Inventive Search GDPR Policy.

1. Introduction

Inventive Search is committed to ensuring the privacy and security of personal data processed within the organization. This GDPR policy outlines our approach to data protection, including the collection, processing, storage, and sharing of personal data.

2. Scope

This policy applies to all employees, contractors, and third parties who process personal data on behalf of Inventive Search. It covers all forms of data, including electronic and paper records.

3. Data Protection Principles

Inventive Search will adhere to the following principles outlined in the GDPR:

a. Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.

b. Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and will not be processed in a manner incompatible with those purposes.

c. Data Minimization: Inventive Search will ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

d. Accuracy: Inventive Search will take reasonable steps to ensure that personal data is accurate, complete, and up-to-date.

e. Storage Limitation: Personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

f. Integrity and Confidentiality: Inventive Search will process personal data in a manner that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

g. Accountability: Inventive Search will be responsible for, and able to demonstrate compliance with, the principles outlined in this policy.

4. Data Subject Rights

Data subjects have the right to:

a. Access their personal data.
b. Rectify inaccuracies in their personal data.
c. Erase their personal data.
d. Restrict processing of their personal data.
e. Object to the processing of their personal data.
f. Data portability.

Requests from data subjects will be handled promptly and in accordance with the GDPR.

5. Data Security

Inventive Search will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the encryption of personal data, regular testing of security systems, and employee training on data protection.

6. Data Breach Response

In the event of a data breach, Inventive Search will follow the procedures outlined in our Data Breach Response Plan, including notifying the Information Commissioner's Office (ICO) and affected data subjects where required by law.

7. Data Protection Officer

Inventive Search has appointed a Data Protection Officer (DPO) who is responsible for overseeing data protection compliance. The DPO can be contacted at [DPO's contact details].

8. Training and Awareness

All employees will receive training on data protection and privacy as part of their induction and ongoing development. Inventive Search will promote a culture of data protection awareness throughout the organization.

9. Review and Update

This GDPR policy will be reviewed and updated as necessary to ensure ongoing compliance with data protection laws and best practices.

10. Contact Information

For questions or concerns regarding this GDPR policy, please contact Inventive Search.

Date of Last Revision: December 2023