Last updated: April 30, 2023
Please read our information and data protection policy before using our services.
Information and Data Protection Policy
EcoBuild Advisory (EBA) Ltd is committed not only to legislation, but also to the spirit of the law and places high importance on the correct, legal, and fair handling of all personal and privately owned data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
This Policy sets the Company's obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
EBA obtains, uses, stores and otherwise processes data relating to potentially confidential projects, reasonable expectations of privacy by complying with GDPR and other relevant data protection legislation (data protection law).
This policy therefore seeks to ensure that we:
· Comply with data protection laws
· Protect the company from risks of personal data entrusted to us
· Protect the company from data theft
EBA do not intend to keep or store personal data, other than that required from a project basis
This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
· Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
· Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
· Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
· Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
· Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
· Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
As a Data Controller EBA must implement appropriate technical and organisational measures in an effective manner, to ensure compliance with data protection principles. We are responsible for, and must be able to demonstrate, compliance with the data protection principles.
EBA are subject to certain rules and privacy laws when marketing to our customers.
The right to object to direct marketing must be explicitly offered to the Data Subject in an intelligible manner so that it is clearly distinguishable from other information.
A Data Subject’s objection to direct marketing must be promptly honoured. If a customer opts out at any time, their details should be suppressed as soon as possible. Suppression involves retaining just enough information to ensure that marketing preferences are respected in the future.
Personal Data Breach
Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage.
EBA will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others and identified risks (including use of encryption where applicable). We will evaluate and test the effectiveness of those safeguards. You are responsible for protecting the Personal Data we hold. You must implement reasonable and appropriate security measures against unlawful or unauthorised Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. You must exercise particular care in protecting Sensitive Personal Data from loss and unauthorised access, use or disclosure.
Data Breach Notification
The GDPR requires EBA to notify Personal Data Breaches to the regulator and, in certain instances, the Data Subject.
We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so.
Data Security - IT Systems
EBA shall ensure that the following measures are taken with respect to IT and information security:
· All password used to protect personal data will be changed regularly
· Passwords should not be written down or shared with anyone else
· All relevant software shall be maintained and up to date
Data Security - Disposal
EBA shall ensure any personal data is erased or otherwise
When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. For further information on the deletion and disposal of personal data, please refer to the Company's Data Retention Policy.
EBA are committed to the appropriate handling and protection of data. Our company policy sets out a clear system to ensure strict adherence to the Data Protection Act 2018 and the implementation of the General Data Protection Regulation (GDPR).
If you have any questions about these GDPR policies, please contact us:
· By email: firstname.lastname@example.org