DATA RETENTION POLICY
This Data Policy outlines how Springboard Communications collects, processes, stores, and protects personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of Springboard Communications.
1. Data Collection and Processing
a. Lawful Basis: Personal data will only be collected and processed when there is a lawful basis for doing so under the GDPR. The lawful bases may include consent, contract performance, compliance with legal obligations, vital interests, public task, and legitimate interests.
b. Data Minimisation: Springboard Communications will only collect and process personal data that is necessary for the specified and legitimate purposes outlined to the data subjects.
c. Consent: When relying on consent as the lawful basis for data processing, Springboard Communications will obtain explicit and freely given consent from the data subjects, and they will have the right to withdraw consent at any time.
d. Special Categories of Data: In cases where special categories of data (e.g., health, racial or ethnic origin, religious beliefs) are processed, explicit consent or other lawful bases as specified under Article 9 of the GDPR will be obtained by the Data Controller.
2. Data Rights of Data Subjects
a. Access: Data subjects have the right to request access to their personal data held by Springboard Communications. Such requests will be handled promptly and in accordance with GDPR requirements.
b. Rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data.
c. Erasure: Data subjects have the right to request the erasure of their personal data under certain circumstances as outlined in Article 17 of the GDPR.
d. Restriction of Processing: Data subjects may request the restriction of processing their personal data in certain situations as specified in Article 18 of the GDPR.
e. Data Portability: Where applicable, data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.
3. Data Security and Retention
a. Security Measures: Springboard Communications will implement appropriate technical and organisational measures to ensure the security and confidentiality of personal data.
b. Data Breach Response: In the event of a data breach, Springboard Communications will promptly assess the risk and impact of the breach and, where necessary, report the breach to the relevant supervisory authority and affected data subjects.
c. Data Retention: Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected, unless legal obligations require longer retention periods.
4. Data Transfers
a. Data Transfers Outside the EEA: If personal data is transferred to countries outside the European Economic Area (EEA), appropriate safeguards as per GDPR requirements will be applied.
5. Third-Party Processors
a. Data Processor Agreements: Springboard Communications will ensure that any third-party processors handling personal data on its behalf are contractually bound to implement adequate data protection measures.
6. Employee Training and Awareness
Springboard Communications provides regular data protection training to all employees and raise awareness about the importance of data privacy and compliance with GDPR.
7. Compliance Monitoring and Review
This GDPR Data Processing Policy will be reviewed regularly to ensure its continued relevance and compliance with data protection laws.
8. Contact Information
Data subjects may contact Springboard Communications for any questions or concerns related to their personal data and data protection.
This GDPR Data Policy serves as a foundation for ensuring the responsible and lawful processing of personal data within Springboard Communications.