P.Trainor understands the importance of protecting personal information and is committed to complying with the General Data Protection Regulation 2016/679 (GDPR). It is committed to fostering a culture of transparency and accountability by demonstrating compliance with the principles set out in the Regulation.
GDPR sets out the rules for how organisations must process personal data and sensitive personal data about living individuals. It gives individuals the right to find out what personal data is held about them by organisations and to request to see, correct or erase personal data held.
This site occasionally needs to collect and process personal data about the people (including employees and individuals) it interacts with to carry out its business effectively. P.Trainor is committed to ensuring that employees are appropriately trained and supported to achieve compliance with GDPR.
GDPR outlines six principles which underpin the handling of personal data. To ensure compliance with the Regulation, Uns Ai Ltd must ensure that personal data is:
(a) Processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency).
In practice this means:
(b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation).
In practice this means:
(c) Adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (data minimisation).
In practice this means:
(d) Accurate and, where necessary, kept up to date (accurate).
In practice this means:
(e) Not kept for longer than is necessary for the purpose (storage limitation).
In practice this means:
Processed in a manner that ensures the security of data using appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction (integrity and confidentiality).
In practice this means:
In addition, the first principle requires that one or more grounds for processing must be satisfied for the processing to take place. Many of these relate to the purpose for which you intend to use the data and the nature of the personal information.
Us Ai Ltd, as the data controller, is responsible for and able to demonstrate compliance with these principles.
Personal data will not be transferred outside the European Economic Area unless that country or territory can ensure an adequate level of protection for the rights and freedoms of the data subjects in relation to the processing of their personal data.
Personal data in any format will not be shared with a third party organisation without a valid business reason, a contract or Data Sharing Agreement in place, or without the data subject’s consent.
P.Trainor is committed to meeting the GDPR requirement to consider data privacy at the initial design stages of a project as well as throughout the lifecycle of the relevant data processing.
Data Protection Impact Assessments (DPIA) are a key mechanism for meeting this requirement and will be carried out for all new system and ensure that privacy risks are considered at an early stage. They allow an organisation to demonstrate to data subjects and regulators that the personal data will be handled in a responsible way and that the organisation is compliant with the GDPR.
P.Trainor has overall responsibility for compliance as a data controller and data processor with the Regulation.
All employees are responsible for ensuring that they meet the requirements of the Regulation. They will all familiarise themselves with this policy and related documents.
Our policy benefits everyone by:
Breaches of this policy will be investigated and appropriate actions are taken.
This policy will be reviewed annually or as business reasons dictate.