GDPR Policy
SCOPE
This policy applies to all personal data created or received in the course of the Coyle Group business in all formats, of any age.
Personal data may be held or transmitted in paper and electronic formats or communicated verbally. All contractors and suppliers
working for or on behalf of the Coyle Group that are processing personal data are subject to the provisions of this Policy.
OUR COMMITMENT
The Coyle Group, are committed to ensuring the security and protection of the personal information that we retain and process,
and to provide a compliant and consistent approach to data protection. We have robust and effective data protection controls
in place which comply with data protection principles and statutory requirements.
The Coyle Group are dedicated to safeguarding the personal information under our remit and in maintaining a data protection
regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation of the General Data Protection
Regulations. Our GDPR compliance includes the development and implementation of policies, procedures, controls and
measures to ensure maximum and ongoing compliance.
GDPR COMPLIANCE
The Coyle Group have internal security and privacy controls in place to ensure that all personal data within, or passing through
the company, is handled in accordance with GDPR. As a company we will ensure consistent review and implememntation of
the relevant tools and practices to ensure the safeguarding of any data held or used within the Coyle Group.
The Coyle Group have three GDPR compliance objectives:
- To ensure our own compliance as a business that holds and processes personal data.
- To ensure our direct contractors and suppliers adhere to compliance and GDPR requirements.
- To ensure that our work practices and software applications comply with the GDPR requirements.
DATA PROTECTION PRINCIPLES
The Coyle Group undertakes to perform its responsibilities under the legislation in accordance with Article 5 of the GDPR as
follows:
- Obtain and process information lawfully, fairly and in accordance with statutory and other legal obligations.
- Keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a
manner compatible with these purposes. - Only use and disclose personal data for the purposes for which it was collected.
- Take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of data and
against accidental loss or destruction of the data. - Keep the data accurate, complete and up-to-date.
- Ensure it is adequate, relevant and not excessive in data retention terms.
- Retain for no longer than is necessary.
All Employees have been made aware of all GDPR requirements, with the relevant training provided as required and Clients
have given consent to retain their data for specific purposes.
This Policy shall be reviewed at least annually.