GDPR Policy

SCOPE

This policy applies to all personal data created or received in the course of the Coyle Group business in all formats, of any age.

Personal data may be held or transmitted in paper and electronic formats or communicated verbally. All contractors and suppliers working for or on behalf of the Coyle Group that are processing personal data are subject to the provisions of this Policy.

OUR COMMITMENT

The Coyle Group, are committed to ensuring the security and protection of the personal information that we retain and process, and to provide a compliant and consistent approach to data protection. We have robust and effective data protection controls in place which comply with data protection principles and statutory requirements.

The Coyle Group are dedicated to safeguarding the personal information under our remit and in maintaining a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation of the General Data Protection Regulations. Our GDPR compliance includes the development and implementation of policies, procedures, controls and measures to ensure maximum and ongoing compliance.

GDPR COMPLIANCE

The Coyle Group have internal security and privacy controls in place to ensure that all personal data within, or passing through the company, is handled in accordance with GDPR. As a company we will ensure consistent review and implememntation of the relevant tools and practices to ensure the safeguarding of any data held or used within the Coyle Group.

The Coyle Group have three GDPR compliance objectives:

  • To ensure our own compliance as a business that holds and processes personal data.
  • To ensure our direct contractors and suppliers adhere to compliance and GDPR requirements.
  • To ensure that our work practices and software applications comply with the GDPR requirements.

DATA PROTECTION PRINCIPLES

The Coyle Group undertakes to perform its responsibilities under the legislation in accordance with Article 5 of the GDPR as follows:

  • Obtain and process information lawfully, fairly and in accordance with statutory and other legal obligations.
  • Keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes.
  • Only use and disclose personal data for the purposes for which it was collected.
  • Take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of data and against accidental loss or destruction of the data.
  • Keep the data accurate, complete and up-to-date.
  • Ensure it is adequate, relevant and not excessive in data retention terms.
  • Retain for no longer than is necessary.

All Employees have been made aware of all GDPR requirements, with the relevant training provided as required and Clients have given consent to retain their data for specific purposes.

This Policy shall be reviewed at least annually.