Data Protection Policy
Data Protection Policy for Toast Design Consultancy Limited
This Data Protection Policy outlines the approach of Toast Design Consultancy Limited (“the Company”) to protect personal data in compliance with data protection laws, including the General Data Protection Regulation (GDPR). This policy is an internal document and is not intended for public distribution. It should be read and understood by all staff, contractors, and consultants involved in processing personal data on behalf of the Company.
This policy aims to ensure that the Company complies with data protection laws and regulations, respects the privacy of individuals, and maintains the confidentiality and integrity of personal data.
This policy applies to all personal data the Company processes, including data collected from clients, employees, suppliers, and other third parties.
The Company adheres to the data protection principles set out in the GDPR, which include:
- Lawfulness, fairness, and transparency
- Data minimisation
- Storage limitation
- Integrity and confidentiality
Roles and Responsibilities
The Data Protection Officer (DPO) is responsible for overseeing the implementation of this policy and ensuring compliance. All staff members are required to read and adhere to this policy.
The Company will ensure that personal data is processed lawfully, fairly, and transparently. Consent will be obtained where required, and data will only be used for the purposes for which it was collected.
The Company will collect only the data that is necessary for the intended purpose and will not retain data longer than necessary.
The Company will implement technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.
All staff will receive training on this policy and the GDPR. Regular audits will be conducted to ensure compliance.
Data Subject Rights
The Company will respect the rights of data subjects, including the right to access, rectify, or erase their data.
This policy will be reviewed annually or as required by changes in data protection laws.
Failure to comply with this policy may result in disciplinary action, up to and including termination of employment.