Our Privacy Policy
Learn about RWB Group UK’s Privacy Policy and how we process your information.
The Policy
This privacy policy is for www.rwbgroup.co.uk and served by RWB Group UK Ltd. This policy governs the privacy of its users who choose to use it. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) [pre GDPR enforcement] and the PECR (Privacy and Electronic Communications Regulations).
This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhered to. Additionally, it will explain the use of cookies or software, advertising or commercial sponsorship from third parties and the download of any documents, files or software made available to you (if any) on this website.
Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer/device in order to serve it to you. Our contact information is provided if you have any questions.
GDPR & Data Protection Act
Introduction
RWB Group UK recognizes the importance of protecting the privacy and personal data of individuals and is committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This GDPR Policy sets out our commitment to ensuring the privacy and security of personal data processed by our organization.
Scope
This policy applies to all personal data processed by RWB Group UK, whether in electronic or manual formats, pertaining to individuals within the European Union (EU) and European Economic Area (EEA). It applies to all employees, contractors, suppliers, and other third parties who handle personal data on behalf of RWB Group UK.
Principles of Data Protection
RWB Group UK adheres to the following principles for the processing of personal data:
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner, ensuring the rights of data subjects are respected.
Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes.
Data Minimization: Personal data processed is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
Accuracy: Personal data is accurate, kept up to date, and necessary steps are taken to rectify or erase inaccuracies without delay.
Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed.
Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Accountability: RWB Group UK is responsible for ensuring compliance with the principles of data protection and can demonstrate such compliance.
Data Subject Rights
RWB Group UK recognizes and respects the rights of data subjects as outlined in the GDPR. These rights include:
Right to be Informed: Data subjects have the right to be informed about the collection and use of their personal data in a concise, transparent, and easily accessible manner.
Right of Access: Data subjects have the right to access their personal data and obtain information about how it is processed.
Right to Rectification: Data subjects have the right to request the rectification of inaccurate or incomplete personal data.
Right to Erasure: Data subjects have the right to request the erasure of their personal data under certain circumstances, also known as the “right to be forgotten.”
Right to Restrict Processing: Data subjects have the right to request the restriction of processing of their personal data in certain situations.
Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
Right to Object: Data subjects have the right to object to the processing of their personal data based on legitimate interests, direct marketing, or for scientific, historical, or statistical purposes.
Rights in Relation to Automated Decision Making and Profiling: Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
Data Protection Responsibilities
RWB Group UK has designated a Data Protection Officer (DPO) who is responsible for overseeing data protection activities and ensuring compliance with data protection laws. The DPO can be contacted at [insert contact details]. All employees and individuals involved in processing personal data are responsible for:
Understanding and complying with this GDPR Policy and all applicable data protection laws.
Safeguarding personal data against unauthorized access, loss, destruction, or alteration.
Promptly reporting any data breaches, privacy incidents, or suspected non-compliance with this GDPR Policy to the DPO.
Cooperating with the DPO during data protection impact assessments and consultations with supervisory authorities.
Providing support and guidance to data subjects in exercising their rights under the GDPR.
Data Transfers
RWB Group UK only transfers personal data to countries outside the EU/EEA when such transfers are necessary and in compliance with applicable data protection laws. Adequate safeguards, such as Standard Contractual Clauses or other approved mechanisms, will be implemented to ensure the protection of personal data during transfers.
Data Security
RWB Group UK implements appropriate technical and organizational measures to ensure the security of personal data and protect it against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Principles of GDPR Compliance
Lawfulness, Fairness, and Transparency: We will process personal data in a lawful, fair, and transparent manner. We will clearly communicate the purposes for which personal data is collected and processed, and we will obtain the necessary consent from individuals where required.
Purpose Limitation: We will collect and process personal data only for specified, explicit, and legitimate purposes. We will not use personal data for any incompatible purposes without obtaining additional consent.
Data Minimization: We will ensure that personal data collected is adequate, relevant, and limited to what is necessary for the intended purposes.
Accuracy: We will take reasonable steps to ensure that personal data is accurate, up-to-date, and relevant. We will promptly rectify or erase any inaccurate or incomplete personal data.
Storage Limitation: We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with applicable legal and regulatory requirements.
Integrity and Confidentiality: We will implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data. We will protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Accountability: We will be accountable for our data processing activities and demonstrate compliance with the GDPR principles. We will maintain documentation of our data processing activities, including data protection policies, procedures, and records of consent.
Lawful Basis for Processing Personal Data
We will ensure that personal data is processed based on a valid lawful basis, such as the necessity of processing for the performance of a contract, compliance with legal obligations, protection of vital interests, consent, legitimate interests pursued by RWB Group UK, or the performance of a task carried out in the public interest or in the exercise of official authority.
Data Breach Management
We will implement appropriate technical and organizational measures to detect, respond to, and recover from data breaches. In the event of a data breach, we will promptly notify the appropriate supervisory authority and affected individuals, as required by the GDPR.
Third-Party Data Processors
When engaging third-party data processors, we will ensure that they provide sufficient guarantees of GDPR compliance and adhere to our data protection requirements through contractual agreements.
Training and Awareness
We will provide training and awareness programs to employees and individuals involved in the processing of personal data to ensure their understanding of GDPR principles, requirements, and their roles and responsibilities in data protection.
Continuous Improvement
We will regularly review and update our GDPR policy, procedures, and practices to ensure ongoing compliance with the GDPR and evolving data protection regulations.
Data Protection Officer (DPO)
RWB Group UK has appointed a Data Protection Officer responsible for overseeing GDPR compliance, providing guidance, and acting as a point of contact for individuals and supervisory authorities.