Privacy Policy Notice

At Clough Harris Limited, we are committed to protecting the privacy and confidentiality of personal information entrusted to us by our customers, employees, suppliers, and other stakeholders. We recognise the importance of maintaining the privacy and security of personal data and are dedicated to complying with data protection laws and regulations, including the General Data Protection Regulation (GDPR) in the UK.

Our Privacy Responsibility Policy outlines our commitment to responsible data handling practices and our obligations regarding the collection, use, disclosure, and retention of personal information.

1. Data Collection and Use: We collect personal information only for legitimate business purposes and with the consent of the individuals concerned. We use personal data solely for the purposes for which it was collected, and we do not share or disclose personal information to third parties without proper authorisation, except as required by law.

2. Data Security: We implement appropriate technical and organisational measures to safeguard the security and confidentiality of personal data against unauthorized access, disclosure, alteration, or destruction. We regularly review and update our security measures to mitigate risks and protect against data breaches.

3. Data Accuracy and Integrity: We take reasonable steps to ensure the accuracy and integrity of personal information in our possession. We maintain procedures for updating and correcting inaccurate or outdated data and respond promptly to requests for data rectification or deletion.

4. Data Retention: We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. We have established retention periods for different types of data and regularly review our retention practices to ensure compliance with legal requirements and data minimisation principles.

5. Individual Rights: We respect the rights of individuals regarding their personal data and provide mechanisms for exercising these rights, including the right to access, rectify, erase, or restrict the processing of personal information. We handle requests from data subjects promptly and transparently, in accordance with applicable data protection laws.

6. Data Transfers: We may transfer personal data outside the UK or the European Economic Area (EEA) only where adequate safeguards are in place to ensure the protection of data subjects' rights and freedoms. We comply with legal requirements for international data transfers and implement appropriate safeguards, such as standard contractual clauses or binding corporate rules.

7. Data Governance and Accountability: We maintain clear policies, procedures, and accountability measures to ensure compliance with data protection laws and regulations. We designate a Data Protection Officer (DPO) responsible for overseeing data protection efforts and promoting a culture of privacy within our organisation.

8. Training and Awareness: We provide regular training and awareness programs to employees and contractors to ensure they understand their responsibilities regarding data protection and privacy. We promote a culture of privacy awareness and encourage employees to report any data protection concerns or incidents promptly.

Key Principles of GDPR:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently, ensuring individuals are informed about the purposes of data processing and their rights regarding their personal information.
• Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
• Data Minimisation: We collect only the personal data that is necessary for the purposes for which it is being processed and ensure it is adequate, relevant, and limited to what is necessary.
• Accuracy: We take reasonable steps to ensure the accuracy of personal data and keep it up to date. We rectify or erase inaccurate or incomplete data promptly upon request.
• Storage Limitation: We retain personal data for no longer than is necessary for the purposes for which it was collected or as required by law. We establish retention periods and regularly review and update our retention practices.
• Integrity and Confidentiality: We implement appropriate technical and organisational measures to ensure the security, integrity, and confidentiality of personal data, protecting it against unauthorised or unlawful processing and accidental loss, destruction, or damage.
• Accountability: We demonstrate compliance with GDPR principles by maintaining documentation of our data processing activities, conducting data protection impact assessments, and appointing a Data Protection Officer (DPO) to oversee data protection efforts.

Your Individual Rights:

• Right to Access: You have the right to request access to your personal data held by Clough Harris Limited and receive information about how it is processed.
• Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data held by Clough Harris Limited.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
• Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data in certain circumstances, such as when the accuracy of the data is contested.