GDPR Policy - Zhero

Home » GDPR Policy

GDPR POLICY (Data Protection and Access to Information)

Effective Date: May 2018

ZHERO rigorously complies with the EU General Data Protection Regulation (GDPR). The GDPR uses a Privacy by Design approach in which data protection is implemented throughout the entire lifecycle of any project. Under the GDPR, organisations in breach can be fined up to 4% of annual turnover or €20 million, whichever amount is greater.

Any personal or sensitive information on an individual which the Company holds is covered by this legislation. This includes emails too. If you receive a subject access request, you should refer this immediately to your line manager.

If you are a user of such information you need to be sure that you are not breaching any data protection rules when you store or use information and when you write and send emails. This could include but is not limited to:

Using data which has not been kept up to date.
Passing on or processing personal information about an individual without their consent.
Keeping personal information longer than necessary.
Sending personal information outside the country.

If any breach of data protection rules is discovered such as the leaking or hacking of personal or sensitive data, this should be reported immediately to your HOD, and any immediate action should be taken to close down such leaks. Your HOD will ensure this is properly investigated and the appropriate reporting actions taken if necessary.

Employees can request access to the information held on them by the Company. All requests by employees to gain access to such records should be made in writing. There is no charge for this service.

The protection of client data and security of our networks is imperative for ZHERO to operate effectively and avoid litigation. Sensitive client data is a critical asset and you are required to be alert to this fact, both in the office and when working off-site.

Please also ensure that an NDA is issued, signed and countersigned for all contractor or partners where liaising potential sensitive data might occur.

Part of ZHERO’s data protection compliance means that you will be required to sign a Non-Disclosure Agreement (NDA) for all projects that involve the processing of sensitive and confidential client and company data. Ensure that the NDA is countersigned by your HOD. The NDA protects client data which may not be disclosed to third parties under any circumstances.

WHAT IS THE GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the UK. It also addresses the export of personal data outside the EU and the UK. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business.

Because GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.

TO WHOM DOES THE GDPR APPLY?

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

WHAT CONSTITUTES PERSONAL DATA?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

PRINCIPLES OF THE GDPR

To comply to GDPR, organisations broadly speaking need to embed six privacy principles within their operations:

Lawfulness, fairness and transparency

Transparency: Tell the subject what data processing will be done.
Fair: What is processed must match up with how it has been described.
Lawful: Processing must meet the tests described in GDPR.

Purpose limitations

Personal data can only be obtained for “specified, explicit and legitimate purposes
Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.

Data minimisation

Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”
In other words, no more than the minimum amount of data should be kept for specific processing.

Accuracy

Data must be “accurate and where necessary kept up to date”
Data holders should build rectification processes into data management / archiving activities for subject data.

Storage limitations

Personal data must be “kept in a form which permits identification of data subjects for no longer than necessary”
In summary, data no longer required should be removed.

Integrity and confidentiality

Requires processors to handle data “in a manner ensuring appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage”.

LAWFULNESS

The GDPR requires that the data controller provides the data subject with information about his/her personal data processing in a concise, transparent and intelligible manner, which is easily accessible, distinct from other undertakings between the controller and the data subject, using clear and plain language.

Transparency is achieved by keeping the individual informed and this should be done before data is collected and where any subsequent changes are made.

There are six available lawful bases for processing. No single basis is better or more important than the others. The basis that is most appropriate will depend on your purpose for processing and relationship with the individual.

The six lawful bases are:

Consent:

the individual has given clear consent for you to process their personal data for a specific purpose.

Contract:

the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

Legal obligation:

the processing is necessary for you to comply with the law (not including contractual obligations).

Vital interests:

the processing is necessary to protect someone’s life.

Public task:

the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Legitimate interests:

the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those.

ACCOUNTABILITY

The GDPR states that data controllers must be able to demonstrate compliance with the other principles. This is a short sentence with major implications. It is not enough to comply; you have to be seen to be complying.

The range of processes that organisations have to put in place to demonstrate compliance will vary depending on the complexity of the processing but may include:

assessing current practice and developing a data privacy governance structure which may include appointing a Data Protection Officer
creating a personal data inventory
implementing appropriate privacy notices
obtaining appropriate consents
using appropriate organisational and technical measures to ensure compliance with the data protection principles
putting written contracts in place with organisations that process personal data on your behalf
maintaining documentation of your processing activities
implementing appropriate security measures
using Privacy Impact Assessments
creating a breach reporting mechanism

Being accountable can help you to build trust with individuals and may help you mitigate enforcement action.

RIGHTS

Individuals have the right to be informed in a clear and concise way about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

The GDPR provides the following rights for individuals:

The right to be informed

Individuals need to know that you are collecting their data, why you are processing it and entities with whom you are sharing it.

The right of access

Individuals have the right to obtain:

- confirmation that you are processing their data
- access to their personal data
- other supplementary information
The right to rectification

Individuals have the right to have personal data rectified if it is inaccurate or completed if it is incomplete.

