Data Protection Policy – Asset Claims LTD

Introduction

At Asset Claims LTD, we are fully committed to safeguarding the privacy and protection of personal data, adhering to the highest standards under the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA), and related UK and international laws.

1. Purpose of This Policy

1.1 Establish the framework for personal data protection at Asset Claims LTD.

1.2 Ensure compliance with GDPR, DPA 2018, and FCA regulations.

1.3 Outline staff and contractor responsibilities for data protection.

1.4 Demonstrate our commitment to accountability and transparency.

2. Scope

2.1 Applies to all personal data processed by Asset Claims LTD.

2.2 Covers employees, contractors, clients, and third-party processors.

2.3 Encompasses data held in electronic and manual formats.

2.4 Applies to all services and operations globally.

3. Data Protection Principles

3.1 Lawfulness, fairness, and transparency in data handling.

3.2 Purpose limitation – data collected for specified, explicit purposes only.

3.3 Data minimization – ensuring adequacy and relevance.

3.4 Accuracy and up-to-date maintenance of data.

4. Lawful Basis for Processing

4.1 Consent obtained where necessary and freely given.

4.2 Contractual necessity for service delivery by Asset Claims LTD.

4.3 Legal obligations under financial and regulatory laws.

4.4 Legitimate interests pursued without overriding user rights.

5. Rights of Data Subjects

5.1 Right to access personal data we hold.

5.2 Right to rectification of inaccurate or incomplete data.

5.3 Right to erasure (“right to be forgotten”) where applicable.

5.4 Right to object to certain types of data processing activities.

6. Data Subject Access Requests (DSARs)

6.1 Process for submitting access requests to Asset Claims LTD.

6.2 Standard response timeframes (usually within one month).

6.3 Verification of identity prior to data release.

6.4 No fees charged unless requests are excessive or repetitive.

7. Data Minimization and Retention

7.1 Collect only the minimum necessary data for each purpose.

7.2 Implement retention schedules according to legal requirements.

7.3 Secure disposal of data once retention periods expire.

7.4 Regular reviews of stored personal data to ensure relevance.

8. Data Security Measures

8.1 Encryption of data at rest and in transit.

8.2 Multi-factor authentication for system access.

8.3 Access control based on role necessity (“least privilege” principle).

8.4 Physical security measures at all Asset Claims LTD facilities.

9. Third-Party Data Processing

9.1 Due diligence before engaging any third-party processor.

9.2 Binding Data Processing Agreements (DPAs) with third parties.

9.3 Regular audits to verify third-party compliance with data protection laws.

9.4 Immediate remediation measures if a breach is detected.

10. Data Breach Notification

10.1 Internal reporting protocols for suspected breaches.

10.2 Notification to the Information Commissioner’s Office (ICO) within 72 hours if required.

10.3 Communication to affected data subjects if the breach poses a high risk.

10.4 Full documentation of all breaches regardless of reporting obligations.

11. International Data Transfers

11.1 Compliance with GDPR Chapter V for transfers outside the UK/EU.

11.2 Standard Contractual Clauses (SCCs) used where applicable.

11.3 Adequacy decisions assessed before international transfers.

11.4 Additional security measures for cross-border data protection.

12. Data Protection Impact Assessments (DPIA)

12.1 Conducted for all high-risk processing activities at Asset Claims LTD.

12.2 Includes risk mitigation strategies and compliance plans.

12.3 DPIA outcomes reviewed by senior management and DPO.

12.4 Periodic updates of DPIAs based on operational changes.

13. Roles and Responsibilities

13.1 The Data Protection Officer (DPO) oversees compliance efforts.

13.2 Department heads ensure team compliance with this policy.

13.3 All employees receive mandatory data protection training.

13.4 Contractors are bound by strict confidentiality and data handling clauses.

14. Employee Training and Awareness

14.1 Induction training includes data protection modules.

14.2 Annual refresher courses on GDPR and cybersecurity best practices.

14.3 Specialized training for roles involving high-risk data processing.

14.4 Regular internal communications about data protection updates.

15. Privacy by Design and Default

15.1 Incorporating data protection measures into all projects from inception.

15.2 Default settings favor maximum privacy for users.

15.3 Minimization of personal data collection at all stages.

15.4 Regular privacy reviews at key stages of system development.

16. Vendor Management and Data Security

16.1 Strict evaluation criteria for vendors handling personal data.

16.2 Contractual obligations to ensure ongoing data protection compliance.

16.3 Audits and monitoring of vendor performance regarding data security.

16.4 Right to terminate agreements in case of non-compliance.

17. Data Anonymization and Pseudonymization

17.1 Implementation of anonymization techniques where feasible.

17.2 Use of pseudonymization for sensitive datasets.

17.3 Ensuring reversible identifiers are securely managed.

17.4 Continuous review of data masking effectiveness.

18. Ongoing Monitoring and Review

18.1 Regular audits of compliance with this Data Protection Policy.

18.2 External audits commissioned periodically for independent assessment.

18.3 Management reviews policy effectiveness annually.

18.4 Adjustments made as needed to reflect regulatory changes.

19. Enforcement and Disciplinary Action

19.1 Breaches of this policy by employees may result in disciplinary proceedings.

19.2 Contractors violating the policy may face termination of contract.

19.3 Serious breaches may be reported to regulatory authorities where required.

19.4 Commitment to fair and consistent enforcement across Asset Claims LTD.

20. Contact Information

20.1 For any questions regarding this Data Protection Policy:

20.2 Email: support@asset-claims.com

20.3 Phone: +44 730 458210

20.4 Address: Suite G04, 1 Quality Court, Chancery Lane, London, WC2A 1HR, England