Data protection policy
The General Data Protection Regulation, known as GDPR came into effect in May 2018, it will be incorporated into the new Data Protection Act 2018 (the legislation) that will supersede the UK Data Protection Act 1998 and a new Irish Data Protection Act that will supersede the Irish Data Protection (Amendment) Act 2003.
Gravity Consulting Engineers Ltd are committed to protecting and processing any personal data in accordance with the GDPR. This includes a requirement to have appropriate security to prevent it being accidentally or deliberately compromised. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing, accidental loss or destruction of, or damage to, personal data.
The policy applies to all data the company holds relating to individuals, it includes
Everyone who works for Gravity Consulting Engineers Ltd has the responsibility for ensuring data is collected, stored and handled appropriately.
We may disclose your personal information, e.g your name (to our employees and insurers) in so far as is reasonably necessary.
We will not without your consent, supply your personal information to any other third party for the purpose of their or any other third party’s direct marketing.
We will retain documents (including electronic documents) containing personal data to the extent that we are required to do so by law. We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information (secure password and firewall protected server).
Employees will keep all data secure, by taking sensible precautions and following guidelines below
All data sensitive paperwork will be stored in a secure place where unauthorised people cannot see it. Data printouts will be shredded when they are no longer required.
Access to the system will be protected by strong passwords. Removable data discs will be stored in a secure place where unauthorised people cannot access them. Any data stored on servers will be in designated drives and not uploaded unless to approved services. Personal information will be stored in a secure location on the server with restricted access. Company information will not be saved to laptops. All servers and computers containing data should be protected by approved security software and firewalls
Gravity Consulting Engineers Ltd are required to retain certain details of project designs including any change requests, RFI’s and variations for a period of 12 years as per our requirement to provide Professional Indemnity insurance for 12 years following the completion of a project. Once this date has passed all data will be deleted.
By using our website you (or whomever you use it on behalf of) are deemed to accept that this policy applies between you, as user of our website, and us, Gravity Consulting Engineers Ltd, the owner and provider of this website. This policy is applicable to our use of any and all data collected by us in relation to your use of the website and any services or systems in or from our website.
Whenever you use our site the following information will be automatically collected in relation to your access: IP address originating access, web browser type / version used, operating system used, a list of the URLs you use (starting with a referring site), your activity on this website, and the site you exit to. You may access certain areas of the website without providing any other data at all. However, to use all services and systems available on the website you may be required to submit account information or other data. If you chose to submit data you thereby consent to our collection, storage and processing of any personal data (within the meaning of the GDPR and Data Protection legislation)
We have appropriate security to prevent the personal data we hold being accidentally or deliberately compromised. In particular,
We seek to ensure that:
Gravity Consulting Engineers Ltd will handle any Information Security incidents properly, effectively and in a manner that minimises the adverse impact to Gravity Consulting Engineers Ltd, its clients and the public.
Gravity Consulting Engineers Ltd will ensure that:
The Directors will monitor and review information security incidents to identify recurring incidents and areas of risk. The review process will be used to identify requirements for new or changed policies, to record and identify any other relevant controls.
The Directors and IT consultant will conduct periodic testing of the information security handling procedures to maintain and improve staff awareness of the procedures and the actions required
We may update this policy from time to time and will publish any updated versions on our website.