The right to erasure (‘right to be forgotten’)

Individuals have the right to have data about them removed and can request the erasure of personal data

The right to restrict processing

Individuals have a right to block or restrict the processing of their personal data

The right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes

The right to object

Individuals have a right to object to the processing of their personal data in certain circumstances

Rights in relation to automated decision making and profiling

The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention

All requests regarding Personal Data should be logged via the ticketing system. You should respond to a request without delay and at least within one month of receipt.

Employees/contractors should email hr@zhero.co.uk to lodge a request regarding their own personal data held by the company. Your request will be treated with the same respect and importance as that that of a customer.

If you object to any of the data processing procedures, please email hr@zhero.co.uk clearly explaining the procedure/s involved and the reason/s for your objection.

RESPONSIBILITIES

One of the aims of GDPR is “accountability” and this is emphasised when it comes to personal data breaches – i.e. breaches of security which lead to damage.

Under the GDPR, a “personal data breach” is classified as a breach of security that causes the accidental or unlawful destruction, loss, modification, unauthorized access, or unauthorized disclosure of personal data that is being held, transmitted, or processed.

This can include anything from misplacing a USB drive or an HDD crash, to leaving your monitor unattended and so allowing an unauthorised person access, to an unknown individual hacking, breaching the firewall and other security measures and gaining access to private data.

The potential damage includes “discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality”.

Clearly the main objective of the new Regulation is to protect against a data breach but, if the worst happens, you must know what to do.

Serious breaches need to be notified to the ICO within 72 hours, so delay is not an option!

If you suspect a breach has occurred notify the Operations Manager immediately via the email address dsw@zhero.co.uk, thus enabling them to take the necessary steps.

[ZHERO JULY 2023]

Real people rating our service

Sophie – London – Investment Sector

Said it was urgent and the ticket was dealt with extremely quickly. Thank you.

October 2023

James – London – Recruitment Industry

Such a quick response very pleased indeed and problem was resolved thank you.

October 2023

Sophie – London – Finance Industry

Pieter is a delight to speak with, always super helpful and so friendly, nothing is ever too much! 10/10.

Pauline – London – Legal Services

Clear instructions and explained what was being done. Completely satisfied with the service.

September 2023

Ali – London – Automotive Industry

Pieter Koens was very professional and communicated very well with me. I've just started my new role and he's helped me make it a lot easier.

August 2023

Mohamed – London – Energy Industry

Leandro was very helpful and clear with his instruction and guidance. Managed to resolve my problems in less than 5 minutes.

August 2023

Henry – London – Media Industry

Enrico was excellent. Sorted out the password issue and syncing between my iPhone and Laptop. Zero fuss, problems solved. Thanks!

August 2023

Sarah – London – Hospitality Industry

Luke was very patient with me, showing me how to set up folders and links on SharePoint. Thank you Luke for taking the time to help me.

July 2023

Didier – London – Media Industry

Just Fab! as always

July 2023

Nivika – London – Financial Services

Stian was really helpful and provided fast service.

July 2023

John – London – Commercial Property Industry

Thanks, Enrico for a quick and helpful resolution.

July 2023

Sophie – London – Finance Industry

Pieter was a delight to deal with

July 2023

Didier – London – Media Industry

What else can i say? Just fab! Keep up the good/hard work, Kian.

July 2023

Natalie – London – Catering Industry

Enrico helped me with my VPN issue today and I wanted to give him a personal shout-out for his help with this issue. He was very patient and helpful as I work on a MAC. Thank you Enrico. :)

June 2023

Nerusha – London – Medical Services

Luke was fantastic at resolving the issue with my computer.

June 2023

Michael – London – Legal Services

Outstanding service and attention to detail. Nothing is too much trouble. The very best customer service standards. Proud to be a client.

06/2023

Rimvyda – London – Financial Services Industry

Pieter is always very helpful - top marks!

June 2023

Stuart – London – Automotive Industry

If I could give a 6 I would

June 2023

Didier – London – Media Industry

At the speed of the light as always..... Very much appreciated. Thanks, guys.

June 2023

Kemi – London – Legal Services

Thank you for the speedy resolution and assistance and also for your personable service.

June 2023

Stuart – London – Automotive Industry

If I could give a 6 out of 5 I would

June 2023

Esme – London – Media Industry

Thanks, Pieter for saving the day. Much appreciated as ever.

June 2023

Didier – London – Media Industry

What can i say???? just fab! Kian saved the day by nailing 3 set up within few hours. I cannot thank you guys enough. Your hard work is very much appreciated. Tomorrow is another day! Thanks Team!

June 2023

Alpa – London – Automotive Industry

Quick and efficient

June 2023

Meran – London – Automotive Industry

Lee was very helpful and efficient!

June 2023

Lisa – London – Employment Consultancy

Excellent service thank you!!!

June 2023

Bharathi – London – Automotive Industry

Engineer was excellent and efficient.

June 2023

Terry – London – Property Management

Great service great company

June 2023

Hamish – London – Wholesale Industry

Enrico was really helpful and patient as ever

June 2023

Fisnik – London – Automotive Industry

Very committed and professional team. Much obliged.

May 2023

Kay – London – Automotive Industry

Pieter has been fantastic.

