GDPR Compliance Statement

GDPR Compliance Statement

Carswell Gould’s GDPR principles

  • all personal data will be processed fairly and lawfully
  • we work to hold relevant and accurate personal data, and and will keep it up to date where it is practical
  • we will not keep personal data for longer than is necessary
  • we will keep all personal data secure
  • we will work to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection

Our GDPR compliance

We have reviewed and updated our internal processes, procedures, data systems and documentation in order to help ensure that we are GDPR compliant.

We will ensure we protect any data handled by Carswell Gould by implementing the relevant policies and practices – for our employees, customers, suppliers, partners and stakeholders, specifically to include the following:

  • employees are made aware of the GDPR and restrictions and obligations within it, with the relevant training provided as necessary. Each staff member will complete awareness training
  • suppliers who process personal data on behalf of Carswell Gould have been identified and asked to provide details of their state of compliance with the GDPR and where appropriate agree to new contractual arrangements. Any new supplier will not be taken on unless we are satisfied that they comply with the data protection regulations

GDPR actions so far

  • we undertook an analysis of all our business processes where personal data is either held or collected
  • we have reviewed and updated our range of policies, including our Privacy Policy, Terms and Conditions and Cookie Policy
  • we have introduced mechanisms to identify a potential personal data breach, how these will be investigated and reported, where necessary within 72 hours
  • we have undertaken a review of the personal data we store, manage, maintain, collect, process and control
  • we have assessed our lawful bases for processing data to ensure all personal data is processed lawfully, fairly and transparently
  • we have and continue to provide training to our employees and generally raising the awareness and importance of GDPR to our business and their individual responsibilities arising from this
  • we are and will continue to look at ways of improving our systems and procedures to better comply with GDPR best practice