Skip to main content

GDPR Policy

Policy Statement

KUSAB LTD takes its responsibilities with regard to the requirements of the General Data Protection Regulation (GDPR) very seriously. This policy sets out how as a company how we manage those responsibilities.

KUSAB LTD obtains, uses, stores and otherwise processes personal data relating to current staff and students, former staff and students and contractors collectively referred to in this policy as data subjects. When processing personal data, we are obliged to fulfil individuals’ reasonable expectations of privacy by complying with GDPR and other relevant data protection legislation.

Personal data is anything which can identify a living person, either directly or indirectly, and includes identification numbers, location data and an online identifier.

GDPR Principles

The GDPR principles are at the guiding principles of the regulation and ensure clarity and compliance when processing data. The 7 principles are –

  1. Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparently
  2. Purpose limitation – collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes
  3. Data minimisation – adequate, relevant and limited to what is necessary in relation to the purposes for which it is intended
  4. Accuracy – accurate and where necessary kept up-to-date
  5. Storage limitation – not kept in a form which permits identification of data subjects for longer than is necessary
  6. Integrity and confidentiality (security) – processed in a manner that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  7. Accountability – Record and prove compliance with the GDPR

 

This policy applies to all personal data we process regardless of the location where that personal data is stored and regardless of the data subject.

Data Subjects’ Rights

Data subjects have rights in relation to the way we handle their personal data. These include the following rights:

  • Where the legal basis of our processing is Consent, to withdraw that Consent at any time;
  • To ask for access to the personal data that we hold (see below);
  • To prevent our use of the personal data for direct marketing purposes
  • To object to our processing of personal data in limited circumstances
  • To ask us to erase personal data without delay: If it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; if the processing is unlawful

Our responsibilities

Under the accountability principle of the General Data Protection Regulation it is our responsibility to focus on two key elements:

  1. Compliance with the GDPR
  2. Our ability to demonstrate compliance

In order to adhere to the responsibilities and ensure meet the accountability requirement our company has the following measures in place –

  • We have introduced and adopted a GDPR policy
  • We have a dedicated data protection officer
  • We document all of our processing activities
  • We ensure all reasonable security mechanisms are in place to prevent security breaches – The term ‘personal data breach’ refers to a breach of security which has led to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.  All staff members are made aware of, and understand, what constitutes as a data breach as part of their continuous development training. 

We record and report all personal data breaches to those affected.

Confidential paper records will be kept in a locked filing cabinet, drawer or safe, with restricted access.

Confidential paper records will not be left unattended or in clear view anywhere with general access.

Digital data is encrypted or password-protected, both on a local hard drive and on a network drive.

The physical security of the company’s buildings and storage systems, and access to them, is reviewed as required as necessary.