May 2023

Mandeep – London – Media Industry

Great support service from Enrico

May 2023

Natalie – London – Catering Industry

Brilliant service as ever!

May 2023

Michael – London – Legal Industry

Another excellent piece of software support - and so polite and friendly...

May 2023

Sean – London – Freight Transport

Thanks Anthony for support on Bank Holiday - much appreciated.

May 2023

Michael – London – Legal Industry

Outstanding service in every respect. Cannot recommend highly enough

April 2023

Brian – London – Legal Industry

Very fast and effective service

April 2023

Michael – London – Legal Industry

Outstanding service. Nothing is too much trouble. Everything is do-able

April 2023

Daniel – London – Architectural Industry

"swift"

April 2023

Claudia – London – Medical Industry

We truly appreciate the effort and time you dedicate to making sure we continue running. You're the best IT company we have worked with.

April 2023

Hasnain – London – Legal Industry

The staff at Zhero are very helpful and polite. We really appreciate the company and the staffs advice.

April 2023

Vera – London – Medical Industry

Quick response, friendly service, problem solved straight away

April 2023

Yinka – London – Construction Industry

Fast and Furiously solved. Thank you.

March 2023

Andrew – London – Automotive Industry

Got stright to the issue and expertly gave me the solution!

March 2023

Chantelle – London – Engineering

Excellent service, always helpful, quick and friendly, especially Anthony! Thank you guys!

February 2023

Stavros – London – Garment Industry

Very quick to get through to help desk and always given a professional service

February 2023

Paul – London – Entertainment Industry

Quick service. Very good

January 2023

Sophie – London – Investment Management

Clinton is a dream to work with. Cannot recommend service from him enough. So quick and efficient

January 2023

Derek – London – Freight Transport

very helpful and speedy resolution

January 2023

Henry – London – Financial Industry

Professional, totally competent and friendly - great service

December 2022

Beth – London – Recruitment Industry

Excellent service and support. Many thanks

December 2022

Brian – London – Legal Industry

Very fast and efficient service

November 2022

Emily – London – Motor Industry

brilliant support as always

November 2022

Brian – London – Legal Industry

Very fast and good assistance from Enrico

October 2022

Ferencz – London – FMCG Industry

Very fast sorted the issue

October 2022

Suzanne – London – Charity Organisation

Thank you for actioning my request so quickly and efficiently

October 2022

Justin – London – Financial Industry

Swift and responsible help Problem was sorted straight away 5 star

October 2022

Anthony – London – Media Industry

Prompt & professional response

September 2022

Lazar – London – Medical Industry

Anthony was really helpful and as always a pleasure to speak to

July 2022

Folu – London – Charity Organisation

Really quick responses to my issues Great customer care- friendly, listened well. Issue resolved!

May 2022

Sandra – London – Architecture Industry

Very friendly and pro active support. Thank you

April 2022

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

GDPR POLICY (Data Protection and Access to Information)

Real people rating our service

Sophie – London – Investment Sector

James – London – Recruitment Industry

Sophie – London – Finance Industry

Pauline – London – Legal Services

Ali – London – Automotive Industry

Mohamed – London – Energy Industry

Henry – London – Media Industry

Sarah – London – Hospitality Industry

Didier – London – Media Industry

Nivika – London – Financial Services

John – London – Commercial Property Industry

Sophie – London – Finance Industry

Didier – London – Media Industry

Natalie – London – Catering Industry

Nerusha – London – Medical Services

Michael – London – Legal Services

Rimvyda – London – Financial Services Industry

Stuart – London – Automotive Industry

Didier – London – Media Industry

Kemi – London – Legal Services

Stuart – London – Automotive Industry

Esme – London – Media Industry

Didier – London – Media Industry

Alpa – London – Automotive Industry

Meran – London – Automotive Industry

Lisa – London – Employment Consultancy

Bharathi – London – Automotive Industry

Terry – London – Property Management

Hamish – London – Wholesale Industry

Fisnik – London – Automotive Industry

Kay – London – Automotive Industry

Mandeep – London – Media Industry

Natalie – London – Catering Industry

Michael – London – Legal Industry

Sean – London – Freight Transport

Michael – London – Legal Industry

Brian – London – Legal Industry

Michael – London – Legal Industry

Daniel – London – Architectural Industry

Claudia – London – Medical Industry

Hasnain – London – Legal Industry

Vera – London – Medical Industry

Yinka – London – Construction Industry

Andrew – London – Automotive Industry

Chantelle – London – Engineering

Stavros – London – Garment Industry

Paul – London – Entertainment Industry

Sophie – London – Investment Management

Derek – London – Freight Transport

Henry – London – Financial Industry

Beth – London – Recruitment Industry

Brian – London – Legal Industry

Emily – London – Motor Industry

Brian – London – Legal Industry

Ferencz – London – FMCG Industry

Suzanne – London – Charity Organisation

Justin – London – Financial Industry

Anthony – London – Media Industry

Lazar – London – Medical Industry

Folu – London – Charity Organisation

Sandra – London – Architecture Industry

Stay in touch

Join over 10,000 others on our email list to get access to exclusive content

Get in touch

Connect with us

Prioritising excellence

Registration