Data Protection Policy

1. Policy Statement

Ardeo Limited is committed to protecting the privacy and security of personal data. This Data Protection Policy sets out how we handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all personal data processed by Ardeo Limited, including data relating to employees, clients, suppliers, and other individuals.

3. Data Protection Principles

Personal data shall be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Kept for no longer than is necessary
  • Processed in a manner that ensures appropriate security

4. Lawful Basis for Processing

We will only process personal data where we have a lawful basis to do so, such as:

  • Consent from the data subject
  • Performance of a contract
  • Compliance with a legal obligation
  • Protection of vital interests
  • Performance of a task in the public interest
  • Legitimate interests pursued by Ardeo Limited or a third party

5. Individual Rights

Individuals have the right to:

  • Access their personal data
  • Rectification of inaccurate personal data
  • Erasure of personal data
  • Restriction of processing
  • Data portability
  • Object to processing
  • Not be subject to automated decision-making

6. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

7. Data Breach Procedures

In the event of a personal data breach, we will:

  • Assess the risk to individuals’ rights and freedoms
  • Notify the Information Commissioner’s Office (ICO) within 72 hours where required
  • Notify affected individuals without undue delay where there is a high risk to their rights and freedoms
  • Document all data breaches

8. Contact Information

For any queries or concerns regarding data protection, please contact:

Data Protection Officer
Email: regulatory@ardeo.com
Address: Ardeo Limited, 20 Market Place, Kingston-upon-Thames, KT1 1JP

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Visit www.ico.org.uk for more information.