Notification
    8.1. The Company shall establish and maintain procedures for detecting, investigating,
    and responding to personal data breaches promptly.
    8.2. In the event of a personal data breach, the Data Protection Officer shall be notified
    immediately. The Company shall assess the risk to data subjects and, if required, notify
    the appropriate supervisory authority and affected data subjects in accordance with
    applicable data protection laws.
  2. Data Transfer
    9.1. The Company shall ensure that any transfer of personal information to a third party,
    including transfers to countries outside the European Economic Area (EEA), is
    conducted in compliance with applicable data protection laws.
  3. Training and Awareness
    10.1. The Company shall provide regular training and awareness programs to
    employees and individuals who process personal information to ensure their
    understanding of data protection laws, this Policy, and their responsibilities in protecting
    personal information.
  4. Policy Compliance and Review
    11.1. Compliance with this Policy shall be monitored regularly, and any identified issues
    or breaches shall be promptly addressed.
    11.2. This Policy shall be reviewed periodically and updated as necessary to ensure its
    continued relevance and compliance with applicable data protection laws.
  5. Contact Information
    12.1. For any inquiries, concerns, or requests relating to data protection and this Policy,
    please contact the Data Protection Officer at:
    Bryn Jones
    128 City Road, EC1V 2NX, London, United Kingdom (non postal)
    [email protected]