Oops! Sorry!!


This site doesn't support Internet Explorer. Please use a modern browser like Chrome, Firefox or Edge.

GDPR Compliance Statement

GDPR COMPLIANCE STATEMENT

The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

OUR COMMITMENT

ToddRogers.co is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place, which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR and the Data Protection Bill.

We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

HOW WE HAVE PREPARED FOR THE GDPR

ToddRogers.co already has a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR.

Our preparation includes:

Legal Basis for Processing – we intend to always identify the legal basis for processing and ensuring that each basis is appropriate for the related activity. Where applicable and when possible, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.

Privacy Policy – our Privacy Policy is published to comply with the GDPR.

Obtaining Consent – we will always strive to obtain personal data with consent, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us as we process their information. When recording consent, we will always ensure a double opt-in process, intended to show evidence that an affirmative opt-in, along with time and date records, is recorded; and an easy to see and access way to withdraw consent at any time.

Direct Marketing – we attempt to always offer clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.

Information Audit – we identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.

Policies & Procedures – revised existing data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:

-> Data Protection – our main policy and procedure document for data protection intends to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.

> Data Retention & Erasure – we ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.

> Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.

> Subject Access Request (SAR) – our SAR procedures will accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge.

DATA SUBJECT RIGHTS

In addition to the policies and procedures mentioned above, intended to ensure that individuals can enforce their data protection rights, we intend to provide easy-to-access information whenever an individual requests the right to access any personal information that ToddRogers.co processes about them and to request information about what personal data we hold about them.

The purposes of the processing the categories of personal data concerned:

Personal data will never be disclosed to any third-party for purposes of marketing.

How long we intend to store your personal data for:

  • If we did not collect the data directly from them, information about the source
  • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use. 

INFORMATION SECURITY & TECHNICAL AND ORGANIZATIONAL MEASURES

ToddRogers.co takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. 

GDPR ROLES AND EMPLOYEES

ToddRogers.co has designated Todd Rogers as our Data Protection Lead to comply with the new data protection. Regulation, including assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.

ToddRogers.co understands that continuous internal awareness and understanding is vital to the continued compliance of the GDPR.

If you have any questions about ToddRogers.co’s GDPR compliance activity, please contact Todd Rogers at [email protected].


We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.