GDPR POLICY
- INTRODUCTION
ZHERO LIMITED is committed to ensuring the protection and privacy of personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This GDPR Policy outlines our commitment to safeguarding personal data and maintaining transparency in its processing activities.
- POLICY STATEMENT
ZHERO LIMITED recognizes the importance of protecting the rights and freedoms of individuals regarding the processing of their personal data. We are dedicated to implementing appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data in our possession.
- RESPONSIBILITIES
3.1 Management:
Establishing and maintaining policies, procedures, and controls to ensure compliance with GDPR requirements.
Appointing a Data Protection Officer (DPO) responsible for overseeing GDPR compliance and serving as the point of contact for data protection inquiries.
3.2 Employees:
Adhering to GDPR principles and ZHERO LIMIITED’s data protection policies in all personal data processing activities.
Reporting any breaches of personal data security or potential GDPR violations to the designated Data Protection Officer.
- DATA PROCESSING PRINCIPLES
ZHERO LIMITED adheres to the following GDPR principles in all data processing activities:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
- DATA SUBJECT RIGHTS
ZHERO LIMITED respects the rights of data subjects under the GDPR, including the rights to:
- Access personal data
- Rectify inaccurate personal data
- Erase personal data (“right to be forgotten”)
- Restrict processing
- Data portability
- Object to processing
- Not be subject to automated decision-making
- DATA PROTECTION MEASURES
ZHERO LIMITED implements appropriate technical and organizational measures to protect personal data, including:
- Encryption of personal data
- Access controls and authentication mechanisms
- Regular data backups
- Employee training on data protection best practices
- Data protection impact assessments (DPIAs) for high-risk processing activities
- DATA BREACH NOTIFICATION
In the event of a personal data breach, ZHERO LIMITED will promptly assess the risk to individuals’ rights and freedoms and, if necessary, report the breach to the relevant supervisory authority and affected data subjects in accordance with GDPR requirements.
- INTERNATIONAL DATA TRANSFERS
ZHERO LIMITED ensures that any international transfers of personal data comply with GDPR requirements, including implementing appropriate safeguards such as standard contractual clauses or obtaining data subject consent where necessary.
- DATA PROTECTION BY DESIGN AND DEFAULT
ZHERO LIMITED integrates data protection principles into its data processing activities from the outset (“data protection by design”) and ensures that only necessary personal data is processed for each specific purpose (“data protection by default”).
- POLICY REVIEW
This GDPR Policy will be reviewed periodically to ensure its effectiveness and compliance with evolving data protection laws and best practices. Updates will be made as necessary to address emerging risks and regulatory requirements related to personal data protection.
By adhering to this GDPR Policy, ZHERO LIMITED reaffirms its commitment to protecting the privacy and rights of individuals in accordance with GDPR principles and requirements.
- CONTACT US
If you have any questions about this GDPR Policy or concerns about its application, please contact us at
Email: info@zhero.co.uk
Phone: +44 20 7183 0234
Post: ZHERO LIMITED
ATT: Data Protection Officer
162 Farringdon Road
London
EC1R 3AS
United Kingdom