Data Protection (GDPR) Policy

Our commitment

Axia Computer Systems Ltd is committed to protecting the personal data of our employees, clients and contacts, and to handling it in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We act as a data controller for our own business data and as a data processor when handling personal data on behalf of our clients.

Data protection principles

We process personal data in accordance with the principles of the UK GDPR. Personal data must be:

• Processed lawfully, fairly and transparently.
• Collected for specified, explicit and legitimate purposes.
• Adequate, relevant and limited to what is necessary.
• Accurate and, where necessary, kept up to date.
• Kept no longer than is necessary.
• Processed securely, with appropriate protection against unauthorised processing, loss or damage.

Individuals' rights

We respect the rights of individuals under data protection law, including the right to be informed, the right of access, and the rights to rectification, erasure, restriction, portability and objection. Requests can be made by contacting us, and we will respond within the timescales required by law.

Security and processors

We apply appropriate technical and organisational measures to keep personal data secure, as set out in our Information Security Policy. Where we use third-party processors, we ensure appropriate contracts and safeguards are in place, and we only transfer data internationally where lawful protections apply.

Breaches

We maintain procedures to detect, report and investigate personal data breaches. Where a breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office (ICO) and affected individuals as required.

Review

This policy is reviewed regularly to ensure ongoing compliance. For privacy information about how we use data on this website, please see our Privacy Policy. If you have any data protection questions, please get in touch.